Struct reading and disassembly script overhaul, various misc. loading fixes, bump to .NET 9 (#13)
* Bump projects to .net 9 and update nugets * add VersionedSerialization + source generator * migrate versioning to StructVersion class, add handling/detection for 29.2/31.2 * add new struct definitions * rename serialization methods and add BinaryObjectStreamReader for interop * Rework metadata struct loading to use new struct versioning * move 29/31.1/.2 to use tags (-2022,-2023) instead of minor versions * fix metadata usage validity checks * rework code registration offsetting a bit and add second 29/31.1 condition * tweak .1 condition (again) * 29/31.2 was a psyop * also remove 29.2 from the readme * remove loading of packed dlls - this was a very unsafe feature * support auto-recovering type indices from type handles fixes loading of memory-dumped v29+ libraries since those replacee their class indices on load with a pointer to the corresponding type * support loading PEs without an export table * also read UnresolvedVirtualCallCount on regular v31 * Disable plugin loading for now * Overhaul disassembler script + add Binary Ninja target (#12) * Overhaul diassembler scripts: - No longer defines top level functions - Split into three classes: StatusHandler (like before), DisassemblerInterface (for interfacing with the used program API), ScriptContext (for definiting general functions that use the disassembler interface) - Add type annotations to all class methods and remove 2.7 compatibility stuff (Ghidra now supports Python 3 so this is unnecessary anymore) - Disassembler backends are now responsible for launching metadata/script processing, to better support disassembler differences - String handling is back in the base ScriptContext class, disassembler interfaces opt into the fake string segment creation and fall back to the old method if it isn't supported * Add Binary Ninja disassembler script backend This uses the new backend-controlled execution to launch metadata processing on a background thread to keep the ui responsive * make binary ninja script use own _BINARYNINJA_ define and add define helpers to header * Update README to account for new script and binary ninja backend * implement fake string segment functions for binary ninja but don't advertise support * also cache API function types in binary ninja backend * fix ida script and disable folders again * Fix metadata usage issues caused by it being a value type now * make TryMapVATR overrideable and implement it for ELFs * Make field offset reading use TryMapVATR to reduce exceptions * Fix NRE in Assembly ctor on < v24.2 * Update actions workflow to produce cross-platform CLI binaries, update readme to reflect .net 9 changes * workflow: only restore packages for projects that are being built * workflow: tweak caching and fix gui compilation * workflow: remove double .zip in CLI artifact name * 29/31.2 don't actually exist, this logic is not needed
This commit is contained in:
Luke
@@ -8,6 +8,8 @@ import ida_nalt
|
||||
import ida_ida
|
||||
import ida_ua
|
||||
import ida_segment
|
||||
import ida_funcs
|
||||
import ida_xref
|
||||
|
||||
try: # 7.7+
|
||||
import ida_srclang
|
||||
@@ -23,206 +25,205 @@ try:
|
||||
except ImportError:
|
||||
FOLDERS_AVAILABLE = False
