我们从Python开源项目中,提取了以下6个代码示例,用于说明如何使用idaapi.scPub()。
def map_exports(exports, verbose=True): """ gets an array of [(vaddress, name),..] and writes it to db""" if verbose: print "[+] going for %d exports" % (len(exports)) for addr, export_name in exports: print "[+] creating export", export_name # check that there are no existing segments in that address if idc.SegStart(addr) == idc.BADADDR: print "[+] creating seg: 0x%08X: %d" % (addr, 4) idc.AddSegEx(addr, addr + 4, 0, 0, idaapi.saRelPara, idaapi.scPub, idc.ADDSEG_FILLGAP) elif verbose: print "[!] Skipping creation of existing segment.." # set it as execuable idc.SetSegmentAttr(addr, idc.SEGATTR_PERM, SEGPERM_EXEC) if verbose: print "[+] making name: %s" % (export_name) make_name(addr, export_name)
def main(argv=None): if argv is None: argv = sys.argv[:] try: seg = prompt_for_segment() except BadInputError: logger.error('bad input, exiting...') return -1 with open(seg.path, 'rb') as f: buf = f.read() seglen = len(buf) if seglen % 0x1000 != 0: seglen = seglen + (0x1000 - (seglen % 0x1000)) if not idc.AddSeg(seg.addr, seg.addr + seglen, 0, 1, 0, idaapi.scPub): logger.error('failed to add segment: 0x%x', seg.addr) return -1 if not idc.RenameSeg(seg.addr, seg.name): logger.warning('failed to rename segment: %s', seg.name) if not idc.SetSegClass(seg.addr, 'CODE'): logger.warning('failed to set segment class CODE: %s', seg.name) if not idc.SegAlign(seg.addr, idc.saRelPara): logger.warning('failed to align segment: %s', seg.name) idaapi.patch_many_bytes(seg.addr, buf)
def map_segments(segments, dsc_file, verbose=True): for segaddr, segsize, segdata in segments: print "[+] creating seg: 0x%08X: %d" % (segaddr, segsize) # check that there are no existing segments in that address if idc.SegStart(segaddr) == idc.BADADDR: idc.AddSegEx(segaddr, segaddr + segsize, 0, 0, idaapi.saRelPara, idaapi.scPub, idc.ADDSEG_FILLGAP) # set it as read-only idc.SetSegmentAttr(segaddr, idc.SEGATTR_PERM, SEGPERM_READ) else: print "[!] Skipping creation of existing segment.." # after mapping the segment, write the data to the db. try: for addr, size, macho_offset in segdata: dsc_file.seek(macho_offset) memcpy(addr, dsc_file.read(size)) if verbose: print "0x%X, 0x%06X, 0x%06X: %s" % (addr, size, macho_offset, dsc_file.read(size)) except Exception: print segdata raise
def readToSegment(li, src, size, target, name): li.seek(src) data = li.read(size) idaapi.mem2base(data, target) AddSeg(target,target + size,0,1,idaapi.saRelWord, idaapi.scPub) RenameSeg(target, name) # -----------------------------------------------------------------------
def new(offset, size, name, **kwds): """Create a segment at ``offset`` with ``size`` and name it according to ``name``. ``bits`` can be used to specify the bit size of the segment ``comb`` can be used to specify any flags (idaapi.sc*) ``align`` can be used to specify paragraph alignment (idaapi.sa*) ``org`` specifies the origin of the segment (must be paragraph aligned due to ida) """ s = idaapi.get_segm_by_name(name) if s is not None: logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : a segment with the specified name already exists : {:s}".format(__name__, offset, size, name, kwds, name)) return None bits = kwds.get( 'bits', 32 if idaapi.getseg(offset) is None else idaapi.getseg(offset).abits()) # FIXME: use disassembler default bit length instead of 32 if bits == 16: ## create a selector with the requested origin org = kwds.get('org',0) if org&0xf > 0: logging.fatal("{:s}.new({:x}, {:x}, {!r}, {!r}) : origin (.org) is not aligned to the size of a paragraph (0x10) : {:x}".format(__name__, offset, size, name, kwds, org)) return None para = offset/16 sel = idaapi.allocate_selector(para) idaapi.set_selector(sel, (para-kwds.get('org',0)/16)&0xffffffff) else: ## auto-create a selector for everything else sel = idaapi.setup_selector(kwds['selector']) if 'selector' in kwds else idaapi.find_free_selector() # create segment. ripped from idc s = idaapi.segment_t() s.startEA = offset s.endEA = offset+size s.sel = sel s.bitness = {16:0,32:1,64:2}[bits] s.comb = kwds.get('comb', idaapi.scPub) # public s.align = kwds.get('align', idaapi.saRelByte) # paragraphs res = idaapi.add_segm_ex(s, name, "", idaapi.ADDSEG_NOSREG|idaapi.ADDSEG_SPARSE) if res == 0: logging.warn("{:s}.new({:x}, {:x}, {!r}, {!r}) : unable to add a new segment".format(__name__, offset, size, name, kwds)) res = idaapi.del_selector(sel) #assert res != 0 return None return s
def map_shared_bridges(dsc_file, adrfind): """ finds branch islands in a given dyld_shared_cache file, maps them to IDA's db and extract its addresses """ dsc_file.seek(0, 2) filesize = dsc_file.tell() dsc_file.seek(0) ACCESS_READ = 1 a = mmap.mmap(dsc_file.fileno(), length=filesize, access=ACCESS_READ) reexp = re.compile("\xcf\xfa\xed\xfe.{340,360}dyld_shared_cache_branch_islands") print "[+] scanning dsc for BRANCH ISLANDS" # this list will hold all our branch_islands segments branch_islands_segments = [] jmp_to_code = collections.defaultdict(list) for ma in reexp.finditer(a): print "[+] WRITING BRANCH ISLAND: 0x%08X" % (ma.start()) fif = FileInFile(dsc_file, ma.start()) m = MachO_patched(fif) if _IN_IDA: for seg in m.segments: for sec in seg.sections: idc.AddSegEx(sec.addr, sec.addr + sec.size, 0, 0, idaapi.saRelPara, idaapi.scPub, idc.ADDSEG_FILLGAP) name = "branch_islands_%X%s%s" % (ma.start(), seg.segname, sec.sectname) idc.RenameSeg(sec.addr, name) idc.SetSegClass(sec.addr, "CODE") idc.SetSegAddressing(sec.addr, 2) dsc_file.seek(sec.offset) memcpy(sec.addr, dsc_file.read(sec.size)) branch_islands_segments.append(sec.addr) # make code codeea = sec.addr print "Going through the code!" while codeea < (sec.addr + sec.size): res = idc.MakeCode(codeea) if not res: print "[!] EA:0x%X ERR while making code" % codeea codeea += 4 continue d = idc.GetDisasm(codeea) # if it's a "B 0x4dd13550" if d.startswith("B "): addr = d.split()[1] if addr.startswith("0x"): branchaddr = int(addr, 16) jmp_to_code[branchaddr].append(codeea) # idc.MakeRptCmt(codeea, "0x%X was taken!" % branchaddr) codeea = idc.FindUnexplored(codeea, idc.SEARCH_DOWN) label_and_fix_branch_islands(dsc_file, adrfind, jmp_to_code)
