sysopfb/Gopclntab.py

## Gopclntab.py
import idc
import idautils
import idaapi
import ida_bytes
import ida_funcs
import ida_search
import ida_segment
import Utils

info = idaapi.get_inf_structure()
try:
    is_be = info.is_be()
except:
    is_be = info.mf

lookup = "FF FF FF FB 00 00" if is_be else "FB FF FF FF 00 00"

ver116 = False
go116magic = "FF FF FF FA 00 00" if is_be else "FA FF FF FF 00 00"

def check_is_gopclntab(addr):
    ptr = Utils.get_bitness(addr)
    first_entry = ptr.ptr(addr+8+ptr.size)
    first_entry_off = ptr.ptr(addr+8+ptr.size*2)
    addr_func = addr+first_entry_off
    func_loc = ptr.ptr(addr_func)
    if func_loc == first_entry:
        return True
    return False

def check_is_gopclntab116(addr):
    if idc.Byte(addr+4) == 0:
		if idc.Byte(addr+5) == 0:
			#quantum
			if (idc.Byte(addr+6) == 0x1 or idc.Byte(addr+6) == 0x2 or idc.Byte(addr+6) == 0x4):
				#pointer size
				if (idc.Byte(addr+7) == 0x4 or (idc.Byte(addr+7) == 0x8)):
					return True
    return False


def findGoPcLn():
    global ver116
    possible_loc = ida_search.find_binary(0, idc.BADADDR, lookup, 16, idc.SEARCH_DOWN) #header of gopclntab
    while possible_loc != idc.BADADDR:
        if check_is_gopclntab(possible_loc):
            return possible_loc
        else:
            #keep searching till we reach end of binary
            possible_loc = ida_search.find_binary(possible_loc+1, idc.BADADDR, lookup, 16, idc.SEARCH_DOWN)

    possible_loc = ida_search.find_binary(0, idc.BADADDR, go116magic, 16, idc.SEARCH_DOWN) #header of gopclntab
    while possible_loc != idc.BADADDR:
        if check_is_gopclntab116(possible_loc):
            ver116 = True
            return possible_loc
        else:
            #keep searching till we reach end of binary
            possible_loc = ida_search.find_binary(possible_loc+1, idc.BADADDR, go116magic, 16, idc.SEARCH_DOWN)
    return None


def parse_pclntab(addr):
    ptr = Utils.get_bitness(addr)
    base = addr
    pos = base + 8
    nfunctab = ptr.ptr(pos)
    nfiltab = ptr.ptr(pos+ptr.size)
    offset = ptr.ptr(pos+2*ptr.size)
    funcnametab = base+offset
    offset = ptr.ptr(pos+3*ptr.size)
    cutab = base+offset
    offset = ptr.ptr(pos+4*ptr.size)
    filetab = base+offset
    offset = ptr.ptr(pos+5*ptr.size)
    pctab = base+offset
    offset = ptr.ptr(pos+6*ptr.size)
    funcdata = base+offset
    functab = base+offset
    functabsize = nfunctab * 2 * ptr.size * ptr.size
    return((funcnametab, cutab, filetab, pctab, funcdata, functab, functabsize))

def rename(beg, ptr, make_funcs = True):
    if ver116:
        (funcnametab,cutab,filetab,pctab,funcdata,functab,functabsize) = parse_pclntab(beg)
        for i in range(functabsize/ptr.size/2):
            try:
                entry = ptr.ptr(functab+((2*i)*ptr.size))
                end = ptr.ptr(functab+((2*i+2)*ptr.size))
                temp = ptr.ptr(functab+((2*i+1)*ptr.size))
                info = funcdata+temp
                name = idc.GetString(funcnametab+ptr.ptr(info+ptr.size))
                if make_funcs == True:
			        idc.MakeUnknown(entry, 1, idc.DOUNK_SIMPLE)
			        idc.MakeFunction(entry)
                if name != None:
                    name = Utils.relaxName(name)
                    Utils.rename(entry,name)
            except:
			    pass
    else:
        base = beg
        pos = beg + 8 #skip header
        size = ptr.ptr(pos)
        pos += ptr.size
        end = pos + (size * ptr.size * 2)
        print "%x" % end
        while pos < end:
            offset = ptr.ptr(pos + ptr.size)
            ptr.maker(pos)         #in order to get xrefs
            ptr.maker(pos+ptr.size)
            pos += ptr.size * 2
            ptr.maker(base+offset)
            func_addr = ptr.ptr(base+offset)
            if make_funcs == True:
                ida_bytes.del_items(func_addr, 1, ida_bytes.DELIT_SIMPLE)
                ida_funcs.add_func(func_addr)
            name_offset = idc.get_wide_dword(base+offset+ptr.size)
            name = idc.get_strlit_contents(base + name_offset)
            name = Utils.relaxName(name)
            Utils.rename(func_addr, name)
	import idc
	import idautils
	import idaapi
	import ida_bytes
	import ida_funcs
	import ida_search
	import ida_segment
	import Utils