|
||||
|
||||
cached_genflags = 0
|
||||
skip_make_function = False
|
||||
func_dirtree = None
|
||||
is_32_bit = False
|
||||
fake_segments_base = None
|
||||
|
||||
def script_prologue(status):
|
||||
global cached_genflags, skip_make_function, func_dirtree, is_32_bit, fake_segments_base
|
||||
# Disable autoanalysis
|
||||
cached_genflags = ida_ida.inf_get_genflags()
|
||||
ida_ida.inf_set_genflags(cached_genflags & ~ida_ida.INFFL_AUTO)
|
||||
|
||||
# Unload type libraries we know to cause issues - like the c++ linux one
|
||||
PLATFORMS = ["x86", "x64", "arm", "arm64"]
|
||||
PROBLEMATIC_TYPELIBS = ["gnulnx"]
|
||||
|
||||
for lib in PROBLEMATIC_TYPELIBS:
|
||||
for platform in PLATFORMS:
|
||||
ida_typeinf.del_til(f"{lib}_{platform}")
|
||||
|
||||
# Set name mangling to GCC 3.x and display demangled as default
|
||||
ida_ida.inf_set_demnames(ida_ida.DEMNAM_GCC3 | ida_ida.DEMNAM_NAME)
|
||||
|
||||
status.update_step('Processing Types')
|
||||
|
||||
if IDACLANG_AVAILABLE:
|
||||
header_path = os.path.join(get_script_directory(), "%TYPE_HEADER_RELATIVE_PATH%")
|
||||
ida_srclang.set_parser_argv("clang", "-target x86_64-pc-linux -x c++ -D_IDACLANG_=1") # -target required for 8.3+
|
||||
ida_srclang.parse_decls_with_parser("clang", None, header_path, True)
|
||||
else:
|
||||
original_macros = ida_typeinf.get_c_macros()
|
||||
ida_typeinf.set_c_macros(original_macros + ";_IDA_=1")
|
||||
ida_typeinf.idc_parse_types(os.path.join(get_script_directory(), "%TYPE_HEADER_RELATIVE_PATH%"), ida_typeinf.PT_FILE)
|
||||
ida_typeinf.set_c_macros(original_macros)
|
||||
|
||||
# Skip make_function on Windows GameAssembly.dll files due to them predefining all functions through pdata which makes the method very slow
|
||||
skip_make_function = ida_segment.get_segm_by_name(".pdata") is not None
|
||||
if skip_make_function:
|
||||
print(".pdata section found, skipping function boundaries")
|
||||
|
||||
if FOLDERS_AVAILABLE:
|
||||
func_dirtree = ida_dirtree.get_std_dirtree(ida_dirtree.DIRTREE_FUNCS)
|
||||
|
||||
is_32_bit = ida_ida.inf_is_32bit_exactly()
|
||||
|
||||
def script_epilogue(status):
|
||||
# Reenable auto-analysis
|
||||
global cached_genflags
|
||||
ida_ida.inf_set_genflags(cached_genflags)
|
||||
|
||||
# Utility methods
|
||||
|
||||
def set_name(addr, name):
|
||||
ida_name.set_name(addr, name, ida_name.SN_NOWARN | ida_name.SN_NOCHECK | ida_name.SN_FORCE)
|
||||
|
||||
def make_function(start, end = None):
|
||||
global skip_make_function
|
||||
if skip_make_function:
|
||||
return
|
||||
|
||||
ida_bytes.del_items(start, ida_bytes.DELIT_SIMPLE, 12) # Undefine x bytes which should hopefully be enough for the first instruction
|
||||
ida_ua.create_insn(start) # Create instruction at start
|
||||
if not ida_funcs.add_func(start, end if end is not None else ida_idaapi.BADADDR): # This fails if the function doesn't start with an instruction
|
||||
print(f"failed to mark function {hex(start)}-{hex(end) if end is not None else '???'} as function")
|
||||
|
||||
TYPE_CACHE = {}
|
||||
|
||||
def get_type(typeName):
|
||||
if typeName not in TYPE_CACHE:
|
||||
info = ida_typeinf.idc_parse_decl(None, typeName, ida_typeinf.PT_RAWARGS)
|
||||
if info is None:
|
||||
print(f"Failed to create type {typeName}.")
