├── testSamples ├── password.txt └── testSamples.zip ├── IMG ├── menu.png └── example.gif ├── README.md ├── SysNR-FuncFinder.py └── LffPlugDir_WPeace ├── LinuxFuncFinder_x64.py ├── LinuxFuncFinder_Arm32.py ├── eabiFuncFinder_Arm32.py ├── LinuxFuncFinder_x86.py ├── LinuxFuncFinder_PPC32.py └── LinuxFuncFinder_Mips32.py /testSamples/password.txt: -------------------------------------------------------------------------------- 1 | samples -------------------------------------------------------------------------------- /IMG/menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WPeace-HcH/SysNR-FuncFinder/HEAD/IMG/menu.png -------------------------------------------------------------------------------- /IMG/example.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WPeace-HcH/SysNR-FuncFinder/HEAD/IMG/example.gif -------------------------------------------------------------------------------- /testSamples/testSamples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WPeace-HcH/SysNR-FuncFinder/HEAD/testSamples/testSamples.zip -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SysNR-FuncFinder 2 | **A plugin for IDA** that renames functions by system call numbers. 3 | ## Update History 4 | |Version|Date|Supported Arch|Comment| 5 | |----|----|----|----| 6 | |1.0|2022-11-30|AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM| 7 | |1.1|2022-12-01|AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM|Fix bug for IDA API version.| 8 | |1.3|2022-12-27|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM|Add support for EABI ARM32 and Bug fixes.| 9 | |1.5|2023-02-10|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM|Support finding main function for all architecture.| 10 | |1.6|2023-02-14|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM|Fix bugs when finding main function.| 11 | |1.7|2023-03-22|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM|Fix a bug and change some details.
(You need to delete old `SysNR-FuncFinder_WPeace.py` because the py-name have changed)| 12 | |2.0|2023-04-07|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM、PowerPC32|- Add support for PowerPC32 and support finding main function for PowerPC32.
- Add support for Indirect-call MIPS.| 13 | |2.1|2023-04-14|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM、PowerPC32|Fix a bug in MIPS support.| 14 | |2.3|2023-07-05|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM、PowerPC32|- Fix the bug of overflow in some cases under x64 architecture.
- Enhance the search for the main function of the x64 architecture.| 15 | |2.4|2023-08-31|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM、PowerPC32|Added some function identification under the ARM architecture.| 16 | |2.5|2023-09-20|ARM32 for EABI、AMD x86-64 architecture、Intel 80386、MIPS I Architecture、Advanced RISC Machines ARM、PowerPC32|Fix a bug when finding main function under the MIPS architecture.| 17 | ## Background 18 | In my daily analysis, many ELF files are stripped, in this condition IDA won't provide any function name, when this happens, analyzing the sample becomes difficult. So I write a plugin that can rename functions by system call numbers. 19 | ## Install 20 | - Just copy the file `SysNR-FuncFinder.py` and the folder `LffPlugDir_WPeace` to IDA Plugins folder, then restart IDA Pro to use SysNR-FuncFinder. 21 | - `NOTE`: You need python3 and IDA >= 7.4. 22 | ## Usage 23 | ![image](https://github.com/WPeace-HcH/SysNR-FuncFinder/blob/main/IMG/menu.png) 24 | - **Edit $\Rightarrow$ WPeace_Plugins $\Rightarrow$ SysNR-FuncFinder** 25 | `(Or hotkey = "Ctrl-Alt-F")` 26 | ## Example 27 | ![image](https://github.com/WPeace-HcH/SysNR-FuncFinder/blob/main/IMG/example.gif) 28 | ## Contact 29 | You can leave a message for any questions. 30 | -------------------------------------------------------------------------------- /SysNR-FuncFinder.py: -------------------------------------------------------------------------------- 1 | import idc 2 | import idaapi 3 | import sys, os 4 | path = os.path.dirname(os.path.abspath(__file__)) + "\\LffPlugDir_WPeace\\" 5 | sys.path.append(path) 6 | import LinuxFuncFinder_x64 7 | import LinuxFuncFinder_x86 8 | import LinuxFuncFinder_Mips32 9 | import LinuxFuncFinder_Arm32 10 | import eabiFuncFinder_Arm32 11 | import LinuxFuncFinder_PPC32 12 | 13 | 14 | class myplugin_sysnr(idaapi.plugin_t): 15 | flags = idaapi.PLUGIN_UNL 16 | comment = "SysNR-FuncFinder Plugin for IDA" 17 | help = "Find more information at https://github.com/wpeace-hch" 18 | wanted_name = "SysNR-FuncFinder" 19 | wanted_hotkey = "Ctrl-Alt-F" 20 | def init(self): 21 | print("\nSysNR-FuncFinder By WPeace.") 22 | try: 23 | WPe_Patcher.register(self, "SysNR-FuncFinder (Ctrl-Alt-F)") 24 | WPe_About.register(self, "About") 25 | except: 26 | pass 27 | if idaapi.IDA_SDK_VERSION >= 740: 28 | idaapi.attach_action_to_menu("Edit/WPeace_Plugins/SysNR-FuncFinder (Ctrl-Alt-F)", WPe_Patcher.get_name(), idaapi.SETMENU_APP) 29 | idaapi.attach_action_to_menu("Edit/WPeace_Plugins/About", WPe_About.get_name(), idaapi.SETMENU_APP) 30 | else: 31 | print("Your IDA version needs to be greater than 7.4! :(@WPeace") 32 | return idaapi.PLUGIN_OK 33 | def run(self, arg): 34 | print("SysNR-FuncFinder v2.5 start running...") 35 | self.patcher() 36 | def term(self): 37 | print("SysNR-FuncFinder v2.5 works fine! :)@WPeace\n") 38 | def patcher(self): 39 | elf_magic = idc.get_wide_dword(idc.get_first_seg()) 40 | e_type = idc.get_wide_word(idc.get_first_seg() + 0x10) 41 | if elf_magic == 0x464c457f or elf_magic == 0x7f454c46: 42 | if e_type == 2: 43 | e_flags = idc.get_wide_dword(idc.get_first_seg() + 0x24) 44 | e_machine = idc.get_wide_word(idc.get_first_seg() + 0x12) 45 | # eabi_syscall 46 | if e_flags > 0x4000000: 47 | # ARM32 48 | if e_machine == 40: 49 | eabiFuncFinder_Arm32.main() 50 | # oabi_syscall 51 | else: 52 | # AMD x86-64 architecture 53 | if e_machine == 62: 54 | LinuxFuncFinder_x64.main() 55 | # Intel 80386 56 | elif e_machine == 3: 57 | LinuxFuncFinder_x86.main() 58 | # MIPS I Architecture 59 | elif e_machine == 8: 60 | LinuxFuncFinder_Mips32.main() 61 | # Advanced RISC Machines ARM 62 | elif e_machine == 40: 63 | LinuxFuncFinder_Arm32.main() 64 | # PowerPC32 65 | elif e_machine == 20: 66 | LinuxFuncFinder_PPC32.main() 67 | else: 68 | print("请确认插件版本是否支持当前文件架构。") 69 | else: 70 | print("当前插件仅支持EXEC可执行ELF文件。") 71 | else: 72 | print("当前插件仅支持ELF文件格式。") 73 | def about(self): 74 | f = About_Form() 75 | f.Execute() 76 | f.Free() 77 | 78 | 79 | class Menu_Context(idaapi.action_handler_t): 80 | @classmethod 81 | def get_name(self): 82 | return self.__name__ 83 | 84 | @classmethod 85 | def get_label(self): 86 | return self.label 87 | 88 | @classmethod 89 | def register(self, plugin, label): 90 | self.plugin = plugin 91 | self.label = label 92 | instance = self() 93 | return idaapi.register_action(idaapi.action_desc_t( 94 | self.get_name(), 95 | instance.get_label(), 96 | instance 97 | )) 98 | 99 | @classmethod 100 | def unregister(self): 101 | """Unregister the action. 102 | After unregistering the class cannot be used. 103 | """ 104 | idaapi.unregister_action(self.get_name()) 105 | 106 | @classmethod 107 | def activate(self, ctx): 108 | return 1 109 | 110 | @classmethod 111 | def update(self, ctx): 112 | try: 113 | return idaapi.AST_ENABLE_FOR_WIDGET 114 | except Exception as e: 115 | return idaapi.AST_ENABLE_ALWAYS 116 | 117 | 118 | class About_Form(idaapi.Form): 119 | def __init__(self): 120 | super(About_Form, self).__init__(r"""STARTITEM 0 121 | BUTTON YES* Open author's github 122 | ABOUT 123 | {FormChangeCb} 124 | Plugins for IDA. 125 | Written BY WPeace. 126 | 127 | """, { 128 | 'FormChangeCb': self.FormChangeCb(self.OnFormChange), 129 | }) 130 | self.Compile() 131 | 132 | def OnFormChange(self, fid): 133 | if fid == -2: 134 | import webbrowser 135 | webbrowser.open("https://github.com/wpeace-hch", new = 2) 136 | return 1 137 | 138 | 139 | class WPe_Patcher(Menu_Context): 140 | def activate(self, ctx): 141 | print("\nSysNR-FuncFinder v2.5 start running...") 142 | self.plugin.patcher() 143 | return 1 144 | 145 | 146 | class WPe_About(Menu_Context): 147 | def activate(self, ctx): 148 | self.plugin.about() 149 | return 1 150 | 151 | 152 | def PLUGIN_ENTRY(): 153 | return myplugin_sysnr() -------------------------------------------------------------------------------- /LffPlugDir_WPeace/LinuxFuncFinder_x64.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | import idc 4 | import idautils 5 | import re 6 | import idaapi 7 | 8 | SN_FORCE = 0x800 9 | 10 | linux_func = [] 11 | linux_func += ['_WPe_read'] 12 | linux_func += ['_WPe_write'] 13 | linux_func += ['_WPe_open'] 14 | linux_func += ['_WPe_close'] 15 | linux_func += ['_WPe_stat'] 16 | linux_func += ['_WPe_fstat'] 17 | linux_func += ['_WPe_lstat'] 18 | linux_func += ['_WPe_poll'] 19 | linux_func += ['_WPe_lseek'] 20 | linux_func += ['_WPe_mmap'] 21 | linux_func += ['_WPe_mprotect'] 22 | linux_func += ['_WPe_munmap'] 23 | linux_func += ['_WPe_brk'] 24 | linux_func += ['_WPe_rt_sigaction'] 25 | linux_func += ['_WPe_rt_sigprocmask'] 26 | linux_func += ['_WPe_rt_sigreturn'] 27 | linux_func += ['_WPe_ioctl'] 28 | linux_func += ['_WPe_pread64'] 29 | linux_func += ['_WPe_pwrite64'] 30 | linux_func += ['_WPe_readv'] 31 | linux_func += ['_WPe_writev'] 32 | linux_func += ['_WPe_access'] 33 | linux_func += ['_WPe_pipe'] 34 | linux_func += ['_WPe_select'] 35 | linux_func += ['_WPe_sched_yield'] 36 | linux_func += ['_WPe_mremap'] 37 | linux_func += ['_WPe_msync'] 38 | linux_func += ['_WPe_mincore'] 39 | linux_func += ['_WPe_madvise'] 40 | linux_func += ['_WPe_shmget'] 41 | linux_func += ['_WPe_shmat'] 42 | linux_func += ['_WPe_shmctl'] 43 | linux_func += ['_WPe_dup'] 44 | linux_func += ['_WPe_dup2'] 45 | linux_func += ['_WPe_pause'] 46 | linux_func += ['_WPe_nanosleep'] 47 | linux_func += ['_WPe_getitimer'] 48 | linux_func += ['_WPe_alarm'] 49 | linux_func += ['_WPe_setitimer'] 50 | linux_func += ['_WPe_getpid'] 51 | linux_func += ['_WPe_sendfile'] 52 | linux_func += ['_WPe_socket'] 53 | linux_func += ['_WPe_connect'] 54 | linux_func += ['_WPe_accept'] 55 | linux_func += ['_WPe_sendto'] 56 | linux_func += ['_WPe_recvfrom'] 57 | linux_func += ['_WPe_sendmsg'] 58 | linux_func += ['_WPe_recvmsg'] 59 | linux_func += ['_WPe_shutdown'] 60 | linux_func += ['_WPe_bind'] 61 | linux_func += ['_WPe_listen'] 62 | linux_func += ['_WPe_getsockname'] 63 | linux_func += ['_WPe_getpeername'] 64 | linux_func += ['_WPe_socketpair'] 65 | linux_func += ['_WPe_setsockopt'] 66 | linux_func += ['_WPe_getsockopt'] 67 | linux_func += ['_WPe_clone'] 68 | linux_func += ['_WPe_fork'] 69 | linux_func += ['_WPe_vfork'] 70 | linux_func += ['_WPe_execve'] 71 | linux_func += ['_WPe_exit'] 72 | linux_func += ['_WPe_wait4'] 73 | linux_func += ['_WPe_kill'] 74 | linux_func += ['_WPe_uname'] 75 | linux_func += ['_WPe_semget'] 76 | linux_func += ['_WPe_semop'] 77 | linux_func += ['_WPe_semctl'] 78 | linux_func += ['_WPe_shmdt'] 79 | linux_func += ['_WPe_msgget'] 80 | linux_func += ['_WPe_msgsnd'] 81 | linux_func += ['_WPe_msgrcv'] 82 | linux_func += ['_WPe_msgctl'] 83 | linux_func += ['_WPe_fcntl'] 84 | linux_func += ['_WPe_flock'] 85 | linux_func += ['_WPe_fsync'] 86 | linux_func += ['_WPe_fdatasync'] 87 | linux_func += ['_WPe_truncate'] 88 | linux_func += ['_WPe_ftruncate'] 89 | linux_func += ['_WPe_getdents'] 90 | linux_func += ['_WPe_getcwd'] 91 | linux_func += ['_WPe_chdir'] 92 | linux_func += ['_WPe_fchdir'] 93 | linux_func += ['_WPe_rename'] 94 | linux_func += ['_WPe_mkdir'] 95 | linux_func += ['_WPe_rmdir'] 96 | linux_func += ['_WPe_creat'] 97 | linux_func += ['_WPe_link'] 98 | linux_func += ['_WPe_unlink'] 99 | linux_func += ['_WPe_symlink'] 100 | linux_func += ['_WPe_readlink'] 101 | linux_func += ['_WPe_chmod'] 102 | linux_func += ['_WPe_fchmod'] 103 | linux_func += ['_WPe_chown'] 104 | linux_func += ['_WPe_fchown'] 105 | linux_func += ['_WPe_lchown'] 106 | linux_func += ['_WPe_umask'] 107 | linux_func += ['_WPe_gettimeofday'] 108 | linux_func += ['_WPe_getrlimit'] 109 | linux_func += ['_WPe_getrusage'] 110 | linux_func += ['_WPe_sysinfo'] 111 | linux_func += ['_WPe_times'] 112 | linux_func += ['_WPe_ptrace'] 113 | linux_func += ['_WPe_getuid'] 114 | linux_func += ['_WPe_syslog'] 115 | linux_func += ['_WPe_getgid'] 116 | linux_func += ['_WPe_setuid'] 117 | linux_func += ['_WPe_setgid'] 118 | linux_func += ['_WPe_geteuid'] 119 | linux_func += ['_WPe_getegid'] 120 | linux_func += ['_WPe_setpgid'] 121 | linux_func += ['_WPe_getppid'] 122 | linux_func += ['_WPe_getpgrp'] 123 | linux_func += ['_WPe_setsid'] 124 | linux_func += ['_WPe_setreuid'] 125 | linux_func += ['_WPe_setregid'] 126 | linux_func += ['_WPe_getgroups'] 127 | linux_func += ['_WPe_setgroups'] 128 | linux_func += ['_WPe_setresuid'] 129 | linux_func += ['_WPe_getresuid'] 130 | linux_func += ['_WPe_setresgid'] 131 | linux_func += ['_WPe_getresgid'] 132 | linux_func += ['_WPe_getpgid'] 133 | linux_func += ['_WPe_setfsuid'] 134 | linux_func += ['_WPe_setfsgid'] 135 | linux_func += ['_WPe_getsid'] 136 | linux_func += ['_WPe_capget'] 137 | linux_func += ['_WPe_capset'] 138 | linux_func += ['_WPe_rt_sigpending'] 139 | linux_func += ['_WPe_rt_sigtimedwait'] 140 | linux_func += ['_WPe_rt_sigqueueinfo'] 141 | linux_func += ['_WPe_rt_sigsuspend'] 142 | linux_func += ['_WPe_sigaltstack'] 143 | linux_func += ['_WPe_utime'] 144 | linux_func += ['_WPe_mknod'] 145 | linux_func += ['_WPe_uselib'] 146 | linux_func += ['_WPe_personality'] 147 | linux_func += ['_WPe_ustat'] 148 | linux_func += ['_WPe_statfs'] 149 | linux_func += ['_WPe_fstatfs'] 150 | linux_func += ['_WPe_sysfs'] 151 | linux_func += ['_WPe_getpriority'] 152 | linux_func += ['_WPe_setpriority'] 153 | linux_func += ['_WPe_sched_setparam'] 154 | linux_func += ['_WPe_sched_getparam'] 155 | linux_func += ['_WPe_sched_setscheduler'] 156 | linux_func += ['_WPe_sched_getscheduler'] 157 | linux_func += ['_WPe_sched_get_priority_max'] 158 | linux_func += ['_WPe_sched_get_priority_min'] 159 | linux_func += ['_WPe_sched_rr_get_interval'] 160 | linux_func += ['_WPe_mlock'] 161 | linux_func += ['_WPe_munlock'] 162 | linux_func += ['_WPe_mlockall'] 163 | linux_func += ['_WPe_munlockall'] 164 | linux_func += ['_WPe_vhangup'] 165 | linux_func += ['_WPe_modify_ldt'] 166 | linux_func += ['_WPe_pivot_root'] 167 | linux_func += ['_WPe__sysctl'] 168 | linux_func += ['_WPe_prctl'] 169 | linux_func += ['_WPe_arch_prctl'] 170 | linux_func += ['_WPe_adjtimex'] 171 | linux_func += ['_WPe_setrlimit'] 172 | linux_func += ['_WPe_chroot'] 173 | linux_func += ['_WPe_sync'] 174 | linux_func += ['_WPe_acct'] 175 | linux_func += ['_WPe_settimeofday'] 176 | linux_func += ['_WPe_mount'] 177 | linux_func += ['_WPe_umount2'] 178 | linux_func += ['_WPe_swapon'] 179 | linux_func += ['_WPe_swapoff'] 180 | linux_func += ['_WPe_reboot'] 181 | linux_func += ['_WPe_sethostname'] 182 | linux_func += ['_WPe_setdomainname'] 183 | linux_func += ['_WPe_iopl'] 184 | linux_func += ['_WPe_ioperm'] 185 | linux_func += ['_WPe_create_module'] 186 | linux_func += ['_WPe_init_module'] 187 | linux_func += ['_WPe_delete_module'] 188 | linux_func += ['_WPe_get_kernel_syms'] 189 | linux_func += ['_WPe_query_module'] 190 | linux_func += ['_WPe_quotactl'] 191 | linux_func += ['_WPe_nfsservctl'] 192 | linux_func += ['_WPe_getpmsg'] 193 | linux_func += ['_WPe_putpmsg'] 194 | linux_func += ['_WPe_afs_syscall'] 195 | linux_func += ['_WPe_tuxcall'] 196 | linux_func += ['_WPe_security'] 197 | linux_func += ['_WPe_gettid'] 198 | linux_func += ['_WPe_readahead'] 199 | linux_func += ['_WPe_setxattr'] 200 | linux_func += ['_WPe_lsetxattr'] 201 | linux_func += ['_WPe_fsetxattr'] 202 | linux_func += ['_WPe_getxattr'] 203 | linux_func += ['_WPe_lgetxattr'] 204 | linux_func += ['_WPe_fgetxattr'] 205 | linux_func += ['_WPe_listxattr'] 206 | linux_func += ['_WPe_llistxattr'] 207 | linux_func += ['_WPe_flistxattr'] 208 | linux_func += ['_WPe_removexattr'] 209 | linux_func += ['_WPe_lremovexattr'] 210 | linux_func += ['_WPe_fremovexattr'] 211 | linux_func += ['_WPe_tkill'] 212 | linux_func += ['_WPe_time'] 213 | linux_func += ['_WPe_futex'] 214 | linux_func += ['_WPe_sched_setaffinity'] 215 | linux_func += ['_WPe_sched_getaffinity'] 216 | linux_func += ['_WPe_set_thread_area'] 217 | linux_func += ['_WPe_io_setup'] 218 | linux_func += ['_WPe_io_destroy'] 219 | linux_func += ['_WPe_io_getevents'] 220 | linux_func += ['_WPe_io_submit'] 221 | linux_func += ['_WPe_io_cancel'] 222 | linux_func += ['_WPe_get_thread_area'] 223 | linux_func += ['_WPe_lookup_dcookie'] 224 | linux_func += ['_WPe_epoll_create'] 225 | linux_func += ['_WPe_epoll_ctl_old'] 226 | linux_func += ['_WPe_epoll_wait_old'] 227 | linux_func += ['_WPe_remap_file_pages'] 228 | linux_func += ['_WPe_getdents64'] 229 | linux_func += ['_WPe_set_tid_address'] 230 | linux_func += ['_WPe_restart_syscall'] 231 | linux_func += ['_WPe_semtimedop'] 232 | linux_func += ['_WPe_fadvise64'] 233 | linux_func += ['_WPe_timer_create'] 234 | linux_func += ['_WPe_timer_settime'] 235 | linux_func += ['_WPe_timer_gettime'] 236 | linux_func += ['_WPe_timer_getoverrun'] 237 | linux_func += ['_WPe_timer_delete'] 238 | linux_func += ['_WPe_clock_settime'] 239 | linux_func += ['_WPe_clock_gettime'] 240 | linux_func += ['_WPe_clock_getres'] 241 | linux_func += ['_WPe_clock_nanosleep'] 242 | linux_func += ['_WPe_exit_group'] 243 | linux_func += ['_WPe_epoll_wait'] 244 | linux_func += ['_WPe_epoll_ctl'] 245 | linux_func += ['_WPe_tgkill'] 246 | linux_func += ['_WPe_utimes'] 247 | linux_func += ['_WPe_vserver'] 248 | linux_func += ['_WPe_mbind'] 249 | linux_func += ['_WPe_set_mempolicy'] 250 | linux_func += ['_WPe_get_mempolicy'] 251 | linux_func += ['_WPe_mq_open'] 252 | linux_func += ['_WPe_mq_unlink'] 253 | linux_func += ['_WPe_mq_timedsend'] 254 | linux_func += ['_WPe_mq_timedreceive'] 255 | linux_func += ['_WPe_mq_notify'] 256 | linux_func += ['_WPe_mq_getsetattr'] 257 | linux_func += ['_WPe_kexec_load'] 258 | linux_func += ['_WPe_waitid'] 259 | linux_func += ['_WPe_add_key'] 260 | linux_func += ['_WPe_request_key'] 261 | linux_func += ['_WPe_keyctl'] 262 | linux_func += ['_WPe_ioprio_set'] 263 | linux_func += ['_WPe_ioprio_get'] 264 | linux_func += ['_WPe_inotify_init'] 265 | linux_func += ['_WPe_inotify_add_watch'] 266 | linux_func += ['_WPe_inotify_rm_watch'] 267 | linux_func += ['_WPe_migrate_pages'] 268 | linux_func += ['_WPe_openat'] 269 | linux_func += ['_WPe_mkdirat'] 270 | linux_func += ['_WPe_mknodat'] 271 | linux_func += ['_WPe_fchownat'] 272 | linux_func += ['_WPe_futimesat'] 273 | linux_func += ['_WPe_newfstatat'] 274 | linux_func += ['_WPe_unlinkat'] 275 | linux_func += ['_WPe_renameat'] 276 | linux_func += ['_WPe_linkat'] 277 | linux_func += ['_WPe_symlinkat'] 278 | linux_func += ['_WPe_readlinkat'] 279 | linux_func += ['_WPe_fchmodat'] 280 | linux_func += ['_WPe_faccessat'] 281 | linux_func += ['_WPe_pselect6'] 282 | linux_func += ['_WPe_ppoll'] 283 | linux_func += ['_WPe_unshare'] 284 | linux_func += ['_WPe_set_robust_list'] 285 | linux_func += ['_WPe_get_robust_list'] 286 | linux_func += ['_WPe_splice'] 287 | linux_func += ['_WPe_tee'] 288 | linux_func += ['_WPe_sync_file_range'] 289 | linux_func += ['_WPe_vmsplice'] 290 | linux_func += ['_WPe_move_pages'] 291 | linux_func += ['_WPe_utimensat'] 292 | linux_func += ['_WPe_epoll_pwait'] 293 | linux_func += ['_WPe_signalfd'] 294 | linux_func += ['_WPe_timerfd_create'] 295 | linux_func += ['_WPe_eventfd'] 296 | linux_func += ['_WPe_fallocate'] 297 | linux_func += ['_WPe_timerfd_settime'] 298 | linux_func += ['_WPe_timerfd_gettime'] 299 | linux_func += ['_WPe_accept4'] 300 | linux_func += ['_WPe_signalfd4'] 301 | linux_func += ['_WPe_eventfd2'] 302 | linux_func += ['_WPe_epoll_create1'] 303 | linux_func += ['_WPe_dup3'] 304 | linux_func += ['_WPe_pipe2'] 305 | linux_func += ['_WPe_inotify_init1'] 306 | linux_func += ['_WPe_preadv'] 307 | linux_func += ['_WPe_pwritev'] 308 | linux_func += ['_WPe_rt_tgsigqueueinfo'] 309 | linux_func += ['_WPe_perf_event_open'] 310 | linux_func += ['_WPe_recvmmsg'] 311 | linux_func += ['_WPe_fanotify_init'] 312 | linux_func += ['_WPe_fanotify_mark'] 313 | linux_func += ['_WPe_prlimit64'] 314 | linux_func += ['_WPe_name_to_handle_at'] 315 | linux_func += ['_WPe_open_by_handle_at'] 316 | linux_func += ['_WPe_clock_adjtime'] 317 | linux_func += ['_WPe_syncfs'] 318 | linux_func += ['_WPe_sendmmsg'] 319 | linux_func += ['_WPe_setns'] 320 | linux_func += ['_WPe_getcpu'] 321 | linux_func += ['_WPe_process_vm_readv'] 322 | linux_func += ['_WPe_process_vm_writev'] 323 | linux_func += ['_WPe_kcmp'] 324 | linux_func += ['_WPe_finit_module'] 325 | linux_func += ['_WPe_sched_setattr'] 326 | linux_func += ['_WPe_sched_getattr'] 327 | linux_func += ['_WPe_renameat2'] 328 | linux_func += ['_WPe_seccomp'] 329 | linux_func += ['_WPe_getrandom'] 330 | linux_func += ['_WPe_memfd_create'] 331 | linux_func += ['_WPe_kexec_file_load'] 332 | linux_func += ['_WPe_bpf'] 333 | linux_func += ['_WPe_execveat'] 334 | linux_func += ['_WPe_userfaultfd'] 335 | linux_func += ['_WPe_membarrier'] 336 | linux_func += ['_WPe_mlock2'] 337 | linux_func += ['_WPe_copy_file_range'] 338 | linux_func += ['_WPe_preadv2'] 339 | linux_func += ['_WPe_pwritev2'] 340 | linux_func += ['_WPe_pkey_mprotect'] 341 | linux_func += ['_WPe_pkey_alloc'] 342 | linux_func += ['_WPe_pkey_free'] 343 | linux_func += ['_WPe_statx'] 344 | 345 | def ReName(): 346 | sum = 0 347 | for func in idautils.Functions(): 348 | dism_addr = list(idautils.FuncItems(func)) 349 | for line in dism_addr: 350 | m = idc.print_insn_mnem(line) 351 | if m == 'syscall': 352 | op = idc.GetDisasm(line - 4) 353 | if len(re.findall(r'mov eax,*', op)) == 0: 354 | continue 355 | op = re.findall(r',.*', op) 356 | if ';' in op[0]: 357 | op = op[0].split(';')[0] 358 | opString = ''.join(op) 359 | opString = opString.replace(',', '').replace('h', '') 360 | CallNumber = int(opString, 16) 361 | address = idc.get_name_ea_simple(idc.get_func_name(line)) 362 | flag = 0 363 | if CallNumber < 333: 364 | for func in idautils.Functions(): 365 | name = idc.get_func_name(func) 366 | if name == linux_func[CallNumber]: 367 | flag = 1 368 | if flag == 0: 369 | print(linux_func[CallNumber]) 370 | idc.set_name(address, linux_func[CallNumber], idc.SN_CHECK) 371 | sum += 1 372 | continue 373 | print("LinuxFuncFinder_x64 finished！