diff options
| author | van Hauser <vh@thc.org> | 2020-05-06 00:58:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-06 00:58:13 +0200 |
| commit | df5215783414ddda7d9f371ccef5acb2235f66d0 (patch) | |
| tree | 52ca748f7a90c9deb09d9380c19f8220f0f45105 /examples/afl_untracer/ida_get_patchpoints.py | |
| parent | c7de368dc20078116bcb2e34b0f2237127802841 (diff) | |
| parent | a13958b32b6a1d8cba6f82b0d1ad03801721e3ef (diff) | |
| download | afl++-df5215783414ddda7d9f371ccef5acb2235f66d0.tar.gz | |
Merge pull request #352 from AFLplusplus/dev
Pull to master because of crash in string compare transform
Diffstat (limited to 'examples/afl_untracer/ida_get_patchpoints.py')
| -rw-r--r-- | examples/afl_untracer/ida_get_patchpoints.py | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/examples/afl_untracer/ida_get_patchpoints.py b/examples/afl_untracer/ida_get_patchpoints.py new file mode 100644 index 00000000..c7e8f899 --- /dev/null +++ b/examples/afl_untracer/ida_get_patchpoints.py @@ -0,0 +1,59 @@ +# +# IDAPython script for IDA Pro +# Slightly modified from https://github.com/googleprojectzero/p0tools/blob/master/TrapFuzz/findPatchPoints.py +# + +import idautils +import idaapi +import ida_nalt +import idc + +# See https://www.hex-rays.com/products/ida/support/ida74_idapython_no_bc695_porting_guide.shtml + +from os.path import expanduser +home = expanduser("~") + +patchpoints = set() + +max_offset = 0 +for seg_ea in idautils.Segments(): + name = idc.get_segm_name(seg_ea) + #print("Segment: " + name) + if name != "__text" and name != ".text": + continue + + start = idc.get_segm_start(seg_ea) + end = idc.get_segm_end(seg_ea) + first = 0 + subtract_addr = 0 + #print("Start: " + hex(start) + " End: " + hex(end)) + for func_ea in idautils.Functions(start, end): + f = idaapi.get_func(func_ea) + if not f: + continue + for block in idaapi.FlowChart(f): + if start <= block.start_ea < end: + if first == 0: + if block.start_ea >= 0x1000: + subtract_addr = 0x1000 + first = 1 + + max_offset = max(max_offset, block.start_ea) + patchpoints.add(block.start_ea - subtract_addr) + #else: + # print("Warning: broken CFG?") + +# Round up max_offset to page size +size = max_offset +rem = size % 0x1000 +if rem != 0: + size += 0x1000 - rem + +print("Writing to " + home + "/Desktop/patches.txt") + +with open(home + "/Desktop/patches.txt", "w") as f: + f.write(ida_nalt.get_root_filename() + ':' + hex(size) + '\n') + f.write('\n'.join(map(hex, sorted(patchpoints)))) + f.write('\n') + +print("Done, found {} patchpoints".format(len(patchpoints))) |