|
||||
return None
|
||||
|
||||
TYPE_CACHE[typeName] = info[1:]
|
||||
|
||||
return TYPE_CACHE[typeName]
|
||||
#try:
|
||||
# from typing import TYPE_CHECKING
|
||||
# if TYPE_CHECKING:
|
||||
# from ..shared_base import BaseStatusHandler, BaseDisassemblerInterface, ScriptContext
|
||||
# import json
|
||||
# import os
|
||||
# from datetime import datetime
|
||||
#except:
|
||||
# pass
|
||||
|
||||
TINFO_DEFINITE = 0x0001 # These only exist in idc for some reason, so we redefine it here
|
||||
DEFAULT_TIL: "til_t" = None # type: ignore
|
||||
|
||||
def set_type(addr, cppType):
|
||||
cppType += ';'
|
||||
class IDADisassemblerInterface(BaseDisassemblerInterface):
|
||||
supports_fake_string_segment = True
|
||||
|
||||
info = get_type(cppType)
|
||||
if info is None:
|
||||
return
|
||||
_status: BaseStatusHandler
|
||||
|
||||
if ida_typeinf.apply_type(None, info[0], info[1], addr, TINFO_DEFINITE) is None:
|
||||
print(f"set_type({hex(addr)}, {cppType}); failed!")
|
||||
|
||||
def set_function_type(addr, sig):
|
||||
set_type(addr, sig)
|
||||
|
||||
def make_array(addr, numItems, cppType):
|
||||
set_type(addr, cppType)
|
||||
|
||||
flags = ida_bytes.get_flags(addr)
|
||||
if ida_bytes.is_struct(flags):
|
||||
opinfo = ida_nalt.opinfo_t()
|
||||
ida_bytes.get_opcode(opinfo, addr, 0, flags)
|
||||
entrySize = ida_bytes.get_data_elsize(addr, flags, opinfo)
|
||||
tid = opinfo.tid
|
||||
else:
|
||||
entrySize = ida_bytes.get_item_size(addr)
|
||||
tid = ida_idaapi.BADADDR
|
||||
|
||||
ida_bytes.create_data(addr, flags, numItems * entrySize, tid)
|
||||
|
||||
def define_code(code):
|
||||
ida_typeinf.idc_parse_types(code)
|
||||
|
||||
def set_comment(addr, comment, repeatable = True):
|
||||
ida_bytes.set_cmt(addr, comment, repeatable)
|
||||
|
||||
def set_header_comment(addr, comment):
|
||||
func = ida_funcs.get_func(addr)
|
||||
if func is None:
|
||||
return
|
||||
|
||||
ida_funcs.set_func_cmt(func, comment, True)
|
||||
|
||||
def get_script_directory():
|
||||
return os.path.dirname(os.path.realpath(__file__))
|
||||
|
||||
folders = []
|
||||
def add_function_to_group(addr, group):
|
||||
global func_dirtree, folders
|
||||
return
|
||||
|
||||
if not FOLDERS_AVAILABLE:
|
||||
return
|
||||
|
||||
if group not in folders:
|
||||
folders.append(group)
|
||||
func_dirtree.mkdir(group)
|
||||
|
||||
name = ida_funcs.get_func_name(addr)
|
||||
func_dirtree.rename(name, f"{group}/{name}")
|
||||
|
||||
def add_xref(addr, to):
|
||||
ida_xref.add_dref(addr, to, ida_xref.XREF_USER | ida_xref.dr_I)
|
||||
|
||||
def write_string(addr, string):
|
||||
encoded_string = string.encode() + b'\x00'
|
||||
string_length = len(encoded_string)
|
||||
ida_bytes.put_bytes(addr, encoded_string)
|
||||
ida_bytes.create_strlit(addr, string_length, ida_nalt.STRTYPE_C)
|
||||
|
||||
def write_address(addr, value):
|
||||
global is_32_bit
|
||||
|
||||
if is_32_bit:
|
||||
ida_bytes.put_dword(addr, value)
|
||||
else:
|
||||
ida_bytes.put_qword(addr, value)
|
||||
|
||||
def create_fake_segment(name, size):
|
||||
global is_32_bit
|
||||
|
||||
start = ida_ida.inf_get_max_ea()
|
||||
end = start + size
|
||||
|
||||