总共重命名%d个函数" %sum) 374 | 375 | def GetMainFunc(func): 376 | end = idc.prev_head(func.end_ea) 377 | initMainAddr = idc.get_name_ea_simple(idc.print_operand(end, 0)) 378 | mainOP = "" 379 | primaryMainOP = idc.print_operand(idc.prev_head(idc.prev_head(idc.prev_head(end))), 1) 380 | secondaryMainOP = idc.print_operand(idc.prev_head(end), 1) 381 | if "sub" in primaryMainOP or "loc" in primaryMainOP or "unk" in primaryMainOP: 382 | mainOP = primaryMainOP 383 | else: 384 | mainOP = secondaryMainOP 385 | if "sub" in mainOP: 386 | mainAddr = int(mainOP.split("sub_")[1], 16) 387 | print("main address = 0x%x" %mainAddr) 388 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 389 | idc.set_name(mainAddr, "main", SN_FORCE) 390 | elif "loc" in mainOP: 391 | mainAddr = int(mainOP.split("loc_")[1], 16) 392 | print("main address = 0x%x" %mainAddr) 393 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 394 | idc.set_name(mainAddr, "main", SN_FORCE) 395 | elif "unk" in mainOP: 396 | mainAddr = int(mainOP.split("unk_")[1], 16) 397 | print("main address = 0x%x" %mainAddr) 398 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 399 | idc.set_name(mainAddr, "main", SN_FORCE) 400 | 401 | def RenameStartFunc(): 402 | startAddr = idc.get_name_ea_simple("start") 403 | func = idaapi.get_func(startAddr) 404 | if func != None: 405 | GetMainFunc(func) 406 | else: 407 | startAddr = idc.get_name_ea_simple("_start") 408 | func = idaapi.get_func(startAddr) 409 | if func != None: 410 | GetMainFunc(func) 411 | 412 | def main(): 413 | ReName() 414 | RenameStartFunc() 415 | 416 | if __name__ == "__main__": 417 | main() -------------------------------------------------------------------------------- /LffPlugDir_WPeace/LinuxFuncFinder_Arm32.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | import idc 3 | import idautils 4 | import re 5 | import idaapi 6 | 7 | SN_FORCE = 0x800 8 | 9 | linux_func = [] 10 | linux_func += ['_WPe_restart_syscall'] 11 | linux_func += ['_WPe_exit'] 12 | linux_func += ['_WPe_fork'] 13 | linux_func += ['_WPe_read'] 14 | linux_func += ['_WPe_write'] 15 | linux_func += ['_WPe_open'] 16 | linux_func += ['_WPe_close'] 17 | linux_func += ['sys_NotImplemented'] 18 | linux_func += ['_WPe_creat'] 19 | linux_func += ['_WPe_link'] 20 | linux_func += ['_WPe_unlink'] 21 | linux_func += ['_WPe_execve'] 22 | linux_func += ['_WPe_chdir'] 23 | linux_func += ['_WPe_time'] 24 | linux_func += ['_WPe_mknod'] 25 | linux_func += ['_WPe_chmod'] 26 | linux_func += ['_WPe_lchown'] 27 | linux_func += ['sys_NotImplemented'] 28 | linux_func += ['sys_NotImplemented'] 29 | linux_func += ['_WPe_lseek'] 30 | linux_func += ['_WPe_getpid'] 31 | linux_func += ['_WPe_mount'] 32 | linux_func += ['_WPe_umount2'] 33 | linux_func += ['_WPe_setuid'] 34 | linux_func += ['_WPe_getuid'] 35 | linux_func += ['_WPe_stime'] 36 | linux_func += ['_WPe_ptrace'] 37 | linux_func += ['_WPe_alarm'] 38 | linux_func += ['sys_NotImplemented'] 39 | linux_func += ['_WPe_pause'] 40 | linux_func += ['_WPe_utime'] 41 | linux_func += ['sys_NotImplemented'] 42 | linux_func += ['sys_NotImplemented'] 43 | linux_func += ['_WPe_access'] 44 | linux_func += ['_WPe_nice'] 45 | linux_func += ['sys_NotImplemented'] 46 | linux_func += ['_WPe_sync'] 47 | linux_func += ['_WPe_kill'] 48 | linux_func += ['_WPe_rename'] 49 | linux_func += ['_WPe_mkdir'] 50 | linux_func += ['_WPe_rmdir'] 51 | linux_func += ['_WPe_dup'] 52 | linux_func += ['_WPe_pipe'] 53 | linux_func += ['_WPe_times'] 54 | linux_func += ['sys_NotImplemented'] 55 | linux_func += ['_WPe_brk'] 56 | linux_func += ['_WPe_setgid'] 57 | linux_func += ['_WPe_getgid'] 58 | linux_func += ['sys_NotImplemented'] 59 | linux_func += ['_WPe_geteuid'] 60 | linux_func += ['_WPe_getegid'] 61 | linux_func += ['_WPe_acct'] 62 | linux_func += ['sys_NotImplemented'] 63 | linux_func += ['sys_NotImplemented'] 64 | linux_func += ['_WPe_ioctl'] 65 | linux_func += ['_WPe_fcntl'] 66 | linux_func += ['sys_NotImplemented'] 67 | linux_func += ['_WPe_setpgid'] 68 | linux_func += ['sys_NotImplemented'] 69 | linux_func += ['sys_NotImplemented'] 70 | linux_func += ['_WPe_umask'] 71 | linux_func += ['_WPe_chroot'] 72 | linux_func += ['_WPe_ustat'] 73 | linux_func += ['_WPe_dup2'] 74 | linux_func += ['_WPe_getppid'] 75 | linux_func += ['_WPe_getpgrp'] 76 | linux_func += ['_WPe_setsid'] 77 | linux_func += ['_WPe_sigaction'] 78 | linux_func += ['sys_NotImplemented'] 79 | linux_func += ['sys_NotImplemented'] 80 | linux_func += ['_WPe_setreuid'] 81 | linux_func += ['_WPe_setregid'] 82 | linux_func += ['_WPe_sigsuspend'] 83 | linux_func += ['_WPe_sigpending'] 84 | linux_func += ['_WPe_sethostname'] 85 | linux_func += ['_WPe_setrlimit'] 86 | linux_func += ['_WPe_getrlimit'] 87 | linux_func += ['_WPe_getrusage'] 88 | linux_func += ['_WPe_gettimeofday'] 89 | linux_func += ['_WPe_settimeofday'] 90 | linux_func += ['_WPe_getgroups'] 91 | linux_func += ['_WPe_setgroups'] 92 | linux_func += ['_WPe_select'] 93 | linux_func += ['_WPe_symlink'] 94 | linux_func += ['sys_NotImplemented'] 95 | linux_func += ['_WPe_readlink'] 96 | linux_func += ['_WPe_uselib'] 97 | linux_func += ['_WPe_swapon'] 98 | linux_func += ['_WPe_reboot'] 99 | linux_func += ['_WPe_old_readdir'] 100 | linux_func += ['_WPe_old_mmap'] 101 | linux_func += ['_WPe_munmap'] 102 | linux_func += ['_WPe_truncate'] 103 | linux_func += ['_WPe_ftruncate'] 104 | linux_func += ['_WPe_fchmod'] 105 | linux_func += ['_WPe_fchown'] 106 | linux_func += ['_WPe_getpriority'] 107 | linux_func += ['_WPe_setpriority'] 108 | linux_func += ['sys_NotImplemented'] 109 | linux_func += ['_WPe_statfs'] 110 | linux_func += ['_WPe_fstatfs'] 111 | linux_func += ['sys_NotImplemented'] 112 | linux_func += ['_WPe_socketcall'] 113 | linux_func += ['_WPe_syslog'] 114 | linux_func += ['_WPe_setitimer'] 115 | linux_func += ['_WPe_getitimer'] 116 | linux_func += ['_WPe_stat'] 117 | linux_func += ['_WPe_lstat'] 118 | linux_func += ['_WPe_fstat'] 119 | linux_func += ['sys_NotImplemented'] 120 | linux_func += ['sys_NotImplemented'] 121 | linux_func += ['_WPe_vhangup'] 122 | linux_func += ['sys_NotImplemented'] 123 | linux_func += ['sys_NotImplemented'] 124 | linux_func += ['_WPe_wait4'] 125 | linux_func += ['_WPe_swapoff'] 126 | linux_func += ['_WPe_sysinfo'] 127 | linux_func += ['_WPe_ipc'] 128 | linux_func += ['_WPe_fsync'] 129 | linux_func += ['_WPe_sigreturn'] 130 | linux_func += ['_WPe_clone'] 131 | linux_func += ['_WPe_setdomainname'] 132 | linux_func += ['_WPe_uname'] 133 | linux_func += ['sys_NotImplemented'] 134 | linux_func += ['_WPe_adjtimex'] 135 | linux_func += ['_WPe_mprotect'] 136 | linux_func += ['_WPe_sigprocmask'] 137 | linux_func += ['sys_NotImplemented'] 138 | linux_func += ['_WPe_init_module'] 139 | linux_func += ['_WPe_delete_module'] 140 | linux_func += ['sys_NotImplemented'] 141 | linux_func += ['_WPe_quotactl'] 142 | linux_func += ['_WPe_getpgid'] 143 | linux_func += ['_WPe_fchdir'] 144 | linux_func += ['_WPe_bdflush'] 145 | linux_func += ['_WPe_sysfs'] 146 | linux_func += ['_WPe_personality'] 147 | linux_func += ['sys_NotImplemented'] 148 | linux_func += ['_WPe_setfsuid'] 149 | linux_func += ['_WPe_setfsgid'] 150 | linux_func += ['_WPe__llseek'] 151 | linux_func += ['_WPe_getdents'] 152 | linux_func += ['_WPe__newselect'] 153 | linux_func += ['_WPe_flock'] 154 | linux_func += ['_WPe_msync'] 155 | linux_func += ['_WPe_readv'] 156 | linux_func += ['_WPe_writev'] 157 | linux_func += ['_WPe_getsid'] 158 | linux_func += ['_WPe_fdatasync'] 159 | linux_func += ['_WPe__sysctl'] 160 | linux_func += ['_WPe_mlock'] 161 | linux_func += ['_WPe_munlock'] 162 | linux_func += ['_WPe_mlockall'] 163 | linux_func += ['_WPe_munlockall'] 164 | linux_func += ['_WPe_sched_setparam'] 165 | linux_func += ['_WPe_sched_getparam'] 166 | linux_func += ['_WPe_sched_setscheduler'] 167 | linux_func += ['_WPe_sched_getscheduler'] 168 | linux_func += ['_WPe_sched_yield'] 169 | linux_func += ['_WPe_sched_get_priority_max'] 170 | linux_func += ['_WPe_sched_get_priority_min'] 171 | linux_func += ['_WPe_sched_rr_get_interval'] 172 | linux_func += ['_WPe_nanosleep'] 173 | linux_func += ['_WPe_mremap'] 174 | linux_func += ['_WPe_setresuid'] 175 | linux_func += ['_WPe_getresuid'] 176 | linux_func += ['sys_NotImplemented'] 177 | linux_func += ['sys_NotImplemented'] 178 | linux_func += ['_WPe_poll'] 179 | linux_func += ['_WPe_nfsservctl'] 180 | linux_func += ['_WPe_setresgid'] 181 | linux_func += ['_WPe_getresgid'] 182 | linux_func += ['_WPe_prctl'] 183 | linux_func += ['_WPe_rt_sigreturn'] 184 | linux_func += ['_WPe_rt_sigaction'] 185 | linux_func += ['_WPe_rt_sigprocmask'] 186 | linux_func += ['_WPe_rt_sigpending'] 187 | linux_func += ['_WPe_rt_sigtimedwait'] 188 | linux_func += ['_WPe_rt_sigqueueinfo'] 189 | linux_func += ['_WPe_rt_sigsuspend'] 190 | linux_func += ['_WPe_pread64'] 191 | linux_func += ['_WPe_pwrite64'] 192 | linux_func += ['_WPe_chown'] 193 | linux_func += ['_WPe_getcwd'] 194 | linux_func += ['_WPe_capget'] 195 | linux_func += ['_WPe_capset'] 196 | linux_func += ['_WPe_sigaltstack'] 197 | linux_func += ['_WPe_sendfile'] 198 | linux_func += ['sys_NotImplemented'] 199 | linux_func += ['sys_NotImplemented'] 200 | linux_func += ['_WPe_vfork'] 201 | linux_func += ['_WPe_ugetrlimit'] 202 | linux_func += ['_WPe_mmap2'] 203 | linux_func += ['_WPe_truncate64'] 204 | linux_func += ['_WPe_ftruncate64'] 205 | linux_func += ['_WPe_stat64'] 206 | linux_func += ['_WPe_lstat64'] 207 | linux_func += ['_WPe_fstat64'] 208 | linux_func += ['_WPe_lchown32'] 209 | linux_func += ['_WPe_getuid32'] 210 | linux_func += ['_WPe_getgid32'] 211 | linux_func += ['_WPe_geteuid32'] 212 | linux_func += ['_WPe_getegid32'] 213 | linux_func += ['_WPe_setreuid32'] 214 | linux_func += ['_WPe_setregid32'] 215 | linux_func += ['_WPe_getgroups32'] 216 | linux_func += ['_WPe_setgroups32'] 217 | linux_func += ['_WPe_fchown32'] 218 | linux_func += ['_WPe_setresuid32'] 219 | linux_func += ['_WPe_getresuid32'] 220 | linux_func += ['_WPe_setresgid32'] 221 | linux_func += ['_WPe_getresgid32'] 222 | linux_func += ['_WPe_chown32'] 223 | linux_func += ['_WPe_setuid32'] 224 | linux_func += ['_WPe_setgid32'] 225 | linux_func += ['_WPe_setfsuid32'] 226 | linux_func += ['_WPe_setfsgid32'] 227 | linux_func += ['_WPe_getdents64'] 228 | linux_func += ['_WPe_pivot_root'] 229 | linux_func += ['_WPe_mincore'] 230 | linux_func += ['_WPe_madvise'] 231 | linux_func += ['_WPe_fcntl64'] 232 | linux_func += ['sys_NotImplemented'] 233 | linux_func += ['sys_NotImplemented'] 234 | linux_func += ['_WPe_gettid'] 235 | linux_func += ['_WPe_readahead'] 236 | linux_func += ['_WPe_setxattr'] 237 | linux_func += ['_WPe_lsetxattr'] 238 | linux_func += ['_WPe_fsetxattr'] 239 | linux_func += ['_WPe_getxattr'] 240 | linux_func += ['_WPe_lgetxattr'] 241 | linux_func += ['_WPe_fgetxattr'] 242 | linux_func += ['_WPe_listxattr'] 243 | linux_func += ['_WPe_llistxattr'] 244 | linux_func += ['_WPe_flistxattr'] 245 | linux_func += ['_WPe_removexattr'] 246 | linux_func += ['_WPe_lremovexattr'] 247 | linux_func += ['_WPe_fremovexattr'] 248 | linux_func += ['_WPe_tkill'] 249 | linux_func += ['_WPe_sendfile64'] 250 | linux_func += ['_WPe_futex'] 251 | linux_func += ['_WPe_sched_setaffinity'] 252 | linux_func += ['_WPe_sched_getaffinity'] 253 | linux_func += ['_WPe_io_setup'] 254 | linux_func += ['_WPe_io_destroy'] 255 | linux_func += ['_WPe_io_getevents'] 256 | linux_func += ['_WPe_io_submit'] 257 | linux_func += ['_WPe_io_cancel'] 258 | linux_func += ['_WPe_exit_group'] 259 | linux_func += ['_WPe_lookup_dcookie'] 260 | linux_func += ['_WPe_epoll_create'] 261 | linux_func += ['_WPe_epoll_ctl'] 262 | linux_func += ['_WPe_epoll_wait'] 263 | linux_func += ['_WPe_remap_file_pages'] 264 | linux_func += ['sys_NotImplemented'] 265 | linux_func += ['sys_NotImplemented'] 266 | linux_func += ['_WPe_set_tid_address'] 267 | linux_func += ['_WPe_timer_create'] 268 | linux_func += ['_WPe_timer_settime'] 269 | linux_func += ['_WPe_timer_gettime'] 270 | linux_func += ['_WPe_timer_getoverrun'] 271 | linux_func += ['_WPe_timer_delete'] 272 | linux_func += ['_WPe_clock_settime'] 273 | linux_func += ['_WPe_clock_gettime'] 274 | linux_func += ['_WPe_clock_getres'] 275 | linux_func += ['_WPe_clock_nanosleep'] 276 | linux_func += ['_WPe_statfs64'] 277 | linux_func += ['_WPe_fstatfs64'] 278 | linux_func += ['_WPe_tgkill'] 279 | linux_func += ['_WPe_utimes'] 280 | linux_func += ['_WPe_arm_fadvise64_64'] 281 | linux_func += ['_WPe_pciconfig_iobase'] 282 | linux_func += ['_WPe_pciconfig_read'] 283 | linux_func += ['_WPe_pciconfig_write'] 284 | linux_func += ['_WPe_mq_open'] 285 | linux_func += ['_WPe_mq_unlink'] 286 | linux_func += ['_WPe_mq_timedsend'] 287 | linux_func += ['_WPe_mq_timedreceive'] 288 | linux_func += ['_WPe_mq_notify'] 289 | linux_func += ['_WPe_mq_getsetattr'] 290 | linux_func += ['_WPe_waitid'] 291 | linux_func += ['_WPe_socket'] 292 | linux_func += ['_WPe_bind'] 293 | linux_func += ['_WPe_connect'] 294 | linux_func += ['_WPe_listen'] 295 | linux_func += ['_WPe_accept'] 296 | linux_func += ['_WPe_getsockname'] 297 | linux_func += ['_WPe_getpeername'] 298 | linux_func += ['_WPe_socketpair'] 299 | linux_func += ['_WPe_send'] 300 | linux_func += ['_WPe_sendto'] 301 | linux_func += ['_WPe_recv'] 302 | linux_func += ['_WPe_recvfrom'] 303 | linux_func += ['_WPe_shutdown'] 304 | linux_func += ['_WPe_setsockopt'] 305 | linux_func += ['_WPe_getsockopt'] 306 | linux_func += ['_WPe_sendmsg'] 307 | linux_func += ['_WPe_recvmsg'] 308 | linux_func += ['_WPe_semop'] 309 | linux_func += ['_WPe_semget'] 310 | linux_func += ['_WPe_semctl'] 311 | linux_func += ['_WPe_msgsnd'] 312 | linux_func += ['_WPe_msgrcv'] 313 | linux_func += ['_WPe_msgget'] 314 | linux_func += ['_WPe_msgctl'] 315 | linux_func += ['_WPe_shmat'] 316 | linux_func += ['_WPe_shmdt'] 317 | linux_func += ['_WPe_shmget'] 318 | linux_func += ['_WPe_shmctl'] 319 | linux_func += ['_WPe_add_key'] 320 | linux_func += ['_WPe_request_key'] 321 | linux_func += ['_WPe_keyctl'] 322 | linux_func += ['_WPe_semtimedop'] 323 | linux_func += ['_WPe_vserver'] 324 | linux_func += ['_WPe_ioprio_set'] 325 | linux_func += ['_WPe_ioprio_get'] 326 | linux_func += ['_WPe_inotify_init'] 327 | linux_func += ['_WPe_inotify_add_watch'] 328 | linux_func += ['_WPe_inotify_rm_watch'] 329 | linux_func += ['_WPe_mbind'] 330 | linux_func += ['_WPe_get_mempolicy'] 331 | linux_func += ['_WPe_set_mempolicy'] 332 | linux_func += ['_WPe_openat'] 333 | linux_func += ['_WPe_mkdirat'] 334 | linux_func += ['_WPe_mknodat'] 335 | linux_func += ['_WPe_fchownat'] 336 | linux_func += ['_WPe_futimesat'] 337 | linux_func += ['_WPe_fstatat64'] 338 | linux_func += ['_WPe_unlinkat'] 339 | linux_func += ['_WPe_renameat'] 340 | linux_func += ['_WPe_linkat'] 341 | linux_func += ['_WPe_symlinkat'] 342 | linux_func += ['_WPe_readlinkat'] 343 | linux_func += ['_WPe_fchmodat'] 344 | linux_func += ['_WPe_faccessat'] 345 | linux_func += ['_WPe_pselect6'] 346 | linux_func += ['_WPe_ppoll'] 347 | linux_func += ['_WPe_unshare'] 348 | linux_func += ['_WPe_set_robust_list'] 349 | linux_func += ['_WPe_get_robust_list'] 350 | linux_func += ['_WPe_splice'] 351 | linux_func += ['_WPe_arm_sync_file_range'] 352 | linux_func += ['_WPe_tee'] 353 | linux_func += ['_WPe_vmsplice'] 354 | linux_func += ['_WPe_move_pages'] 355 | linux_func += ['_WPe_getcpu'] 356 | linux_func += ['_WPe_epoll_pwait'] 357 | linux_func += ['_WPe_kexec_load'] 358 | linux_func += ['_WPe_utimensat'] 359 | linux_func += ['_WPe_signalfd'] 360 | linux_func += ['_WPe_timerfd_create'] 361 | linux_func += ['_WPe_eventfd'] 362 | linux_func += ['_WPe_fallocate'] 363 | linux_func += ['_WPe_timerfd_settime'] 364 | linux_func += ['_WPe_timerfd_gettime'] 365 | linux_func += ['_WPe_signalfd4'] 366 | linux_func += ['_WPe_eventfd2'] 367 | linux_func += ['_WPe_epoll_create1'] 368 | linux_func += ['_WPe_dup3'] 369 | linux_func += ['_WPe_pipe2'] 370 | linux_func += ['_WPe_inotify_init1'] 371 | linux_func += ['_WPe_preadv'] 372 | linux_func += ['_WPe_pwritev'] 373 | linux_func += ['_WPe_rt_tgsigqueueinfo'] 374 | linux_func += ['_WPe_perf_event_open'] 375 | linux_func += ['_WPe_recvmmsg'] 376 | linux_func += ['_WPe_accept4'] 377 | linux_func += ['_WPe_fanotify_init'] 378 | linux_func += ['_WPe_fanotify_mark'] 379 | linux_func += ['_WPe_prlimit64'] 380 | linux_func += ['_WPe_name_to_handle_at'] 381 | linux_func += ['_WPe_open_by_handle_at'] 382 | linux_func += ['_WPe_clock_adjtime'] 383 | linux_func += ['_WPe_syncfs'] 384 | linux_func += ['_WPe_sendmmsg'] 385 | linux_func += ['_WPe_setns'] 386 | linux_func += ['_WPe_process_vm_readv'] 387 | linux_func += ['_WPe_process_vm_writev'] 388 | linux_func += ['_WPe_kcmp'] 389 | linux_func += ['_WPe_finit_module'] 390 | linux_func += ['_WPe_sched_setattr'] 391 | linux_func += ['_WPe_sched_getattr'] 392 | linux_func += ['_WPe_renameat2'] 393 | linux_func += ['_WPe_seccomp'] 394 | linux_func += ['_WPe_getrandom'] 395 | linux_func += ['_WPe_memfd_create'] 396 | linux_func += ['_WPe_bpf'] 397 | linux_func += ['_WPe_execveat'] 398 | linux_func += ['_WPe_userfaultfd'] 399 | linux_func += ['_WPe_membarrier'] 400 | linux_func += ['_WPe_mlock2'] 401 | linux_func += ['_WPe_copy_file_range'] 402 | linux_func += ['_WPe_preadv2'] 403 | linux_func += ['_WPe_pwritev2'] 404 | linux_func += ['_WPe_pkey_mprotect'] 405 | linux_func += ['_WPe_pkey_alloc'] 406 | linux_func += ['_WPe_pkey_free'] 407 | linux_func += ['_WPe_statx'] 408 | 409 | 410 | def ReName(): 411 | sum = 0 412 | for func in idautils.Functions(): 413 | dism_addr = list(idautils.FuncItems(func)) 414 | for line in dism_addr: 415 | m = idc.print_insn_mnem(line) 416 | if m == 'SVC': 417 | op = idc.GetDisasm(line) 418 | op = re.findall('(?<=0x9).*$', op) 419 | opString = ''.join(op) 420 | if len(opString) == 0: 421 | print("Error：请确认调用规则是否正确！") 422 | return 423 | CallNumber = int(opString, 16) 424 | address = idc.get_name_ea_simple(idc.get_func_name(line)) 425 | flag = 0 426 | for func in idautils.Functions(): 427 | name = idc.get_func_name(func) 428 | if name == linux_func[CallNumber]: 429 | flag = 1 430 | if flag == 0: 431 | print(linux_func[CallNumber]) 432 | idc.set_name(address, linux_func[CallNumber], idc.SN_CHECK) 433 | sum += 1 434 | continue 435 | print("LinuxFuncFinder_Arm32 finished！总共重命名%d个函数" %sum) 436 | 437 | def GetMainFunc(func): 438 | end = idc.prev_head(func.end_ea) 439 | initMainAddr = idc.get_name_ea_simple(idc.print_operand(end, 0)) 440 | mainOP = idc.print_operand(idc.prev_head(idc.prev_head(end)), 1) 441 | if "sub" in mainOP: 442 | mainAddr = int(mainOP.split("sub_")[1], 16) 443 | print("main address = 0x%x" %mainAddr) 444 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 445 | idc.set_name(mainAddr, "main", SN_FORCE) 446 | elif "loc" in mainOP: 447 | mainAddr = int(mainOP.split("loc_")[1], 16) 448 | print("main address = 0x%x" %mainAddr) 449 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 450 | idc.set_name(mainAddr, "main", SN_FORCE) 451 | elif "unk" in mainOP: 452 | mainAddr = int(mainOP.split("unk_")[1], 16) 453 | print("main address = 0x%x" %mainAddr) 454 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 455 | idc.set_name(mainAddr, "main", SN_FORCE) 456 | 457 | def RenameStartFunc(): 458 | startAddr = idc.get_name_ea_simple("start") 459 | func = idaapi.get_func(startAddr) 460 | if func != None: 461 | GetMainFunc(func) 462 | else: 463 | startAddr = idc.get_name_ea_simple("_start") 464 | func = idaapi.get_func(startAddr) 465 | if func != None: 466 | GetMainFunc(func) 467 | 468 | def main(): 469 | ReName() 470 | RenameStartFunc() 471 | 472 | 473 | if __name__ == "__main__": 474 | main() 475 | -------------------------------------------------------------------------------- /LffPlugDir_WPeace/eabiFuncFinder_Arm32.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | import idc 3 | import idautils 4 | import re 5 | import idaapi 6 | 7 | SN_FORCE = 0x800 8 | 9 | linux_func = [] 10 | linux_func += ['_WPe_restart_syscall'] 11 | linux_func += ['_WPe_exit'] 12 | linux_func += ['_WPe_fork'] 13 | linux_func += ['_WPe_read'] 14 | linux_func += ['_WPe_write'] 15 | linux_func += ['_WPe_open'] 16 | linux_func += ['_WPe_close'] 17 | linux_func += ['sys_NotImplemented'] 18 | linux_func += ['_WPe_creat'] 19 | linux_func += ['_WPe_link'] 20 | linux_func += ['_WPe_unlink'] 21 | linux_func += ['_WPe_execve'] 22 | linux_func += ['_WPe_chdir'] 23 | linux_func += ['_WPe_time'] 24 | linux_func += ['_WPe_mknod'] 25 | linux_func += ['_WPe_chmod'] 26 | linux_func += ['_WPe_lchown'] 27 | linux_func += ['sys_NotImplemented'] 28 | linux_func += ['sys_NotImplemented'] 29 | linux_func += ['_WPe_lseek'] 30 | linux_func += ['_WPe_getpid'] 31 | linux_func += ['_WPe_mount'] 32 | linux_func += ['_WPe_umount2'] 33 | linux_func += ['_WPe_setuid'] 34 | linux_func += ['_WPe_getuid'] 35 | linux_func += ['_WPe_stime'] 36 | linux_func += ['_WPe_ptrace'] 37 | linux_func += ['_WPe_alarm'] 38 | linux_func += ['sys_NotImplemented'] 39 | linux_func += ['_WPe_pause'] 40 | linux_func += ['_WPe_utime'] 41 | linux_func += ['sys_NotImplemented'] 42 | linux_func += ['sys_NotImplemented'] 43 | linux_func += ['_WPe_access'] 44 | linux_func += ['_WPe_nice'] 45 | linux_func += ['sys_NotImplemented'] 46 | linux_func += ['_WPe_sync'] 47 | linux_func += ['_WPe_kill'] 48 | linux_func += ['_WPe_rename'] 49 | linux_func += ['_WPe_mkdir'] 50 | linux_func += ['_WPe_rmdir'] 51 | linux_func += ['_WPe_dup'] 52 | linux_func += ['_WPe_pipe'] 53 | linux_func += ['_WPe_times'] 54 | linux_func += ['sys_NotImplemented'] 55 | linux_func += ['_WPe_brk'] 56 | linux_func += ['_WPe_setgid'] 57 | linux_func += ['_WPe_getgid'] 58 | linux_func += ['sys_NotImplemented'] 59 | linux_func += ['_WPe_geteuid'] 60 | linux_func += ['_WPe_getegid'] 61 | linux_func += ['_WPe_acct'] 62 | linux_func += ['sys_NotImplemented'] 63 | linux_func += ['sys_NotImplemented'] 64 | linux_func += ['_WPe_ioctl'] 65 | linux_func += ['_WPe_fcntl'] 66 | linux_func += ['sys_NotImplemented'] 67 | linux_func += ['_WPe_setpgid'] 68 | linux_func += ['sys_NotImplemented'] 69 | linux_func += ['sys_NotImplemented'] 70 | linux_func += ['_WPe_umask'] 71 | linux_func += ['_WPe_chroot'] 72 | linux_func += ['_WPe_ustat'] 73 | linux_func += ['_WPe_dup2'] 74 | linux_func += ['_WPe_getppid'] 75 | linux_func += ['_WPe_getpgrp'] 76 | linux_func += ['_WPe_setsid'] 77 | linux_func += ['_WPe_sigaction'] 78 | linux_func += ['sys_NotImplemented'] 79 | linux_func += ['sys_NotImplemented'] 80 | linux_func += ['_WPe_setreuid'] 81 | linux_func += ['_WPe_setregid'] 82 | linux_func += ['_WPe_sigsuspend'] 83 | linux_func += ['_WPe_sigpending'] 84 | linux_func += ['_WPe_sethostname'] 85 | linux_func += ['_WPe_setrlimit'] 86 | linux_func += ['_WPe_getrlimit'] 87 | linux_func += ['_WPe_getrusage'] 88 | linux_func += ['_WPe_gettimeofday'] 89 | linux_func += ['_WPe_settimeofday'] 90 | linux_func += ['_WPe_getgroups'] 91 | linux_func += ['_WPe_setgroups'] 92 | linux_func += ['_WPe_select'] 93 | linux_func += ['_WPe_symlink'] 94 | linux_func += ['sys_NotImplemented'] 95 | linux_func += ['_WPe_readlink'] 96 | linux_func += ['_WPe_uselib'] 97 | linux_func += ['_WPe_swapon'] 98 | linux_func += ['_WPe_reboot'] 99 | linux_func += ['_WPe_old_readdir'] 100 | linux_func += ['_WPe_old_mmap'] 101 | linux_func += ['_WPe_munmap'] 102 | linux_func += ['_WPe_truncate'] 103 | linux_func += ['_WPe_ftruncate'] 104 | linux_func += ['_WPe_fchmod'] 105 | linux_func += ['_WPe_fchown'] 106 | linux_func += ['_WPe_getpriority'] 107 | linux_func += ['_WPe_setpriority'] 108 | linux_func += ['sys_NotImplemented'] 109 | linux_func += ['_WPe_statfs'] 110 | linux_func += ['_WPe_fstatfs'] 111 | linux_func += ['sys_NotImplemented'] 112 | linux_func += ['_WPe_socketcall'] 113 | linux_func += ['_WPe_syslog'] 114 | linux_func += ['_WPe_setitimer'] 115 | linux_func += ['_WPe_getitimer'] 116 | linux_func += ['_WPe_stat'] 117 | linux_func += ['_WPe_lstat'] 118 | linux_func += ['_WPe_fstat'] 119 | linux_func += ['sys_NotImplemented'] 120 | linux_func += ['sys_NotImplemented'] 121 | linux_func += ['_WPe_vhangup'] 122 | linux_func += ['sys_NotImplemented'] 123 | linux_func += ['sys_NotImplemented'] 124 | linux_func += ['_WPe_wait4'] 125 | linux_func += ['_WPe_swapoff'] 126 | linux_func += ['_WPe_sysinfo'] 127 | linux_func += ['_WPe_ipc'] 128 | linux_func += ['_WPe_fsync'] 129 | linux_func += ['_WPe_sigreturn'] 130 | linux_func += ['_WPe_clone'] 131 | linux_func += ['_WPe_setdomainname'] 132 | linux_func += ['_WPe_uname'] 133 | linux_func += ['sys_NotImplemented'] 134 | linux_func += ['_WPe_adjtimex'] 135 | linux_func += ['_WPe_mprotect'] 136 | linux_func += ['_WPe_sigprocmask'] 137 | linux_func += ['sys_NotImplemented'] 138 | linux_func += ['_WPe_init_module'] 139 | linux_func += ['_WPe_delete_module'] 140 | linux_func += ['sys_NotImplemented'] 141 | linux_func += ['_WPe_quotactl'] 142 | linux_func += ['_WPe_getpgid'] 143 | linux_func += ['_WPe_fchdir'] 144 | linux_func += ['_WPe_bdflush'] 145 | linux_func += ['_WPe_sysfs'] 146 | linux_func += ['_WPe_personality'] 147 | linux_func += ['sys_NotImplemented'] 148 | linux_func += ['_WPe_setfsuid'] 149 | linux_func += ['_WPe_setfsgid'] 150 | linux_func += ['_WPe__llseek'] 151 | linux_func += ['_WPe_getdents'] 152 | linux_func += ['_WPe__newselect'] 153 | linux_func += ['_WPe_flock'] 154 | linux_func += ['_WPe_msync'] 155 | linux_func += ['_WPe_readv'] 156 | linux_func += ['_WPe_writev'] 157 | linux_func += ['_WPe_getsid'] 158 | linux_func += ['_WPe_fdatasync'] 159 | linux_func += ['_WPe__sysctl'] 160 | linux_func += ['_WPe_mlock'] 161 | linux_func += ['_WPe_munlock'] 162 | linux_func += ['_WPe_mlockall'] 163 | linux_func += ['_WPe_munlockall'] 164 | linux_func += ['_WPe_sched_setparam'] 165 | linux_func += ['_WPe_sched_getparam'] 166 | linux_func += ['_WPe_sched_setscheduler'] 167 | linux_func += ['_WPe_sched_getscheduler'] 168 | linux_func += ['_WPe_sched_yield'] 169 | linux_func += ['_WPe_sched_get_priority_max'] 170 | linux_func += ['_WPe_sched_get_priority_min'] 171 | linux_func += ['_WPe_sched_rr_get_interval'] 172 | linux_func += ['_WPe_nanosleep'] 173 | linux_func += ['_WPe_mremap'] 174 | linux_func += ['_WPe_setresuid'] 175 | linux_func += ['_WPe_getresuid'] 176 | linux_func += ['sys_NotImplemented'] 177 | linux_func += ['sys_NotImplemented'] 178 | linux_func += ['_WPe_poll'] 179 | linux_func += ['_WPe_nfsservctl'] 180 | linux_func += ['_WPe_setresgid'] 181 | linux_func += ['_WPe_getresgid'] 182 | linux_func += ['_WPe_prctl'] 183 | linux_func += ['_WPe_rt_sigreturn'] 184 | linux_func += ['_WPe_rt_sigaction'] 185 | linux_func += ['_WPe_rt_sigprocmask'] 186 | linux_func += ['_WPe_rt_sigpending'] 187 | linux_func += ['_WPe_rt_sigtimedwait'] 188 | linux_func += ['_WPe_rt_sigqueueinfo'] 189 | linux_func += ['_WPe_rt_sigsuspend'] 190 | linux_func += ['_WPe_pread64'] 191 | linux_func += ['_WPe_pwrite64'] 192 | linux_func += ['_WPe_chown'] 193 | linux_func += ['_WPe_getcwd'] 194 | linux_func += ['_WPe_capget'] 195 | linux_func += ['_WPe_capset'] 196 | linux_func += ['_WPe_sigaltstack'] 197 | linux_func += ['_WPe_sendfile'] 198 | linux_func += ['sys_NotImplemented'] 199 | linux_func += ['sys_NotImplemented'] 200 | linux_func += ['_WPe_vfork'] 201 | linux_func += ['_WPe_ugetrlimit'] 202 | linux_func += ['_WPe_mmap2'] 203 | linux_func += ['_WPe_truncate64'] 204 | linux_func += ['_WPe_ftruncate64'] 205 | linux_func += ['_WPe_stat64'] 206 | linux_func += ['_WPe_lstat64'] 207 | linux_func += ['_WPe_fstat64'] 208 | linux_func += ['_WPe_lchown32'] 209 | linux_func += ['_WPe_getuid32'] 210 | linux_func += ['_WPe_getgid32'] 211 | linux_func += ['_WPe_geteuid32'] 212 | linux_func += ['_WPe_getegid32'] 213 | linux_func += ['_WPe_setreuid32'] 214 | linux_func += ['_WPe_setregid32'] 215 | linux_func += ['_WPe_getgroups32'] 216 | linux_func += ['_WPe_setgroups32'] 217 | linux_func += ['_WPe_fchown32'] 218 | linux_func += ['_WPe_setresuid32'] 219 | linux_func += ['_WPe_getresuid32'] 220 | linux_func += ['_WPe_setresgid32'] 221 | linux_func += ['_WPe_getresgid32'] 222 | linux_func += ['_WPe_chown32'] 223 | linux_func += ['_WPe_setuid32'] 224 | linux_func += ['_WPe_setgid32'] 225 | linux_func += ['_WPe_setfsuid32'] 226 | linux_func += ['_WPe_setfsgid32'] 227 | linux_func += ['_WPe_getdents64'] 228 | linux_func += ['_WPe_pivot_root'] 229 | linux_func += ['_WPe_mincore'] 230 | linux_func += ['_WPe_madvise'] 231 | linux_func += ['_WPe_fcntl64'] 232 | linux_func += ['sys_NotImplemented'] 233 | linux_func += ['sys_NotImplemented'] 234 | linux_func += ['_WPe_gettid'] 235 | linux_func += ['_WPe_readahead'] 236 | linux_func += ['_WPe_setxattr'] 237 | linux_func += ['_WPe_lsetxattr'] 238 | linux_func += ['_WPe_fsetxattr'] 239 | linux_func += ['_WPe_getxattr'] 240 | linux_func += ['_WPe_lgetxattr'] 241 | linux_func += ['_WPe_fgetxattr'] 242 | linux_func += ['_WPe_listxattr'] 243 | linux_func += ['_WPe_llistxattr'] 244 | linux_func += ['_WPe_flistxattr'] 245 | linux_func += ['_WPe_removexattr'] 246 | linux_func += ['_WPe_lremovexattr'] 247 | linux_func += ['_WPe_fremovexattr'] 248 | linux_func += ['_WPe_tkill'] 249 | linux_func += ['_WPe_sendfile64'] 250 | linux_func += ['_WPe_futex'] 251 | linux_func += ['_WPe_sched_setaffinity'] 252 | linux_func += ['_WPe_sched_getaffinity'] 253 | linux_func += ['_WPe_io_setup'] 254 | linux_func += ['_WPe_io_destroy'] 255 | linux_func += ['_WPe_io_getevents'] 256 | linux_func += ['_WPe_io_submit'] 257 | linux_func += ['_WPe_io_cancel'] 258 | linux_func += ['_WPe_exit_group'] 259 | linux_func += ['_WPe_lookup_dcookie'] 260 | linux_func += ['_WPe_epoll_create'] 261 | linux_func += ['_WPe_epoll_ctl'] 262 | linux_func += ['_WPe_epoll_wait'] 263 | linux_func += ['_WPe_remap_file_pages'] 264 | linux_func += ['sys_NotImplemented'] 265 | linux_func += ['sys_NotImplemented'] 266 | linux_func += ['_WPe_set_tid_address'] 267 | linux_func += ['_WPe_timer_create'] 268 | linux_func += ['_WPe_timer_settime'] 269 | linux_func += ['_WPe_timer_gettime'] 270 | linux_func += ['_WPe_timer_getoverrun'] 271 | linux_func += ['_WPe_timer_delete'] 272 | linux_func += ['_WPe_clock_settime'] 273 | linux_func += ['_WPe_clock_gettime'] 274 | linux_func += ['_WPe_clock_getres'] 275 | linux_func += ['_WPe_clock_nanosleep'] 276 | linux_func += ['_WPe_statfs64'] 277 | linux_func += ['_WPe_fstatfs64'] 278 | linux_func += ['_WPe_tgkill'] 279 | linux_func += ['_WPe_utimes'] 280 | linux_func += ['_WPe_arm_fadvise64_64'] 281 | linux_func += ['_WPe_pciconfig_iobase'] 282 | linux_func += ['_WPe_pciconfig_read'] 283 | linux_func += ['_WPe_pciconfig_write'] 284 | linux_func += ['_WPe_mq_open'] 285 | linux_func += ['_WPe_mq_unlink'] 286 | linux_func += ['_WPe_mq_timedsend'] 287 | linux_func += ['_WPe_mq_timedreceive'] 288 | linux_func += ['_WPe_mq_notify'] 289 | linux_func += ['_WPe_mq_getsetattr'] 290 | linux_func += ['_WPe_waitid'] 291 | linux_func += ['_WPe_socket'] 292 | linux_func += ['_WPe_bind'] 293 | linux_func += ['_WPe_connect'] 294 | linux_func += ['_WPe_listen'] 295 | linux_func += ['_WPe_accept'] 296 | linux_func += ['_WPe_getsockname'] 297 | linux_func += ['_WPe_getpeername'] 298 | linux_func += ['_WPe_socketpair'] 299 | linux_func += ['_WPe_send'] 300 | linux_func += ['_WPe_sendto'] 301 | linux_func += ['_WPe_recv'] 302 | linux_func += ['_WPe_recvfrom'] 303 | linux_func += ['_WPe_shutdown'] 304 | linux_func += ['_WPe_setsockopt'] 305 | linux_func += ['_WPe_getsockopt'] 306 | linux_func += ['_WPe_sendmsg'] 307 | linux_func += ['_WPe_recvmsg'] 308 | linux_func += ['_WPe_semop'] 309 | linux_func += ['_WPe_semget'] 310 | linux_func += ['_WPe_semctl'] 311 | linux_func += ['_WPe_msgsnd'] 312 | linux_func += ['_WPe_msgrcv'] 313 | linux_func += ['_WPe_msgget'] 314 | linux_func += ['_WPe_msgctl'] 315 | linux_func += ['_WPe_shmat'] 316 | linux_func += ['_WPe_shmdt'] 317 | linux_func += ['_WPe_shmget'] 318 | linux_func += ['_WPe_shmctl'] 319 | linux_func += ['_WPe_add_key'] 320 | linux_func += ['_WPe_request_key'] 321 | linux_func += ['_WPe_keyctl'] 322 | linux_func += ['_WPe_semtimedop'] 323 | linux_func += ['_WPe_vserver'] 324 | linux_func += ['_WPe_ioprio_set'] 325 | linux_func += ['_WPe_ioprio_get'] 326 | linux_func += ['_WPe_inotify_init'] 327 | linux_func += ['_WPe_inotify_add_watch'] 328 | linux_func += ['_WPe_inotify_rm_watch'] 329 | linux_func += ['_WPe_mbind'] 330 | linux_func += ['_WPe_get_mempolicy'] 331 | linux_func += ['_WPe_set_mempolicy'] 332 | linux_func += ['_WPe_openat'] 333 | linux_func += ['_WPe_mkdirat'] 334 | linux_func += ['_WPe_mknodat'] 335 | linux_func += ['_WPe_fchownat'] 336 | linux_func += ['_WPe_futimesat'] 337 | linux_func += ['_WPe_fstatat64'] 338 | linux_func += ['_WPe_unlinkat'] 339 | linux_func += ['_WPe_renameat'] 340 | linux_func += ['_WPe_linkat'] 341 | linux_func += ['_WPe_symlinkat'] 342 | linux_func += ['_WPe_readlinkat'] 343 | linux_func += ['_WPe_fchmodat'] 344 | linux_func += ['_WPe_faccessat'] 345 | linux_func += ['_WPe_pselect6'] 346 | linux_func += ['_WPe_ppoll'] 347 | linux_func += ['_WPe_unshare'] 348 | linux_func += ['_WPe_set_robust_list'] 349 | linux_func += ['_WPe_get_robust_list'] 350 | linux_func += ['_WPe_splice'] 351 | linux_func += ['_WPe_arm_sync_file_range'] 352 | linux_func += ['_WPe_tee'] 353 | linux_func += ['_WPe_vmsplice'] 354 | linux_func += ['_WPe_move_pages'] 355 | linux_func += ['_WPe_getcpu'] 356 | linux_func += ['_WPe_epoll_pwait'] 357 | linux_func += ['_WPe_kexec_load'] 358 | linux_func += ['_WPe_utimensat'] 359 | linux_func += ['_WPe_signalfd'] 360 | linux_func += ['_WPe_timerfd_create'] 