blob: 807685b3ca46916cb3a37406eba1e05e169ab7e2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
#
# IDAPython script for IDA Pro
# Slightly modified from https://github.com/googleprojectzero/p0tools/blob/master/TrapFuzz/findPatchPoints.py
#
import idautils
import idaapi
import ida_nalt
import idc
# See https://www.hex-rays.com/products/ida/support/ida74_idapython_no_bc695_porting_guide.shtml
from os.path import expanduser
home = expanduser("~")
patchpoints = set()
max_offset = 0
for seg_ea in idautils.Segments():
name = idc.get_segm_name(seg_ea)
# print("Segment: " + name)
if name != "__text" and name != ".text":
continue
start = idc.get_segm_start(seg_ea)
end = idc.get_segm_end(seg_ea)
first = 0
subtract_addr = 0
# print("Start: " + hex(start) + " End: " + hex(end))
for func_ea in idautils.Functions(start, end):
f = idaapi.get_func(func_ea)
if not f:
continue
for block in idaapi.FlowChart(f):
if start <= block.start_ea < end:
if first == 0:
if block.start_ea >= 0x1000:
subtract_addr = 0x1000
first = 1
max_offset = max(max_offset, block.start_ea)
patchpoints.add(block.start_ea - subtract_addr)
# else:
# print("Warning: broken CFG?")
# Round up max_offset to page size
size = max_offset
rem = size % 0x1000
if rem != 0:
size += 0x1000 - rem
print("Writing to " + home + "/Desktop/patches.txt")
with open(home + "/Desktop/patches.txt", "w") as f:
f.write(ida_nalt.get_root_filename() + ":" + hex(size) + "\n")
f.write("\n".join(map(hex, sorted(patchpoints))))
f.write("\n")
print("Done, found {} patchpoints".format(len(patchpoints)))
# For headless script running remove the comment from the next line
# ida_pro.qexit()
|
