From 9a07429add3d3c9b1611db2d35d40996d428948e Mon Sep 17 00:00:00 2001 From: n0p <0x90@n0p.cc> Date: Wed, 7 Mar 2018 20:39:47 +0100 Subject: Formatting. --- SystemCalls.py | 138 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 69 insertions(+), 69 deletions(-) (limited to 'SystemCalls.py') diff --git a/SystemCalls.py b/SystemCalls.py index f47caf0..d1388a3 100644 --- a/SystemCalls.py +++ b/SystemCalls.py @@ -5,7 +5,7 @@ The system call ABI from the following link are supported. http://esec-lab.sogeti.com/post/2011/07/05/Linux-syscall-ABI - + by n0p """ @@ -27,20 +27,14 @@ import ida_segment from SystemCalls_constants import * - class SystemCallView(Choose2): def __init__(self, systemCalls): self.systemCalls = systemCalls - Choose2.__init__(self, - "System call", - [ ["Address", 13], - ["Type", 10], - ["Number", 10], - ["Name", 20], - ["Pointer Size", 12] ]) + Choose2.__init__(self, 'System call', [['Address', 13], ['Type', 10], [ + 'Number', 10], ['Name', 20], ['Pointer Size', 12]]) self.items = list() @@ -59,7 +53,8 @@ class SystemCallView(Choose2): self.systemCalls.searchSystemCalls() end = time.time() - print ("[*] It took {} seconds to discover the system calls.".format(end-start)) + print ('[*] It took {} seconds to discover the system calls.' % + (end - start)) self.items = list() @@ -67,44 +62,41 @@ class SystemCallView(Choose2): if len(self.systemCalls.x86) != 0: for faddr in self.systemCalls.x86.iterkeys(): - calls = self.systemCalls.getSystemCallNumber(self.systemCalls.x86[faddr], x86SystemCalls) + calls = self.systemCalls.getSystemCallNumber( + self.systemCalls.x86[faddr], x86SystemCalls) for call in calls: try: - self.items.append(["0x%08X" % call[0], - systemCallTypes[call[1]], - "0x%03X" % int(call[2]), - x86SystemCalls[int(call[2])], - "32bit"]) + self.items.append( + ['0x%08X' % call[0], systemCallTypes[call[1]], + '0x%03X' % int(call[2]), + x86SystemCalls[int(call[2])], '32bit']) except: # No hex system call number found. - self.items.append(["0x%08X" % call[0], - systemCallTypes[call[1]], - str(call[2]), - "", - "32bit"]) + self.items.append( + ['0x%08X' % call[0], systemCallTypes[ + call[1]], str(call[2]), '', '32bit']) if len(self.systemCalls.x86_64) != 0: for faddr in self.systemCalls.x86_64.iterkeys(): - calls = self.systemCalls.getSystemCallNumber(self.systemCalls.x86_64[faddr], x86_64SystemCalls) + calls = self.systemCalls.getSystemCallNumber( + self.systemCalls.x86_64[faddr], x86_64SystemCalls) for call in calls: try: - self.items.append(["0x%08X" % call[0], - systemCallTypes[call[1]], - "0x%03X" % int(call[2]), - x86_64SystemCalls[int(call[2])], - "64bit"]) + self.items.append( + ['0x%08X' % call[0], systemCallTypes[call[1]], + '0x%03X' % int(call[2]), + x86_64SystemCalls[int(call[2])], '64bit']) except: # No hex system call number found. - self.items.append(["0x%08X" % call[0], - systemCallTypes[call[1]], - str(call[2]), - "", - "64bit"]) + self.items.append( + ['0x%08X' % call[0], systemCallTypes[ + call[1]], str(call[2]), '', '64bit']) end = time.time() - print ("[*] It took {} seconds to analyze the system calls.".format(end-start)) + print ('[*] It took {} seconds to analyze the system calls.' % + (end - start)) - self.items.sort(key=lambda tup:tup[0]) + self.items.sort(key=lambda tup: tup[0]) def OnClose(self): pass @@ -112,7 +104,7 @@ class SystemCallView(Choose2): def OnCommand(self, n, cmd_id): if cmd_id == self.cmd_nop: start_ea = int(self.items[n][0], 16) - end_ea = start_ea+ItemSize(start_ea) + end_ea = start_ea + ItemSize(start_ea) self.nop_items.append(self.items[n][0]) @@ -123,7 +115,7 @@ class SystemCallView(Choose2): if not len(self.items) > 0: return -1 - if self.items[n][3] == "": + if self.items[n][3] == '': # No system call number found => display red icon. return 59 else: @@ -152,12 +144,12 @@ class SystemCallView(Choose2): self.initialized = True self.__fillView() - if self.Show() < 0: return False + if self.Show() < 0: + return False - if self.cmd_nop == None: - self.cmd_nop = self.AddCommand("NOP system call", - flags = idaapi.CHOOSER_POPUP_MENU, - icon=50) + if self.cmd_nop is None: + self.cmd_nop = self.AddCommand( + 'NOP system call', flags=idaapi.CHOOSER_POPUP_MENU, icon=50) return True @@ -185,11 +177,14 @@ class SystemCall(): def __init__(self): # Init miasm stuff. - if guess_machine != None: + if guess_machine is not None: self.machine = guess_machine() - self.mn, self.dis_engine, self.ira = self.machine.mn, self.machine.dis_engine, self.machine.ira + self.mn = self.machine.mn + self.dis_engine = self.machine.dis_engine + self.ira = self.machine.ira - self.mdis = self.dis_engine(bin_stream_ida(), dont_dis_nulstart_bloc=True) + self.mdis = self.dis_engine( + bin_stream_ida(), dont_dis_nulstart_bloc=True) self.ir_arch = self.ira(self.mdis.symbol_pool) # Populate symbols with ida names @@ -208,22 +203,22 @@ class SystemCall(): def __getSystemCallNumberByComment(self, addr, scstrings): cmt = idc.Comment(addr) - if cmt and cmt.startswith("LINUX - "): + if cmt and cmt.startswith('LINUX - '): try: - return scstrings.index(cmt.replace("LINUX - ", "")) + return scstrings.index(cmt.replace('LINUX - ', '')) except: return None - def getSystemCallNumber(self, func, scstrings): """ Get the value of rax/eax at the time of the system call. """ sol = list() - # Get the analysis results from IDA, by reading IDA's comments at system calls. + # Get the analysis results from IDA, by reading IDA's comments at + # system calls. calls = set() - + for call in func.calls: number = self.__getSystemCallNumberByComment(call.addr, scstrings) @@ -233,8 +228,9 @@ class SystemCall(): func.calls -= calls - # Just proceed with depgraph if IDA detected a function and miasm had been imported. - if not func.f or guess_machine == None: + # Just proceed with depgraph if IDA detected a function and miasm had + # been imported. + if not func.f or guess_machine is not None: for call in func.calls: sol.append([call.addr, call.sctype, '']) return sol @@ -255,7 +251,7 @@ class SystemCall(): # Check if addr is in a basic block without an entry. if len(self.ir_arch.getby_offset(addr)) == 0: - fc = qflow_chart_t("", func.f, BADADDR, BADADDR, FC_PREDS) + fc = qflow_chart_t('', func.f, BADADDR, BADADDR, FC_PREDS) try: # Iterate through all basic blocks. @@ -280,8 +276,8 @@ class SystemCall(): # Get dependency graphs dg = DependencyGraph(self.ir_arch, follow_call=False) - graphs = dg.get(cur_label, self.elements, line_nb, - set([self.ir_arch.symbol_pool.getby_offset(func.f.startEA)])) + graphs = dg.get(cur_label, self.elements, line_nb, set( + [self.ir_arch.symbol_pool.getby_offset(func.f.startEA)])) while 1: try: @@ -310,16 +306,19 @@ class SystemCall(): arch[faddr].f = f def __findCalls(self, seg, sbytes, slength, sctype, arch): - addr = ida_search.find_binary(seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) + addr = ida_search.find_binary( + seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) while addr != BADADDR: - if ( ida_bytes.get_item_head(addr) == addr - and ida_bytes.get_item_size(addr) == slength): + if (ida_bytes.get_item_head(addr) == addr and + ida_bytes.get_item_size(addr) == slength): self.__addCall(addr, sctype, arch) - addr = ida_search.find_binary(addr+1, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) + addr = ida_search.find_binary( + addr + 1, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) - addr = ida_search.find_binary(seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) + addr = ida_search.find_binary( + seg.startEA, seg.endEA, sbytes, 16, ida_search.SEARCH_DOWN) def searchSystemCalls(self): """ Looks for 'int 80', 'sysenter', 'syscall' and 'gs:[10h]' system calls. @@ -331,19 +330,19 @@ class SystemCall(): # Check if segment is executable if seg.perm & 1: # int 80h. Just on 32bit. - self.__findCalls(seg, "CD 80", 2, 0, self.x86) + self.__findCalls(seg, 'CD 80', 2, 0, self.x86) # sysenter. Just on 32bit. - self.__findCalls(seg, "0F 34", 2, 1, self.x86) + self.__findCalls(seg, '0F 34', 2, 1, self.x86) # syscall. 32bit just on AMD. 64bit on AMD and Intel. if ida_idp.ph.flag & ida_idp.PR_USE64: - self.__findCalls(seg, "0F 05", 2, 2, self.x86_64) + self.__findCalls(seg, '0F 05', 2, 2, self.x86_64) else: - self.__findCalls(seg, "0F 05", 2, 2, self.x86) + self.__findCalls(seg, '0F 05', 2, 2, self.x86) # gs:[10h]. Just on 32bit. - self.__findCalls(seg, "65 FF 15 10 00 00 00", 7, 3, self.x86) + self.__findCalls(seg, '65 FF 15 10 00 00 00', 7, 3, self.x86) seg = ida_segment.get_next_seg(seg.startEA) @@ -353,17 +352,17 @@ class SystemCall(): class SystemCallPlugin_t(idaapi.plugin_t): flags = 0 - comment = "" - help = "" - wanted_name = "System Calls" - wanted_hotkey = "" + comment = '' + help = '' + wanted_name = 'System Calls' + wanted_hotkey = '' def init(self): global systemCalls if idaapi.ph_get_id() == idaapi.PLFM_386: # Check if already initialized - if not 'systemCalls' in globals(): + if 'systemCalls' not in globals(): systemCalls = SystemCall() return idaapi.PLUGIN_KEEP @@ -379,5 +378,6 @@ class SystemCallPlugin_t(idaapi.plugin_t): if 'systemCalls' in globals(): del globals()['systemCalls'] + def PLUGIN_ENTRY(): return SystemCallPlugin_t() -- cgit v1.2.3