ida_segment.add_segm(0, start, end, name, "DATA")
|
||||
segment = ida_segment.get_segm_by_name(name)
|
||||
segment.bitness = 1 if is_32_bit else 2
|
||||
segment.perm = ida_segment.SEGPERM_READ
|
||||
segment.update()
|
||||
|
||||
return start
|
||||
|
||||
def process_string_literals(status, data):
|
||||
total_string_length = 0
|
||||
for d in data['stringLiterals']:
|
||||
total_string_length += len(d["string"]) + 1
|
||||
_type_cache: dict
|
||||
_folders: list
|
||||
|
||||
aligned_length = total_string_length + (4096 - (total_string_length % 4096))
|
||||
segment_base = create_fake_segment(".fake_strings", aligned_length)
|
||||
_function_dirtree: "ida_dirtree.dirtree_t"
|
||||
_cached_genflags: int
|
||||
_skip_function_creation: bool
|
||||
_is_32_bit: bool
|
||||
_fake_segments_base: int
|
||||
|
||||
current_string_address = segment_base
|
||||
for d in data['stringLiterals']:
|
||||
define_string(d)
|
||||
def __init__(self, status: BaseStatusHandler):
|
||||
self._status = status
|
||||
|
||||
self._type_cache = {}
|
||||
self._folders = []
|
||||
|
||||
ref_addr = parse_address(d)
|
||||
write_string(current_string_address, d["string"])
|
||||
write_address(ref_addr, current_string_address)
|
||||
set_type(ref_addr, r'const char* const')
|
||||
self._cached_genflags = 0
|
||||
self._skip_function_creation = False
|
||||
self._is_32_bit = False
|
||||
self._fake_segments_base = 0
|
||||
|
||||
current_string_address += len(d["string"]) + 1
|
||||
status.update_progress()
|
||||
def _get_type(self, type: str):
|
||||
if type not in self._type_cache:
|
||||
info = ida_typeinf.idc_parse_decl(DEFAULT_TIL, type, ida_typeinf.PT_RAWARGS)
|
||||
if info is None:
|
||||
print(f"Failed to create type {type}.")
|
||||
return None
|
||||
|
||||
self._type_cache[type] = info[1:]
|
||||
|
||||
return self._type_cache[type]
|
||||
|
||||
def get_script_directory(self) -> str:
|
||||
return os.path.dirname(os.path.realpath(__file__))
|
||||
|
||||
def on_start(self):
|
||||
# Disable autoanalysis
|
||||
self._cached_genflags = ida_ida.inf_get_genflags()
|
||||
ida_ida.inf_set_genflags(self._cached_genflags & ~ida_ida.INFFL_AUTO)
|
||||
|
||||
# Unload type libraries we know to cause issues - like the c++ linux one
|
||||
PLATFORMS = ["x86", "x64", "arm", "arm64"]
|
||||
PROBLEMATIC_TYPELIBS = ["gnulnx"]
|
||||
|
||||
for lib in PROBLEMATIC_TYPELIBS:
|
||||
for platform in PLATFORMS:
|
||||
ida_typeinf.del_til(f"{lib}_{platform}")
|
||||
|
||||
# Set name mangling to GCC 3.x and display demangled as default
|
||||
ida_ida.inf_set_demnames(ida_ida.DEMNAM_GCC3 | ida_ida.DEMNAM_NAME)
|
||||
|
||||
self._status.update_step('Processing Types')
|
||||
|
||||
if IDACLANG_AVAILABLE:
|
||||
header_path = os.path.join(self.get_script_directory(), "%TYPE_HEADER_RELATIVE_PATH%")
|
||||
ida_srclang.set_parser_argv("clang", "-target x86_64-pc-linux -x c++ -D_IDACLANG_=1") # -target required for 8.3+
|
||||
ida_srclang.parse_decls_with_parser("clang", None, header_path, True)
|
||||
else:
|
||||
original_macros = ida_typeinf.get_c_macros()
|
||||
ida_typeinf.set_c_macros(original_macros + ";_IDA_=1")
|
||||