361 | linux_func += ['_WPe_eventfd'] 362 | linux_func += ['_WPe_fallocate'] 363 | linux_func += ['_WPe_timerfd_settime'] 364 | linux_func += ['_WPe_timerfd_gettime'] 365 | linux_func += ['_WPe_signalfd4'] 366 | linux_func += ['_WPe_eventfd2'] 367 | linux_func += ['_WPe_epoll_create1'] 368 | linux_func += ['_WPe_dup3'] 369 | linux_func += ['_WPe_pipe2'] 370 | linux_func += ['_WPe_inotify_init1'] 371 | linux_func += ['_WPe_preadv'] 372 | linux_func += ['_WPe_pwritev'] 373 | linux_func += ['_WPe_rt_tgsigqueueinfo'] 374 | linux_func += ['_WPe_perf_event_open'] 375 | linux_func += ['_WPe_recvmmsg'] 376 | linux_func += ['_WPe_accept4'] 377 | linux_func += ['_WPe_fanotify_init'] 378 | linux_func += ['_WPe_fanotify_mark'] 379 | linux_func += ['_WPe_prlimit64'] 380 | linux_func += ['_WPe_name_to_handle_at'] 381 | linux_func += ['_WPe_open_by_handle_at'] 382 | linux_func += ['_WPe_clock_adjtime'] 383 | linux_func += ['_WPe_syncfs'] 384 | linux_func += ['_WPe_sendmmsg'] 385 | linux_func += ['_WPe_setns'] 386 | linux_func += ['_WPe_process_vm_readv'] 387 | linux_func += ['_WPe_process_vm_writev'] 388 | linux_func += ['_WPe_kcmp'] 389 | linux_func += ['_WPe_finit_module'] 390 | linux_func += ['_WPe_sched_setattr'] 391 | linux_func += ['_WPe_sched_getattr'] 392 | linux_func += ['_WPe_renameat2'] 393 | linux_func += ['_WPe_seccomp'] 394 | linux_func += ['_WPe_getrandom'] 395 | linux_func += ['_WPe_memfd_create'] 396 | linux_func += ['_WPe_bpf'] 397 | linux_func += ['_WPe_execveat'] 398 | linux_func += ['_WPe_userfaultfd'] 399 | linux_func += ['_WPe_membarrier'] 400 | linux_func += ['_WPe_mlock2'] 401 | linux_func += ['_WPe_copy_file_range'] 402 | linux_func += ['_WPe_preadv2'] 403 | linux_func += ['_WPe_pwritev2'] 404 | linux_func += ['_WPe_pkey_mprotect'] 405 | linux_func += ['_WPe_pkey_alloc'] 406 | linux_func += ['_WPe_pkey_free'] 407 | linux_func += ['_WPe_statx'] 408 | 409 | 410 | def ReName(): 411 | sum = 0 412 | for func in idautils.Functions(): 413 | dism_addr = list(idautils.FuncItems(func)) 414 | for line in dism_addr: 415 | op = idc.print_insn_mnem(line) 416 | if op == 'SVC': 417 | lastline = idc.prev_head(line) 418 | op_last = idc.print_insn_mnem(lastline) 419 | if op_last == 'MOV' and idc.get_operand_value(lastline, 0) == 7: 420 | callnumber = idc.get_operand_value(lastline, 1) 421 | address = idc.get_name_ea_simple(idc.get_func_name(line)) 422 | funcName = idc.get_func_name(address) 423 | if funcName != "start" and funcName != "_WPe_fork": 424 | if "clone" in funcName and callnumber == 0xF0: 425 | idc.set_name(address, "_WPe_fork", SN_FORCE) 426 | print("_WPe_fork") 427 | else: 428 | idc.set_name(address, linux_func[callnumber], SN_FORCE) 429 | print(linux_func[callnumber]) 430 | sum += 1 431 | elif op_last == 'LDR' and idc.get_operand_value(lastline, 0) == 7: 432 | op = idc.GetDisasm(lastline) 433 | op = re.findall('=.*$', op) 434 | if op: 435 | try: 436 | opString = ''.join(op[0].replace('=','')) 437 | callnumber = int(opString, 16) 438 | address = idc.get_name_ea_simple(idc.get_func_name(line)) 439 | funcName = idc.get_func_name(address) 440 | if funcName != "start" and funcName != "_WPe_fork": 441 | if "clone" in funcName and callnumber == 0xF0: 442 | idc.set_name(address, "_WPe_fork", SN_FORCE) 443 | print("_WPe_fork") 444 | else: 445 | idc.set_name(address, linux_func[callnumber], SN_FORCE) 446 | print(linux_func[callnumber]) 447 | sum += 1 448 | except Exception as e: 449 | pass 450 | print("eabiFuncFinder_Arm32 finished！总共重命名%d个函数" %sum) 451 | 452 | def GetMainFunc(func): 453 | end = idc.prev_head(func.end_ea) 454 | initMainAddr = idc.get_name_ea_simple(idc.print_operand(end, 0)) 455 | mainOP = idc.print_operand(idc.prev_head(idc.prev_head(end)), 0) 456 | mainAddrStr = idc.print_operand(idc.prev_head(idc.prev_head(end)), 1) 457 | if mainOP == "R0": 458 | mainAddr = idc.get_name_ea_simple(mainAddrStr.replace('=', '')) 459 | print("main address = 0x%x" %mainAddr) 460 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 461 | idc.set_name(mainAddr, "main", SN_FORCE) 462 | 463 | def RenameStartFunc(): 464 | startAddr = idc.get_name_ea_simple("start") 465 | func = idaapi.get_func(startAddr) 466 | if func != None: 467 | GetMainFunc(func) 468 | else: 469 | startAddr = idc.get_name_ea_simple("_start") 470 | func = idaapi.get_func(startAddr) 471 | if func != None: 472 | GetMainFunc(func) 473 | 474 | def main(): 475 | ReName() 476 | RenameStartFunc() 477 | 478 | 479 | if __name__ == "__main__": 480 | main() 481 | -------------------------------------------------------------------------------- /LffPlugDir_WPeace/LinuxFuncFinder_x86.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | import idc 4 | import idautils 5 | import re 6 | import idaapi 7 | 8 | SN_FORCE = 0x800 9 | 10 | linux_func = [] 11 | linux_func += ['_WPe_restart_syscall'] 12 | linux_func += ['_WPe_exit'] 13 | linux_func += ['_WPe_fork'] 14 | linux_func += ['_WPe_read'] 15 | linux_func += ['_WPe_write'] 16 | linux_func += ['_WPe_open'] 17 | linux_func += ['_WPe_close'] 18 | linux_func += ['_WPe_waitpid'] 19 | linux_func += ['_WPe_creat'] 20 | linux_func += ['_WPe_link'] 21 | linux_func += ['_WPe_unlink'] 22 | linux_func += ['_WPe_execve'] 23 | linux_func += ['_WPe_chdir'] 24 | linux_func += ['_WPe_time'] 25 | linux_func += ['_WPe_mknod'] 26 | linux_func += ['_WPe_chmod'] 27 | linux_func += ['_WPe_lchown'] 28 | linux_func += ['_WPe_break'] 29 | linux_func += ['_WPe_oldstat'] 30 | linux_func += ['_WPe_lseek'] 31 | linux_func += ['_WPe_getpid'] 32 | linux_func += ['_WPe_mount'] 33 | linux_func += ['_WPe_umount'] 34 | linux_func += ['_WPe_setuid'] 35 | linux_func += ['_WPe_getuid'] 36 | linux_func += ['_WPe_stime'] 37 | linux_func += ['_WPe_ptrace'] 38 | linux_func += ['_WPe_alarm'] 39 | linux_func += ['_WPe_oldfstat'] 40 | linux_func += ['_WPe_pause'] 41 | linux_func += ['_WPe_utime'] 42 | linux_func += ['_WPe_stty'] 43 | linux_func += ['_WPe_gtty'] 44 | linux_func += ['_WPe_access'] 45 | linux_func += ['_WPe_nice'] 46 | linux_func += ['_WPe_ftime'] 47 | linux_func += ['_WPe_sync'] 48 | linux_func += ['_WPe_kill'] 49 | linux_func += ['_WPe_rename'] 50 | linux_func += ['_WPe_mkdir'] 51 | linux_func += ['_WPe_rmdir'] 52 | linux_func += ['_WPe_dup'] 53 | linux_func += ['_WPe_pipe'] 54 | linux_func += ['_WPe_times'] 55 | linux_func += ['_WPe_prof'] 56 | linux_func += ['_WPe_brk'] 57 | linux_func += ['_WPe_setgid'] 58 | linux_func += ['_WPe_getgid'] 59 | linux_func += ['_WPe_signal'] 60 | linux_func += ['_WPe_geteuid'] 61 | linux_func += ['_WPe_getegid'] 62 | linux_func += ['_WPe_acct'] 63 | linux_func += ['_WPe_umount2'] 64 | linux_func += ['_WPe_lock'] 65 | linux_func += ['_WPe_ioctl'] 66 | linux_func += ['_WPe_fcntl'] 67 | linux_func += ['_WPe_mpx'] 68 | linux_func += ['_WPe_setpgid'] 69 | linux_func += ['_WPe_ulimit'] 70 | linux_func += ['_WPe_oldolduname'] 71 | linux_func += ['_WPe_umask'] 72 | linux_func += ['_WPe_chroot'] 73 | linux_func += ['_WPe_ustat'] 74 | linux_func += ['_WPe_dup2'] 75 | linux_func += ['_WPe_getppid'] 76 | linux_func += ['_WPe_getpgrp'] 77 | linux_func += ['_WPe_setsid'] 78 | linux_func += ['_WPe_sigaction'] 79 | linux_func += ['_WPe_sgetmask'] 80 | linux_func += ['_WPe_ssetmask'] 81 | linux_func += ['_WPe_setreuid'] 82 | linux_func += ['_WPe_setregid'] 83 | linux_func += ['_WPe_sigsuspend'] 84 | linux_func += ['_WPe_sigpending'] 85 | linux_func += ['_WPe_sethostname'] 86 | linux_func += ['_WPe_setrlimit'] 87 | linux_func += ['_WPe_getrlimit'] 88 | linux_func += ['_WPe_getrusage'] 89 | linux_func += ['_WPe_gettimeofday'] 90 | linux_func += ['_WPe_settimeofday'] 91 | linux_func += ['_WPe_getgroups'] 92 | linux_func += ['_WPe_setgroups'] 93 | linux_func += ['_WPe_select'] 94 | linux_func += ['_WPe_symlink'] 95 | linux_func += ['_WPe_oldlstat'] 96 | linux_func += ['_WPe_readlink'] 97 | linux_func += ['_WPe_uselib'] 98 | linux_func += ['_WPe_swapon'] 99 | linux_func += ['_WPe_reboot'] 100 | linux_func += ['_WPe_readdir'] 101 | linux_func += ['_WPe_mmap'] 102 | linux_func += ['_WPe_munmap'] 103 | linux_func += ['_WPe_truncate'] 104 | linux_func += ['_WPe_ftruncate'] 105 | linux_func += ['_WPe_fchmod'] 106 | linux_func += ['_WPe_fchown'] 107 | linux_func += ['_WPe_getpriority'] 108 | linux_func += ['_WPe_setpriority'] 109 | linux_func += ['_WPe_profil'] 110 | linux_func += ['_WPe_statfs'] 111 | linux_func += ['_WPe_fstatfs'] 112 | linux_func += ['_WPe_ioperm'] 113 | linux_func += ['_WPe_socketcall'] 114 | linux_func += ['_WPe_syslog'] 115 | linux_func += ['_WPe_setitimer'] 116 | linux_func += ['_WPe_getitimer'] 117 | linux_func += ['_WPe_stat'] 118 | linux_func += ['_WPe_lstat'] 119 | linux_func += ['_WPe_fstat'] 120 | linux_func += ['_WPe_olduname'] 121 | linux_func += ['_WPe_iopl'] 122 | linux_func += ['_WPe_vhangup'] 123 | linux_func += ['_WPe_idle'] 124 | linux_func += ['_WPe_vm86old'] 125 | linux_func += ['_WPe_wait4'] 126 | linux_func += ['_WPe_swapoff'] 127 | linux_func += ['_WPe_sysinfo'] 128 | linux_func += ['_WPe_ipc'] 129 | linux_func += ['_WPe_fsync'] 130 | linux_func += ['_WPe_sigreturn'] 131 | linux_func += ['_WPe_clone'] 132 | linux_func += ['_WPe_setdomainname'] 133 | linux_func += ['_WPe_uname'] 134 | linux_func += ['_WPe_modify_ldt'] 135 | linux_func += ['_WPe_adjtimex'] 136 | linux_func += ['_WPe_mprotect'] 137 | linux_func += ['_WPe_sigprocmask'] 138 | linux_func += ['_WPe_create_module'] 139 | linux_func += ['_WPe_init_module'] 140 | linux_func += ['_WPe_delete_module'] 141 | linux_func += ['_WPe_get_kernel_syms'] 142 | linux_func += ['_WPe_quotactl'] 143 | linux_func += ['_WPe_getpgid'] 144 | linux_func += ['_WPe_fchdir'] 145 | linux_func += ['_WPe_bdflush'] 146 | linux_func += ['_WPe_sysfs'] 147 | linux_func += ['_WPe_personality'] 148 | linux_func += ['_WPe_afs_syscall'] 149 | linux_func += ['_WPe_setfsuid'] 150 | linux_func += ['_WPe_setfsgid'] 151 | linux_func += ['_WPe__llseek'] 152 | linux_func += ['_WPe_getdents'] 153 | linux_func += ['_WPe__newselect'] 154 | linux_func += ['_WPe_flock'] 155 | linux_func += ['_WPe_msync'] 156 | linux_func += ['_WPe_readv'] 157 | linux_func += ['_WPe_writev'] 158 | linux_func += ['_WPe_getsid'] 159 | linux_func += ['_WPe_fdatasync'] 160 | linux_func += ['_WPe__sysctl'] 161 | linux_func += ['_WPe_mlock'] 162 | linux_func += ['_WPe_munlock'] 163 | linux_func += ['_WPe_mlockall'] 164 | linux_func += ['_WPe_munlockall'] 165 | linux_func += ['_WPe_sched_setparam'] 166 | linux_func += ['_WPe_sched_getparam'] 167 | linux_func += ['_WPe_sched_setscheduler'] 168 | linux_func += ['_WPe_sched_getscheduler'] 169 | linux_func += ['_WPe_sched_yield'] 170 | linux_func += ['_WPe_sched_get_priority_max'] 171 | linux_func += ['_WPe_sched_get_priority_min'] 172 | linux_func += ['_WPe_sched_rr_get_interval'] 173 | linux_func += ['_WPe_nanosleep'] 174 | linux_func += ['_WPe_mremap'] 175 | linux_func += ['_WPe_setresuid'] 176 | linux_func += ['_WPe_getresuid'] 177 | linux_func += ['_WPe_vm86'] 178 | linux_func += ['_WPe_query_module'] 179 | linux_func += ['_WPe_poll'] 180 | linux_func += ['_WPe_nfsservctl'] 181 | linux_func += ['_WPe_setresgid'] 182 | linux_func += ['_WPe_getresgid'] 183 | linux_func += ['_WPe_prctl'] 184 | linux_func += ['_WPe_rt_sigreturn'] 185 | linux_func += ['_WPe_rt_sigaction'] 186 | linux_func += ['_WPe_rt_sigprocmask'] 187 | linux_func += ['_WPe_rt_sigpending'] 188 | linux_func += ['_WPe_rt_sigtimedwait'] 189 | linux_func += ['_WPe_rt_sigqueueinfo'] 190 | linux_func += ['_WPe_rt_sigsuspend'] 191 | linux_func += ['_WPe_pread64'] 192 | linux_func += ['_WPe_pwrite64'] 193 | linux_func += ['_WPe_chown'] 194 | linux_func += ['_WPe_getcwd'] 195 | linux_func += ['_WPe_capget'] 196 | linux_func += ['_WPe_capset'] 197 | linux_func += ['_WPe_sigaltstack'] 198 | linux_func += ['_WPe_sendfile'] 199 | linux_func += ['_WPe_getpmsg'] 200 | linux_func += ['_WPe_putpmsg'] 201 | linux_func += ['_WPe_vfork'] 202 | linux_func += ['_WPe_ugetrlimit'] 203 | linux_func += ['_WPe_mmap2'] 204 | linux_func += ['_WPe_truncate64'] 205 | linux_func += ['_WPe_ftruncate64'] 206 | linux_func += ['_WPe_stat64'] 207 | linux_func += ['_WPe_lstat64'] 208 | linux_func += ['_WPe_fstat64'] 209 | linux_func += ['_WPe_lchown32'] 210 | linux_func += ['_WPe_getuid32'] 211 | linux_func += ['_WPe_getgid32'] 212 | linux_func += ['_WPe_geteuid32'] 213 | linux_func += ['_WPe_getegid32'] 214 | linux_func += ['_WPe_setreuid32'] 215 | linux_func += ['_WPe_setregid32'] 216 | linux_func += ['_WPe_getgroups32'] 217 | linux_func += ['_WPe_setgroups32'] 218 | linux_func += ['_WPe_fchown32'] 219 | linux_func += ['_WPe_setresuid32'] 220 | linux_func += ['_WPe_getresuid32'] 221 | linux_func += ['_WPe_setresgid32'] 222 | linux_func += ['_WPe_getresgid32'] 223 | linux_func += ['_WPe_chown32'] 224 | linux_func += ['_WPe_setuid32'] 225 | linux_func += ['_WPe_setgid32'] 226 | linux_func += ['_WPe_setfsuid32'] 227 | linux_func += ['_WPe_setfsgid32'] 228 | linux_func += ['_WPe_pivot_root'] 229 | linux_func += ['_WPe_mincore'] 230 | linux_func += ['_WPe_madvise'] 231 | linux_func += ['_WPe_getdents64'] 232 | linux_func += ['_WPe_fcntl64'] 233 | linux_func += ['_WPe_not implemented'] 234 | linux_func += ['_WPe_not implemented'] 235 | linux_func += ['_WPe_gettid'] 236 | linux_func += ['_WPe_readahead'] 237 | linux_func += ['_WPe_setxattr'] 238 | linux_func += ['_WPe_lsetxattr'] 239 | linux_func += ['_WPe_fsetxattr'] 240 | linux_func += ['_WPe_getxattr'] 241 | linux_func += ['_WPe_lgetxattr'] 242 | linux_func += ['_WPe_fgetxattr'] 243 | linux_func += ['_WPe_listxattr'] 244 | linux_func += ['_WPe_llistxattr'] 245 | linux_func += ['_WPe_flistxattr'] 246 | linux_func += ['_WPe_removexattr'] 247 | linux_func += ['_WPe_lremovexattr'] 248 | linux_func += ['_WPe_fremovexattr'] 249 | linux_func += ['_WPe_tkill'] 250 | linux_func += ['_WPe_sendfile64'] 251 | linux_func += ['_WPe_futex'] 252 | linux_func += ['_WPe_sched_setaffinity'] 253 | linux_func += ['_WPe_sched_getaffinity'] 254 | linux_func += ['_WPe_set_thread_area'] 255 | linux_func += ['_WPe_get_thread_area'] 256 | linux_func += ['_WPe_io_setup'] 257 | linux_func += ['_WPe_io_destroy'] 258 | linux_func += ['_WPe_io_getevents'] 259 | linux_func += ['_WPe_io_submit'] 260 | linux_func += ['_WPe_io_cancel'] 261 | linux_func += ['_WPe_fadvise64'] 262 | linux_func += ['_WPe_not implemented'] 263 | linux_func += ['_WPe_exit_group'] 264 | linux_func += ['_WPe_lookup_dcookie'] 265 | linux_func += ['_WPe_epoll_create'] 266 | linux_func += ['_WPe_epoll_ctl'] 267 | linux_func += ['_WPe_epoll_wait'] 268 | linux_func += ['_WPe_remap_file_pages'] 269 | linux_func += ['_WPe_set_tid_address'] 270 | linux_func += ['_WPe_timer_create'] 271 | linux_func += ['_WPe_timer_settime'] 272 | linux_func += ['_WPe_timer_gettime'] 273 | linux_func += ['_WPe_timer_getoverrun'] 274 | linux_func += ['_WPe_timer_delete'] 275 | linux_func += ['_WPe_clock_settime'] 276 | linux_func += ['_WPe_clock_gettime'] 277 | linux_func += ['_WPe_clock_getres'] 278 | linux_func += ['_WPe_clock_nanosleep'] 279 | linux_func += ['_WPe_statfs64'] 280 | linux_func += ['_WPe_fstatfs64'] 281 | linux_func += ['_WPe_tgkill'] 282 | linux_func += ['_WPe_utimes'] 283 | linux_func += ['_WPe_fadvise64_64'] 284 | linux_func += ['_WPe_vserver'] 285 | linux_func += ['_WPe_mbind'] 286 | linux_func += ['_WPe_get_mempolicy'] 287 | linux_func += ['_WPe_set_mempolicy'] 288 | linux_func += ['_WPe_mq_open'] 289 | linux_func += ['_WPe_mq_unlink'] 290 | linux_func += ['_WPe_mq_timedsend'] 291 | linux_func += ['_WPe_mq_timedreceive'] 292 | linux_func += ['_WPe_mq_notify'] 293 | linux_func += ['_WPe_mq_getsetattr'] 294 | linux_func += ['_WPe_kexec_load'] 295 | linux_func += ['_WPe_waitid'] 296 | linux_func += ['_WPe_not implemented'] 297 | linux_func += ['_WPe_add_key'] 298 | linux_func += ['_WPe_request_key'] 299 | linux_func += ['_WPe_keyctl'] 300 | linux_func += ['_WPe_ioprio_set'] 301 | linux_func += ['_WPe_ioprio_get'] 302 | linux_func += ['_WPe_inotify_init'] 303 | linux_func += ['_WPe_inotify_add_watch'] 304 | linux_func += ['_WPe_inotify_rm_watch'] 305 | linux_func += ['_WPe_migrate_pages'] 306 | linux_func += ['_WPe_openat'] 307 | linux_func += ['_WPe_mkdirat'] 308 | linux_func += ['_WPe_mknodat'] 309 | linux_func += ['_WPe_fchownat'] 310 | linux_func += ['_WPe_futimesat'] 311 | linux_func += ['_WPe_fstatat64'] 312 | linux_func += ['_WPe_unlinkat'] 313 | linux_func += ['_WPe_renameat'] 314 | linux_func += ['_WPe_linkat'] 315 | linux_func += ['_WPe_symlinkat'] 316 | linux_func += ['_WPe_readlinkat'] 317 | linux_func += ['_WPe_fchmodat'] 318 | linux_func += ['_WPe_faccessat'] 319 | linux_func += ['_WPe_pselect6'] 320 | linux_func += ['_WPe_ppoll'] 321 | linux_func += ['_WPe_unshare'] 322 | linux_func += ['_WPe_set_robust_list'] 323 | linux_func += ['_WPe_get_robust_list'] 324 | linux_func += ['_WPe_splice'] 325 | linux_func += ['_WPe_sync_file_range'] 326 | linux_func += ['_WPe_tee'] 327 | linux_func += ['_WPe_vmsplice'] 328 | linux_func += ['_WPe_move_pages'] 329 | linux_func += ['_WPe_getcpu'] 330 | linux_func += ['_WPe_epoll_pwait'] 331 | linux_func += ['_WPe_utimensat'] 332 | linux_func += ['_WPe_signalfd'] 333 | linux_func += ['_WPe_timerfd_create'] 334 | linux_func += ['_WPe_eventfd'] 335 | linux_func += ['_WPe_fallocate'] 336 | linux_func += ['_WPe_timerfd_settime'] 337 | linux_func += ['_WPe_timerfd_gettime'] 338 | linux_func += ['_WPe_signalfd4'] 339 | linux_func += ['_WPe_eventfd2'] 340 | linux_func += ['_WPe_epoll_create1'] 341 | linux_func += ['_WPe_dup3'] 342 | linux_func += ['_WPe_pipe2'] 343 | linux_func += ['_WPe_inotify_init1'] 344 | linux_func += ['_WPe_preadv'] 345 | linux_func += ['_WPe_pwritev'] 346 | linux_func += ['_WPe_rt_tgsigqueueinfo'] 347 | linux_func += ['_WPe_perf_event_open'] 348 | linux_func += ['_WPe_recvmmsg'] 349 | linux_func += ['_WPe_fanotify_init'] 350 | linux_func += ['_WPe_fanotify_mark'] 351 | linux_func += ['_WPe_prlimit64'] 352 | linux_func += ['_WPe_name_to_handle_at'] 353 | linux_func += ['_WPe_open_by_handle_at'] 354 | linux_func += ['_WPe_clock_adjtime'] 355 | linux_func += ['_WPe_syncfs'] 356 | linux_func += ['_WPe_sendmmsg'] 357 | linux_func += ['_WPe_setns'] 358 | linux_func += ['_WPe_process_vm_readv'] 359 | linux_func += ['_WPe_process_vm_writev'] 360 | linux_func += ['_WPe_kcmp'] 361 | linux_func += ['_WPe_finit_module'] 362 | linux_func += ['_WPe_sched_setattr'] 363 | linux_func += ['_WPe_sched_getattr'] 364 | linux_func += ['_WPe_renameat2'] 365 | linux_func += ['_WPe_seccomp'] 366 | linux_func += ['_WPe_getrandom'] 367 | linux_func += ['_WPe_memfd_create'] 368 | linux_func += ['_WPe_bpf'] 369 | linux_func += ['_WPe_execveat'] 370 | linux_func += ['_WPe_socket'] 371 | linux_func += ['_WPe_socketpair'] 372 | linux_func += ['_WPe_bind'] 373 | linux_func += ['_WPe_connect'] 374 | linux_func += ['_WPe_listen'] 375 | linux_func += ['_WPe_accept4'] 376 | linux_func += ['_WPe_getsockopt'] 377 | linux_func += ['_WPe_setsockopt'] 378 | linux_func += ['_WPe_getsockname'] 379 | linux_func += ['_WPe_getpeername'] 380 | linux_func += ['_WPe_sendto'] 381 | linux_func += ['_WPe_sendmsg'] 382 | linux_func += ['_WPe_recvfrom'] 383 | linux_func += ['_WPe_recvmsg'] 384 | linux_func += ['_WPe_shutdown'] 385 | linux_func += ['_WPe_userfaultfd'] 386 | linux_func += ['_WPe_membarrier'] 387 | linux_func += ['_WPe_mlock2'] 388 | linux_func += ['_WPe_copy_file_range'] 389 | linux_func += ['_WPe_preadv2'] 390 | linux_func += ['_WPe_pwritev2'] 391 | linux_func += ['_WPe_pkey_mprotect'] 392 | linux_func += ['_WPe_pkey_alloc'] 393 | linux_func += ['_WPe_pkey_free'] 394 | linux_func += ['_WPe_statx'] 395 | linux_func += ['_WPe_arch_prctl'] 396 | socket_func = [''] 397 | socket_func += ['socket'] 398 | socket_func += ['bind'] 399 | socket_func += ['connect'] 400 | socket_func += ['listen'] 401 | socket_func += ['accept'] 402 | socket_func += ['getsockname'] 403 | socket_func += ['getpeername'] 404 | socket_func += ['socketpair'] 405 | socket_func += ['send'] 406 | socket_func += ['recv'] 407 | socket_func += ['sendto'] 408 | socket_func += ['recvfrom'] 409 | socket_func += ['shutdown'] 410 | socket_func += ['setsockopt'] 411 | socket_func += ['getsockopt'] 412 | socket_func += ['sendmsg'] 413 | socket_func += ['recvmsg'] 414 | socket_func += ['accept4'] 415 | socket_func += ['recvmmsg'] 416 | socket_func += ['sendmmsg'] 417 | 418 | def ReName(): 419 | sum = 0 420 | for func in idautils.Functions(): 421 | dism_addr = list(idautils.FuncItems(func)) 422 | for line in dism_addr: 423 | m = idc.print_insn_mnem(line) 424 | if m == 'int': 425 | op = idc.GetDisasm(line - 5) 426 | if len(re.findall(r'mov eax,*', op)) == 0: 427 | continue 428 | op = re.findall(r',.*', op) 429 | if ';' in op[0]: 430 | op = op[0].split(';')[0] 431 | opString = ''.join(op) 432 | opString = opString.replace(',', '').replace('h', '') 433 | CallNumber = int(opString, 16) 434 | address = idc.get_name_ea_simple(idc.get_func_name(line)) 435 | flag = 0 436 | for func in idautils.Functions(): 437 | name = idc.get_func_name(func) 438 | if name == linux_func[CallNumber]: 439 | flag = 1 440 | if flag == 0: 441 | if linux_func[CallNumber] == "_WPe_socketcall": 442 | funcStartAddr = idc.get_func_attr(line, idc.FUNCATTR_START) 443 | xrefs = list(idautils.XrefsTo(funcStartAddr)) 444 | for xrefAddr in xrefs: 445 | socketop = idc.print_operand(idc.prev_head(xrefAddr.frm), 0) 446 | opString = socketop.replace('h', '') 447 | socketNumber = int(opString, 16) 448 | xrefAddrFunc = idc.get_func_attr(xrefAddr.frm, idc.FUNCATTR_START) 449 | print(socket_func[socketNumber]) 450 | idc.set_name(xrefAddrFunc, socket_func[socketNumber], idc.SN_CHECK) 451 | else: 452 | print(linux_func[CallNumber]) 453 | idc.set_name(address, linux_func[CallNumber], idc.SN_CHECK) 454 | sum += 1 455 | continue 456 | print("LinuxFuncFinder_x86 finished！