Python: Allow creation of typed arrays in IDA and Ghidra

2020-09-06 05:23:28 +02:00
parent 658896f6d6
commit e341f8886b
3 changed files with 29 additions and 4 deletions
--- a/Il2CppInspector.Common/Outputs/ScriptResources/Targets/Ghidra.py
+++ b/Il2CppInspector.Common/Outputs/ScriptResources/Targets/Ghidra.py
@@ -2,6 +2,7 @@
 from ghidra.app.cmd.function import ApplyFunctionSignatureCmd
 from ghidra.app.script import GhidraScriptUtil
 from ghidra.app.util.cparser.C import CParserUtils
+from ghidra.program.model.data import ArrayDataType
 from ghidra.program.model.symbol import SourceType

 def SetName(addr, name):
@@ -21,6 +22,16 @@ def MakeFunction(start, name=None):
 	if name is not None:
 		setPlateComment(addr, name)

+def MakeArray(addr, numItems, cppType):
+	if cppType.startswith('struct '):
+		cppType = cppType[7:]
+	
+	t = getDataTypes(cppType)[0]
+	a = ArrayDataType(t, numItems, t.getLength())
+	addr = toAddr(addr)
+	removeDataAt(addr)
+	createData(addr, a)
+
 def DefineCode(code):
 	# Code declarations are not supported in Ghidra
 	# This only affects string literals for metadata version < 19
@@ -32,11 +43,11 @@ def SetFunctionType(addr, sig):
 	typeSig = CParserUtils.parseSignature(None, currentProgram, sig)
 	ApplyFunctionSignatureCmd(toAddr(addr), typeSig, SourceType.USER_DEFINED, False, True).applyTo(currentProgram)

-def SetType(addr, type):
-	if type.startswith('struct '):
-		type = type[7:]
+def SetType(addr, cppType):
+	if cppType.startswith('struct '):
+		cppType = cppType[7:]
 	
-	t = getDataTypes(type)[0]
+	t = getDataTypes(cppType)[0]
 	addr = toAddr(addr)
 	removeDataAt(addr)
 	createData(addr, t)
--- a/Il2CppInspector.Common/Outputs/ScriptResources/Targets/IDA.py
+++ b/Il2CppInspector.Common/Outputs/ScriptResources/Targets/IDA.py
@@ -10,6 +10,10 @@ def SetName(addr, name):
 def MakeFunction(start):
  ida_funcs.add_func(start)

+def MakeArray(addr, numItems, cppType):
+	SetType(addr, cppType)
+	idc.make_array(addr, numItems)
+
 def DefineCode(code):
 	idc.parse_decls(code)

--- a/Il2CppInspector.Common/Outputs/ScriptResources/shared-main.py
+++ b/Il2CppInspector.Common/Outputs/ScriptResources/shared-main.py
@@ -38,6 +38,11 @@ def DefineField(addr, name, type, ilType = None):
 	if (ilType is not None):
 		SetComment(addr, AsUTF8(ilType))

+def DefineArray(jsonDef):
+	addr = ParseAddress(jsonDef)
+	MakeArray(addr, int(jsonDef['count']), AsUTF8(jsonDef['type']))
+	SetName(addr, AsUTF8(jsonDef['name']))
+
 # Process JSON
 def ProcessJSON(jsonData):

@@ -105,6 +110,11 @@ def ProcessJSON(jsonData):
 	for d in jsonData['functionMetadata']:
 		DefineCppFunction(d)

+	# IL2CPP array metadata
+	print('Processing IL2CPP array metadata')
+	for d in jsonData['arrayMetadata']:
+		DefineArray(d)
+
 	# IL2CPP API functions
 	print('Processing IL2CPP API functions')
 	for d in jsonData['apis']: