aboutsummaryrefslogtreecommitdiff
path: root/SystemCalls.py
diff options
context:
space:
mode:
Diffstat (limited to 'SystemCalls.py')
-rw-r--r--SystemCalls.py138
1 files changed, 69 insertions, 69 deletions
diff --git a/SystemCalls.py b/SystemCalls.py
index f47caf0..d1388a3 100644
--- a/SystemCalls.py
+++ b/SystemCalls.py
@@ -5,7 +5,7 @@
The system call ABI from the following link are supported.
http://esec-lab.sogeti.com/post/2011/07/05/Linux-syscall-ABI
-
+
by n0p
"""
@@ -27,20 +27,14 @@ import ida_segment
from SystemCalls_constants import *
-
class SystemCallView(Choose2):
def __init__(self, systemCalls):
self.systemCalls = systemCalls
- Choose2.__init__(self,
- "System call",
- [ ["Address", 13],
- ["Type", 10],
- ["Number", 10],
- ["Name", 20],
- ["Pointer Size", 12] ])
+ Choose2.__init__(self, 'System call', [['Address', 13], ['Type', 10], [
+ 'Number', 10], ['Name', 20], ['Pointer Size', 12]])
self.items = list()
@@ -59,7 +53,8 @@ class SystemCallView(Choose2):
self.systemCalls.searchSystemCalls()
end = time.time()
- print ("[*] It took {} seconds to discover the system calls.".format(end-start))
+ print ('[*] It took {} seconds to discover the system calls.' %
+ (end - start))
self.items = list()
@@ -67,44 +62,41 @@ class SystemCallView(Choose2):
if len(self.systemCalls.x86) != 0:
for faddr in self.systemCalls.x86.iterkeys():
- calls = self.systemCalls.getSystemCallNumber(self.systemCalls.x86[faddr], x86SystemCalls)
+ calls = self.systemCalls.getSystemCallNumber(
+ self.systemCalls.x86[faddr], x86SystemCalls)
for call in calls:
try:
- self.items.append(["0x%08X" % call[0],
- systemCallTypes[call[1]],
- "0x%03X" % int(call[2]),
- x86SystemCalls[int(call[2])],
- "32bit"])
+ self.items.append(
+ ['0x%08X' % call[0], systemCallTypes[call[1]],
+ '0x%03X' % int(call[2]),
+ x86SystemCalls[int(call[2])], '32bit'])
except:
# No hex system call number found.
- self.items.append(["0x%08X" % call[0],
- systemCallTypes[call[1]],
- str(call[2]),
- "",
- "32bit"])
+ self.items.append(
+ ['0x%08X' % call[0], systemCallTypes[
+ call[1]], str(call[2]), '', '32bit'])
if len(self.systemCalls.x86_64) != 0:
for faddr in self.systemCalls.x86_64.iterkeys():
- calls = self.systemCalls.getSystemCallNumber(self.systemCalls.x86_64[faddr], x86_64SystemCalls)
+ calls = self.systemCalls.getSystemCallNumber(
+ self.systemCalls.x86_64[faddr], x86_64SystemCalls)
for call in calls:
try:
- self.items.append(["0x%08X" % call[0],
- systemCallTypes[call[1]],
- "0x%03X" % int(call[2]),
- x86_64SystemCalls[int(call[2])],
- "64bit"])
+ self.items.append(
+ ['0x%08X' % call[0], systemCallTypes[call[1]],
+ '0x%03X' % int(call[2]),
+ x86_64SystemCalls[int(call[2])], '64bit'])
except:
# No hex system call number found.
- self.items.append(["0x%08X" % call[0],
- systemCallTypes[call[1]],
- str(call[2]),
- "",
- "64bit"])
+ self.items.append(
+ ['0x%08X' % call[0], systemCallTypes[
+ call[1]], str(call[2]), '', '64bit'])
end = time.time()
- print ("[*] It took {} seconds to analyze the system calls.".format(end-start))
+ print ('[*] It took {} seconds to analyze the system calls.' %
+ (end - start))
- self.items.sort(key=lambda tup:tup[0])
+ self.items.sort(key=lambda tup: tup[0])
def OnClose(self):
pass
@@ -112,7 +104,7 @@ class SystemCallView(Choose2):
def OnCommand(self, n, cmd_id):
if cmd_id == self.cmd_nop:
start_ea = int(self.items[n][0], 16)
- end_ea = start_ea+ItemSize(start_ea)
+ end_ea = start_ea + ItemSize(start_ea)
self.nop_items.append(self.items[n][0])
@@ -123,7 +115,7 @@ class SystemCallView(Choose2):
if not len(self.items) > 0:
return -1
- if self.items[n][3] == "":
+ if self.items[n][3] == '':
# No system call number found => display red icon.
return 59
else:
@@ -152,12 +144,12 @@ class SystemCallView(Choose2):
self.initialized = True
self.__fillView()
- if self.Show() < 0: return False
+ if self.Show() < 0:
+ return False
- if self.cmd_nop == None:
- self.cmd_nop = self.AddCommand("NOP system call",
- flags = idaapi.CHOOSER_POPUP_MENU,
- icon=50)
+ if self.cmd_nop is None:
+ self.cmd_nop = self.AddCommand(
+ 'NOP system call', flags=idaapi.CHOOSER_POPUP_MENU, icon=50)
return True
@@ -185,11 +177,14 @@ class SystemCall():
def __init__(self):
# Init miasm stuff.
- if guess_machine != None:
+ if guess_machine is not None:
self.machine = guess_machine()
- self.mn, self.dis_engine, self.ira = self.machine.mn, self.machine.dis_engine, self.machine.ira
+ self.mn = self.machine.mn
+ self.dis_engine = self.machine.dis_engine
+ self.ira = self.machine.ira
- self.mdis = self.dis_engine(bin_stream_ida(), dont_dis_nulstart_bloc=True)
+ self.mdis = self.dis_engine(
+ bin_stream_ida(), dont_dis_nulstart_bloc=True)
self.ir_arch = self.ira(self.mdis.symbol_pool)
# Populate symbols with ida names
@@ -208,22 +203,22 @@ class SystemCall():
def __getSystemCallNumberByComment(self, addr, scstrings):
cmt = idc.Comment(addr)
- if cmt and cmt.startswith("LINUX - "):
+ if cmt and cmt.startswith('LINUX - '):
try:
- return scstrings.index(cmt.replace("LINUX - ", ""))
+ return scstrings.index(cmt.replace('LINUX - ', ''))
except:
return None
-
def getSystemCallNumber(self, func, scstrings):
""" Get the value of rax/eax at the time of the system call.
"""
sol = list()
- # Get the analysis results from IDA, by reading IDA's comments at system calls.
+ # Get the analysis results from IDA, by reading IDA's comments at
+ # system calls.
calls = set()
-
+
for call in func.calls:
number = self.__getSystemCallNumberByComment(call.addr, scstrings)
@@ -233,8 +228,9 @@ class SystemCall():
func.calls -= calls
- # Just proceed with depgraph if IDA detected a function and miasm had been imported.
- if not func.f or guess_machine == None:
+ # Just proceed with depgraph if IDA detected a function and miasm had
+ # been imported.
+ if not func.f or guess_machine is not None:
for call in func.calls:
sol.append([call.addr, call.sctype, ''])
return sol
@@ -255,7 +251,7 @@ class SystemCall():
# Check if addr is in a basic block without an entry.
if len(self.ir_arch.getby_offset(addr)) == 0:
- fc = qflow_chart_t("", func.f, BADADDR, BADADDR, FC_PREDS)
+ fc = qflow_chart_t('', func.f, BADADDR, BADADDR, FC_PREDS)
try:
# Iterate through all basic blocks.
@@ -280,8 +276,8 @@ class SystemCall():
# Get dependency graphs
dg = DependencyGraph(self.ir_arch, follow_call=False)
- graphs = dg.get(cur_label, self.elements, line_nb,
- set([self.ir_arch.symbol_pool.getby_offset(func.f.startEA)]))
+ graphs = dg.get(cur_label, self.elements, line_nb, set(
+ [self.ir_arch.symbol_pool.getby_offset(func.f.startEA)]))
while 1:
try:
@@ -310,16 +306,19 @@ class SystemCall():
arch[faddr].f = f
def __findCalls(self, seg, sbytes, slength, sctype, arch):
- addr = ida_search.find_binary(seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN)
+ addr = ida_search.find_binary(
+ seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN)
while addr != BADADDR:
- if ( ida_bytes.get_item_head(addr) == addr
- and ida_bytes.get_item_size(addr) == slength):
+ if (ida_bytes.get_item_head(addr) == addr and
+ ida_bytes.get_item_size(addr) == slength):
self.__addCall(addr, sctype, arch)
- addr = ida_search.find_binary(addr+1, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN)
+ addr = ida_search.find_binary(
+ addr + 1, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN)
- addr = ida_search.find_binary(seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN)
+ addr = ida_search.find_binary(
+ seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN)
def searchSystemCalls(self):
""" Looks for 'int 80', 'sysenter', 'syscall' and 'gs:[10h]' system calls.
@@ -331,19 +330,19 @@ class SystemCall():
# Check if segment is executable
if seg.perm & 1:
# int 80h. Just on 32bit.
- self.__findCalls(seg, "CD 80", 2, 0, self.x86)
+ self.__findCalls(seg, 'CD 80', 2, 0, self.x86)
# sysenter. Just on 32bit.
- self.__findCalls(seg, "0F 34", 2, 1, self.x86)
+ self.__findCalls(seg, '0F 34', 2, 1, self.x86)
# syscall. 32bit just on AMD. 64bit on AMD and Intel.
if ida_idp.ph.flag & ida_idp.PR_USE64:
- self.__findCalls(seg, "0F 05", 2, 2, self.x86_64)
+ self.__findCalls(seg, '0F 05', 2, 2, self.x86_64)
else:
- self.__findCalls(seg, "0F 05", 2, 2, self.x86)
+ self.__findCalls(seg, '0F 05', 2, 2, self.x86)
# gs:[10h]. Just on 32bit.
- self.__findCalls(seg, "65 FF 15 10 00 00 00", 7, 3, self.x86)
+ self.__findCalls(seg, '65 FF 15 10 00 00 00', 7, 3, self.x86)
seg = ida_segment.get_next_seg(seg.startEA)
@@ -353,17 +352,17 @@ class SystemCall():
class SystemCallPlugin_t(idaapi.plugin_t):
flags = 0
- comment = ""
- help = ""
- wanted_name = "System Calls"
- wanted_hotkey = ""
+ comment = ''
+ help = ''
+ wanted_name = 'System Calls'
+ wanted_hotkey = ''
def init(self):
global systemCalls
if idaapi.ph_get_id() == idaapi.PLFM_386:
# Check if already initialized
- if not 'systemCalls' in globals():
+ if 'systemCalls' not in globals():
systemCalls = SystemCall()
return idaapi.PLUGIN_KEEP
@@ -379,5 +378,6 @@ class SystemCallPlugin_t(idaapi.plugin_t):
if 'systemCalls' in globals():
del globals()['systemCalls']
+
def PLUGIN_ENTRY():
return SystemCallPlugin_t()
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 12:49:51 +0000