ida_typeinf.idc_parse_types(os.path.join(self.get_script_directory(), "%TYPE_HEADER_RELATIVE_PATH%"), ida_typeinf.PT_FILE)
|
||||
ida_typeinf.set_c_macros(original_macros)
|
||||
|
||||
# Skip make_function on Windows GameAssembly.dll files due to them predefining all functions through pdata which makes the method very slow
|
||||
skip_make_function = ida_segment.get_segm_by_name(".pdata") is not None
|
||||
if skip_make_function:
|
||||
print(".pdata section found, skipping function boundaries")
|
||||
|
||||
if FOLDERS_AVAILABLE:
|
||||
self._function_dirtree = ida_dirtree.get_std_dirtree(ida_dirtree.DIRTREE_FUNCS)
|
||||
|
||||
self._is_32_bit = ida_ida.inf_is_32bit_exactly()
|
||||
|
||||
def on_finish(self):
|
||||
ida_ida.inf_set_genflags(self._cached_genflags)
|
||||
|
||||
def define_function(self, address: int, end: int | None = None):
|
||||
if self._skip_function_creation:
|
||||
return
|
||||
|
||||
ida_bytes.del_items(address, ida_bytes.DELIT_SIMPLE, 12) # Undefine x bytes which should hopefully be enough for the first instruction
|
||||
ida_ua.create_insn(address) # Create instruction at start
|
||||
if not ida_funcs.add_func(address, end if end is not None else ida_idaapi.BADADDR): # This fails if the function doesn't start with an instruction
|
||||
print(f"failed to mark function {hex(address)}-{hex(end) if end is not None else '???'} as function")
|
||||
|
||||
def define_data_array(self, address: int, type: str, count: int):
|
||||
self.set_data_type(address, type)
|
||||
|
||||
flags = ida_bytes.get_flags(address)
|
||||
if ida_bytes.is_struct(flags):
|
||||
opinfo = ida_nalt.opinfo_t()
|
||||
ida_bytes.get_opinfo(opinfo, address, 0, flags)
|
||||
entrySize = ida_bytes.get_data_elsize(address, flags, opinfo)
|
||||
tid = opinfo.tid
|
||||
else:
|
||||
entrySize = ida_bytes.get_item_size(address)
|
||||
tid = ida_idaapi.BADADDR
|
||||
|
||||
ida_bytes.create_data(address, flags, count * entrySize, tid)
|
||||
|
||||
def set_data_type(self, address: int, type: str):
|
||||
type += ';'
|
||||
|
||||
info = self._get_type(type)
|
||||
if info is None:
|
||||
return
|
||||
|
||||
if ida_typeinf.apply_type(DEFAULT_TIL, info[0], info[1], address, TINFO_DEFINITE) is None:
|
||||
print(f"set_type({hex(address)}, {type}); failed!")
|
||||
|
||||
def set_function_type(self, address: int, type: str):
|
||||
self.set_data_type(address, type)
|
||||
|
||||
def set_data_comment(self, address: int, cmt: str):
|
||||
ida_bytes.set_cmt(address, cmt, False)
|
||||
|
||||
def set_function_comment(self, address: int, cmt: str):
|
||||
func = ida_funcs.get_func(address)
|
||||
if func is None:
|
||||
return
|
||||
|
||||
ida_funcs.set_func_cmt(func, cmt, True)
|
||||
|
||||
def set_data_name(self, address: int, name: str):
|
||||
ida_name.set_name(address, name, ida_name.SN_NOWARN | ida_name.SN_NOCHECK | ida_name.SN_FORCE)
|
||||
|
||||
def set_function_name(self, address: int, name: str):
|
||||
self.set_data_name(address, name)
|
||||
|
||||
def add_cross_reference(self, from_address: int, to_address: int):
|
||||
ida_xref.add_dref(from_address, to_address, ida_xref.XREF_USER | ida_xref.dr_I)
|
||||
|
||||
def import_c_typedef(self, type_def: str):
|
||||
ida_typeinf.idc_parse_types(type_def, 0)