	info = idaapi.get_inf_structure()
	try:
	is_be = info.is_be()
	except:
	is_be = info.mf

	lookup = "FF FF FF FB 00 00" if is_be else "FB FF FF FF 00 00"

	ver116 = False
	go116magic = "FF FF FF FA 00 00" if is_be else "FA FF FF FF 00 00"

	def check_is_gopclntab(addr):
	ptr = Utils.get_bitness(addr)
	first_entry = ptr.ptr(addr+8+ptr.size)
	first_entry_off = ptr.ptr(addr+8+ptr.size*2)
	addr_func = addr+first_entry_off
	func_loc = ptr.ptr(addr_func)
	if func_loc == first_entry:
	return True
	return False

	def check_is_gopclntab116(addr):
	if idc.Byte(addr+4) == 0:
	if idc.Byte(addr+5) == 0:
	#quantum
	if (idc.Byte(addr+6) == 0x1 or idc.Byte(addr+6) == 0x2 or idc.Byte(addr+6) == 0x4):
	#pointer size
	if (idc.Byte(addr+7) == 0x4 or (idc.Byte(addr+7) == 0x8)):
	return True
	return False


	def findGoPcLn():
	global ver116
	possible_loc = ida_search.find_binary(0, idc.BADADDR, lookup, 16, idc.SEARCH_DOWN) #header of gopclntab
	while possible_loc != idc.BADADDR:
	if check_is_gopclntab(possible_loc):
	return possible_loc
	else:
	#keep searching till we reach end of binary
	possible_loc = ida_search.find_binary(possible_loc+1, idc.BADADDR, lookup, 16, idc.SEARCH_DOWN)

	possible_loc = ida_search.find_binary(0, idc.BADADDR, go116magic, 16, idc.SEARCH_DOWN) #header of gopclntab
	while possible_loc != idc.BADADDR:
	if check_is_gopclntab116(possible_loc):
	ver116 = True
	return possible_loc
	else:
	#keep searching till we reach end of binary
	possible_loc = ida_search.find_binary(possible_loc+1, idc.BADADDR, go116magic, 16, idc.SEARCH_DOWN)
	return None


	def parse_pclntab(addr):
	ptr = Utils.get_bitness(addr)
	base = addr
	pos = base + 8
	nfunctab = ptr.ptr(pos)
	nfiltab = ptr.ptr(pos+ptr.size)
	offset = ptr.ptr(pos+2*ptr.size)
	funcnametab = base+offset
	offset = ptr.ptr(pos+3*ptr.size)
	cutab = base+offset
	offset = ptr.ptr(pos+4*ptr.size)
	filetab = base+offset
	offset = ptr.ptr(pos+5*ptr.size)
	pctab = base+offset
	offset = ptr.ptr(pos+6*ptr.size)
	funcdata = base+offset
	functab = base+offset
	functabsize = nfunctab * 2 * ptr.size * ptr.size
	return((funcnametab, cutab, filetab, pctab, funcdata, functab, functabsize))

	def rename(beg, ptr, make_funcs = True):
	if ver116:
	(funcnametab,cutab,filetab,pctab,funcdata,functab,functabsize) = parse_pclntab(beg)
	for i in range(functabsize/ptr.size/2):
	try:
	entry = ptr.ptr(functab+((2i)ptr.size))
	end = ptr.ptr(functab+((2i+2)ptr.size))
	temp = ptr.ptr(functab+((2i+1)ptr.size))
	info = funcdata+temp
	name = idc.GetString(funcnametab+ptr.ptr(info+ptr.size))
	if make_funcs == True:
	idc.MakeUnknown(entry, 1, idc.DOUNK_SIMPLE)
	idc.MakeFunction(entry)
	if name != None:
	name = Utils.relaxName(name)
	Utils.rename(entry,name)
	except:
	pass
	else:
	base = beg
	pos = beg + 8 #skip header
	size = ptr.ptr(pos)
	pos += ptr.size
	end = pos + (size * ptr.size * 2)
	print "%x" % end
	while pos < end:
	offset = ptr.ptr(pos + ptr.size)
	ptr.maker(pos) #in order to get xrefs
	ptr.maker(pos+ptr.size)
	pos += ptr.size * 2
	ptr.maker(base+offset)
	func_addr = ptr.ptr(base+offset)
	if make_funcs == True:
	ida_bytes.del_items(func_addr, 1, ida_bytes.DELIT_SIMPLE)
	ida_funcs.add_func(func_addr)
	name_offset = idc.get_wide_dword(base+offset+ptr.size)
	name = idc.get_strlit_contents(base + name_offset)
	name = Utils.relaxName(name)
	Utils.rename(func_addr, name)