|
||||
|
||||
# optional
|
||||
def add_function_to_group(self, address: int, group: str):
|
||||
if not FOLDERS_AVAILABLE or True: # enable at your own risk - this is slow
|
||||
return
|
||||
|
||||
if group not in self._folders:
|
||||
self._folders.append(group)
|
||||
self._function_dirtree.mkdir(group)
|
||||
|
||||
name = ida_funcs.get_func_name(address)
|
||||
self._function_dirtree.rename(name, f"{group}/{name}")
|
||||
|
||||
# only required if supports_fake_string_segment == True
|
||||
def create_fake_segment(self, name: str, size: int) -> int:
|
||||
start = ida_ida.inf_get_max_ea()
|
||||
end = start + size
|
||||
|
||||
ida_segment.add_segm(0, start, end, name, "DATA")
|
||||
segment = ida_segment.get_segm_by_name(name)
|
||||
segment.bitness = 1 if self._is_32_bit else 2
|
||||
segment.perm = ida_segment.SEGPERM_READ
|
||||
segment.update()
|
||||
|
||||
return start
|
||||
|
||||
def write_string(self, address: int, value: str):
|
||||
encoded_string = value.encode() + b'\x00'
|
||||
string_length = len(encoded_string)
|
||||
ida_bytes.put_bytes(address, encoded_string)
|
||||
ida_bytes.create_strlit(address, string_length, ida_nalt.STRTYPE_C)
|
||||
|
||||
def write_address(self, address: int, value: int):
|
||||
if self._is_32_bit:
|
||||
ida_bytes.put_dword(address, value)
|
||||
else:
|
||||
ida_bytes.put_qword(address, value)
|
||||
|
||||
# Status handler
|
||||
|
||||
class StatusHandler(BaseStatusHandler):
|
||||
class IDAStatusHandler(BaseStatusHandler):
|
||||
def __init__(self):
|
||||
self.step = "Initializing"
|
||||
self.max_items = 0
|
||||
self.current_items = 0
|
||||
self.start_time = datetime.datetime.now()
|
||||
self.start_time = datetime.now()
|
||||
self.step_start_time = self.start_time
|
||||
self.last_updated_time = datetime.datetime.min
|
||||
self.last_updated_time = datetime.min
|
||||
|
||||
def initialize(self):
|
||||
ida_kernwin.show_wait_box("Processing")
|
||||
@@ -231,7 +232,7 @@ class StatusHandler(BaseStatusHandler):
|
||||
if self.was_cancelled():
|
||||
raise RuntimeError("Cancelled script.")
|
||||
|
||||
current_time = datetime.datetime.now()
|
||||
current_time = datetime.now()
|
||||
if 0.5 > (current_time - self.last_updated_time).total_seconds():
|
||||
return
|
||||
|
||||
@@ -254,8 +255,8 @@ Elapsed: {step_time} ({total_time})
|
||||
self.step = step
|
||||
self.max_items = max_items
|
||||
self.current_items = 0
|
||||
self.step_start_time = datetime.datetime.now()
|
||||
self.last_updated_time = datetime.datetime.min
|
||||
self.step_start_time = datetime.now()
|
||||
self.last_updated_time = datetime.min
|
||||
self.update()
|
||||
|
||||
def update_progress(self, new_progress = 1):
|
||||
@@ -265,5 +266,10 @@ Elapsed: {step_time} ({total_time})
|
||||
def was_cancelled(self):
|
||||
return ida_kernwin.user_cancelled()
|
||||
|
||||
def close(self):
|
||||
ida_kernwin.hide_wait_box()
|
||||
def shutdown(self):
|
||||
ida_kernwin.hide_wait_box()
|
||||
|
||||
status = IDAStatusHandler()
|
||||
backend = IDADisassemblerInterface(status)
|
||||
context = ScriptContext(backend, status)
|
||||
context.process()
|
||||
Reference in New Issue
Block a user