总共重命名%d个函数" %sum) 457 | 458 | def GetMainFunc(func): 459 | end = idc.prev_head(func.end_ea) 460 | initMainAddr = idc.get_name_ea_simple(idc.print_operand(end, 0)) 461 | mainOP = idc.print_operand(idc.prev_head(end), 0) 462 | if "sub" in mainOP: 463 | mainAddr = int(mainOP.split("sub_")[1], 16) 464 | print("main address = 0x%x" %mainAddr) 465 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 466 | idc.set_name(mainAddr, "main", SN_FORCE) 467 | elif "loc" in mainOP: 468 | mainAddr = int(mainOP.split("loc_")[1], 16) 469 | print("main address = 0x%x" %mainAddr) 470 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 471 | idc.set_name(mainAddr, "main", SN_FORCE) 472 | elif "unk" in mainOP: 473 | mainAddr = int(mainOP.split("unk_")[1], 16) 474 | print("main address = 0x%x" %mainAddr) 475 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 476 | idc.set_name(mainAddr, "main", SN_FORCE) 477 | 478 | def RenameStartFunc(): 479 | startAddr = idc.get_name_ea_simple("start") 480 | func = idaapi.get_func(startAddr) 481 | if func != None: 482 | GetMainFunc(func) 483 | else: 484 | startAddr = idc.get_name_ea_simple("_start") 485 | func = idaapi.get_func(startAddr) 486 | if func != None: 487 | GetMainFunc(func) 488 | 489 | def main(): 490 | ReName() 491 | RenameStartFunc() 492 | 493 | if __name__ == "__main__": 494 | main() -------------------------------------------------------------------------------- /LffPlugDir_WPeace/LinuxFuncFinder_PPC32.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | import idc 3 | import idautils 4 | import re 5 | import idaapi 6 | 7 | SN_FORCE = 0x800 8 | 9 | linux_func = [] 10 | linux_func += ['_WPe_restart_syscall'] 11 | linux_func += ['_WPe_exit'] 12 | linux_func += ['_WPe_fork'] 13 | linux_func += ['_WPe_read'] 14 | linux_func += ['_WPe_write'] 15 | linux_func += ['_WPe_open'] 16 | linux_func += ['_WPe_close'] 17 | linux_func += ['_WPe_waitpid'] 18 | linux_func += ['_WPe_creat'] 19 | linux_func += ['_WPe_link'] 20 | linux_func += ['_WPe_unlink'] 21 | linux_func += ['_WPe_execve'] 22 | linux_func += ['_WPe_chdir'] 23 | linux_func += ['_WPe_time'] 24 | linux_func += ['_WPe_mknod'] 25 | linux_func += ['_WPe_chmod'] 26 | linux_func += ['_WPe_lchown'] 27 | linux_func += ['_WPe_break'] 28 | linux_func += ['_WPe_oldstat'] 29 | linux_func += ['_WPe_lseek'] 30 | linux_func += ['_WPe_getpid'] 31 | linux_func += ['_WPe_mount'] 32 | linux_func += ['_WPe_umount'] 33 | linux_func += ['_WPe_setuid'] 34 | linux_func += ['_WPe_getuid'] 35 | linux_func += ['_WPe_stime'] 36 | linux_func += ['_WPe_ptrace'] 37 | linux_func += ['_WPe_alarm'] 38 | linux_func += ['_WPe_oldfstat'] 39 | linux_func += ['_WPe_pause'] 40 | linux_func += ['_WPe_utime'] 41 | linux_func += ['_WPe_stty'] 42 | linux_func += ['_WPe_gtty'] 43 | linux_func += ['_WPe_access'] 44 | linux_func += ['_WPe_nice'] 45 | linux_func += ['_WPe_ftime'] 46 | linux_func += ['_WPe_sync'] 47 | linux_func += ['_WPe_kill'] 48 | linux_func += ['_WPe_rename'] 49 | linux_func += ['_WPe_mkdir'] 50 | linux_func += ['_WPe_rmdir'] 51 | linux_func += ['_WPe_dup'] 52 | linux_func += ['_WPe_pipe'] 53 | linux_func += ['_WPe_times'] 54 | linux_func += ['_WPe_prof'] 55 | linux_func += ['_WPe_brk'] 56 | linux_func += ['_WPe_setgid'] 57 | linux_func += ['_WPe_getgid'] 58 | linux_func += ['_WPe_signal'] 59 | linux_func += ['_WPe_geteuid'] 60 | linux_func += ['_WPe_getegid'] 61 | linux_func += ['_WPe_acct'] 62 | linux_func += ['_WPe_umount2'] 63 | linux_func += ['_WPe_lock'] 64 | linux_func += ['_WPe_ioctl'] 65 | linux_func += ['_WPe_fcntl'] 66 | linux_func += ['_WPe_mpx'] 67 | linux_func += ['_WPe_setpgid'] 68 | linux_func += ['_WPe_ulimit'] 69 | linux_func += ['_WPe_oldolduname'] 70 | linux_func += ['_WPe_umask'] 71 | linux_func += ['_WPe_chroot'] 72 | linux_func += ['_WPe_ustat'] 73 | linux_func += ['_WPe_dup2'] 74 | linux_func += ['_WPe_getppid'] 75 | linux_func += ['_WPe_getpgrp'] 76 | linux_func += ['_WPe_setsid'] 77 | linux_func += ['_WPe_sigaction'] 78 | linux_func += ['_WPe_sgetmask'] 79 | linux_func += ['_WPe_ssetmask'] 80 | linux_func += ['_WPe_setreuid'] 81 | linux_func += ['_WPe_setregid'] 82 | linux_func += ['_WPe_sigsuspend'] 83 | linux_func += ['_WPe_sigpending'] 84 | linux_func += ['_WPe_sethostname'] 85 | linux_func += ['_WPe_setrlimit'] 86 | linux_func += ['_WPe_getrlimit'] 87 | linux_func += ['_WPe_getrusage'] 88 | linux_func += ['_WPe_gettimeofday'] 89 | linux_func += ['_WPe_settimeofday'] 90 | linux_func += ['_WPe_getgroups'] 91 | linux_func += ['_WPe_setgroups'] 92 | linux_func += ['_WPe_select'] 93 | linux_func += ['_WPe_symlink'] 94 | linux_func += ['_WPe_oldlstat'] 95 | linux_func += ['_WPe_readlink'] 96 | linux_func += ['_WPe_uselib'] 97 | linux_func += ['_WPe_swapon'] 98 | linux_func += ['_WPe_reboot'] 99 | linux_func += ['_WPe_readdir'] 100 | linux_func += ['_WPe_mmap'] 101 | linux_func += ['_WPe_munmap'] 102 | linux_func += ['_WPe_truncate'] 103 | linux_func += ['_WPe_ftruncate'] 104 | linux_func += ['_WPe_fchmod'] 105 | linux_func += ['_WPe_fchown'] 106 | linux_func += ['_WPe_getpriority'] 107 | linux_func += ['_WPe_setpriority'] 108 | linux_func += ['_WPe_profil'] 109 | linux_func += ['_WPe_statfs'] 110 | linux_func += ['_WPe_fstatfs'] 111 | linux_func += ['_WPe_ioperm'] 112 | linux_func += ['_WPe_socketcall'] 113 | linux_func += ['_WPe_syslog'] 114 | linux_func += ['_WPe_setitimer'] 115 | linux_func += ['_WPe_getitimer'] 116 | linux_func += ['_WPe_stat'] 117 | linux_func += ['_WPe_lstat'] 118 | linux_func += ['_WPe_fstat'] 119 | linux_func += ['_WPe_olduname'] 120 | linux_func += ['_WPe_iopl'] 121 | linux_func += ['_WPe_vhangup'] 122 | linux_func += ['_WPe_idle'] 123 | linux_func += ['_WPe_vm86'] 124 | linux_func += ['_WPe_wait4'] 125 | linux_func += ['_WPe_swapoff'] 126 | linux_func += ['_WPe_sysinfo'] 127 | linux_func += ['_WPe_ipc'] 128 | linux_func += ['_WPe_fsync'] 129 | linux_func += ['_WPe_sigreturn'] 130 | linux_func += ['_WPe_clone'] 131 | linux_func += ['_WPe_setdomainname'] 132 | linux_func += ['_WPe_uname'] 133 | linux_func += ['_WPe_modify_ldt'] 134 | linux_func += ['_WPe_adjtimex'] 135 | linux_func += ['_WPe_mprotect'] 136 | linux_func += ['_WPe_sigprocmask'] 137 | linux_func += ['_WPe_create_module'] 138 | linux_func += ['_WPe_init_module'] 139 | linux_func += ['_WPe_delete_module'] 140 | linux_func += ['_WPe_get_kernel_syms'] 141 | linux_func += ['_WPe_quotactl'] 142 | linux_func += ['_WPe_getpgid'] 143 | linux_func += ['_WPe_fchdir'] 144 | linux_func += ['_WPe_bdflush'] 145 | linux_func += ['_WPe_sysfs'] 146 | linux_func += ['_WPe_personality'] 147 | linux_func += ['_WPe_afs_syscall'] 148 | linux_func += ['_WPe_setfsuid'] 149 | linux_func += ['_WPe_setfsgid'] 150 | linux_func += ['_WPe__llseek'] 151 | linux_func += ['_WPe_getdents'] 152 | linux_func += ['_WPe__newselect'] 153 | linux_func += ['_WPe_flock'] 154 | linux_func += ['_WPe_msync'] 155 | linux_func += ['_WPe_readv'] 156 | linux_func += ['_WPe_writev'] 157 | linux_func += ['_WPe_getsid'] 158 | linux_func += ['_WPe_fdatasync'] 159 | linux_func += ['_WPe__sysctl'] 160 | linux_func += ['_WPe_mlock'] 161 | linux_func += ['_WPe_munlock'] 162 | linux_func += ['_WPe_mlockall'] 163 | linux_func += ['_WPe_munlockall'] 164 | linux_func += ['_WPe_sched_setparam'] 165 | linux_func += ['_WPe_sched_getparam'] 166 | linux_func += ['_WPe_sched_setscheduler'] 167 | linux_func += ['_WPe_sched_getscheduler'] 168 | linux_func += ['_WPe_sched_yield'] 169 | linux_func += ['_WPe_sched_get_priority_max'] 170 | linux_func += ['_WPe_sched_get_priority_min'] 171 | linux_func += ['_WPe_sched_rr_get_interval'] 172 | linux_func += ['_WPe_nanosleep'] 173 | linux_func += ['_WPe_mremap'] 174 | linux_func += ['_WPe_setresuid'] 175 | linux_func += ['_WPe_getresuid'] 176 | linux_func += ['_WPe_query_module'] 177 | linux_func += ['_WPe_poll'] 178 | linux_func += ['_WPe_nfsservctl'] 179 | linux_func += ['_WPe_setresgid'] 180 | linux_func += ['_WPe_getresgid'] 181 | linux_func += ['_WPe_prctl'] 182 | linux_func += ['_WPe_rt_sigreturn'] 183 | linux_func += ['_WPe_rt_sigaction'] 184 | linux_func += ['_WPe_rt_sigprocmask'] 185 | linux_func += ['_WPe_rt_sigpending'] 186 | linux_func += ['_WPe_rt_sigtimedwait'] 187 | linux_func += ['_WPe_rt_sigqueueinfo'] 188 | linux_func += ['_WPe_rt_sigsuspend'] 189 | linux_func += ['_WPe_pread64'] 190 | linux_func += ['_WPe_pwrite64'] 191 | linux_func += ['_WPe_chown'] 192 | linux_func += ['_WPe_getcwd'] 193 | linux_func += ['_WPe_capget'] 194 | linux_func += ['_WPe_capset'] 195 | linux_func += ['_WPe_sigaltstack'] 196 | linux_func += ['_WPe_sendfile'] 197 | linux_func += ['_WPe_getpmsg'] 198 | linux_func += ['_WPe_putpmsg'] 199 | linux_func += ['_WPe_vfork'] 200 | linux_func += ['_WPe_ugetrlimit'] 201 | linux_func += ['_WPe_readahead'] 202 | linux_func += ['_WPe_mmap2'] 203 | linux_func += ['_WPe_truncate64'] 204 | linux_func += ['_WPe_ftruncate64'] 205 | linux_func += ['_WPe_stat64'] 206 | linux_func += ['_WPe_lstat64'] 207 | linux_func += ['_WPe_fstat64'] 208 | linux_func += ['_WPe_pciconfig_read'] 209 | linux_func += ['_WPe_pciconfig_write'] 210 | linux_func += ['_WPe_pciconfig_iobase'] 211 | linux_func += ['_WPe_multiplexer'] 212 | linux_func += ['_WPe_getdents64'] 213 | linux_func += ['_WPe_pivot_root'] 214 | linux_func += ['_WPe_fcntl64'] 215 | linux_func += ['_WPe_madvise'] 216 | linux_func += ['_WPe_mincore'] 217 | linux_func += ['_WPe_gettid'] 218 | linux_func += ['_WPe_tkill'] 219 | linux_func += ['_WPe_setxattr'] 220 | linux_func += ['_WPe_lsetxattr'] 221 | linux_func += ['_WPe_fsetxattr'] 222 | linux_func += ['_WPe_getxattr'] 223 | linux_func += ['_WPe_lgetxattr'] 224 | linux_func += ['_WPe_fgetxattr'] 225 | linux_func += ['_WPe_listxattr'] 226 | linux_func += ['_WPe_llistxattr'] 227 | linux_func += ['_WPe_flistxattr'] 228 | linux_func += ['_WPe_removexattr'] 229 | linux_func += ['_WPe_lremovexattr'] 230 | linux_func += ['_WPe_fremovexattr'] 231 | linux_func += ['_WPe_futex'] 232 | linux_func += ['_WPe_sched_setaffinity'] 233 | linux_func += ['_WPe_sched_getaffinity'] 234 | linux_func += ['_WPe_Unused'] 235 | linux_func += ['_WPe_tuxcall'] 236 | linux_func += ['_WPe_sendfile64'] 237 | linux_func += ['_WPe_io_setup'] 238 | linux_func += ['_WPe_io_destroy'] 239 | linux_func += ['_WPe_io_getevents'] 240 | linux_func += ['_WPe_io_submit'] 241 | linux_func += ['_WPe_io_cancel'] 242 | linux_func += ['_WPe_set_tid_address'] 243 | linux_func += ['_WPe_fadvise64'] 244 | linux_func += ['_WPe_exit_group'] 245 | linux_func += ['_WPe_lookup_dcookie'] 246 | linux_func += ['_WPe_epoll_create'] 247 | linux_func += ['_WPe_epoll_ctl'] 248 | linux_func += ['_WPe_epoll_wait'] 249 | linux_func += ['_WPe_remap_file_pages'] 250 | linux_func += ['_WPe_timer_create'] 251 | linux_func += ['_WPe_timer_settime'] 252 | linux_func += ['_WPe_timer_gettime'] 253 | linux_func += ['_WPe_timer_getoverrun'] 254 | linux_func += ['_WPe_timer_delete'] 255 | linux_func += ['_WPe_clock_settime'] 256 | linux_func += ['_WPe_clock_gettime'] 257 | linux_func += ['_WPe_clock_getres'] 258 | linux_func += ['_WPe_clock_nanosleep'] 259 | linux_func += ['_WPe_swapcontext'] 260 | linux_func += ['_WPe_tgkill'] 261 | linux_func += ['_WPe_utimes'] 262 | linux_func += ['_WPe_statfs64'] 263 | linux_func += ['_WPe_fstatfs64'] 264 | linux_func += ['_WPe_fadvise64_64'] 265 | linux_func += ['_WPe_rtas'] 266 | linux_func += ['_WPe_sys_debug_setcontext'] 267 | linux_func += ['_WPe_reserved_for_vserver'] 268 | linux_func += ['_WPe_migrate_pages'] 269 | linux_func += ['_WPe_mbind'] 270 | linux_func += ['_WPe_get_mempolicy'] 271 | linux_func += ['_WPe_set_mempolicy'] 272 | linux_func += ['_WPe_mq_open'] 273 | linux_func += ['_WPe_mq_unlink'] 274 | linux_func += ['_WPe_mq_timedsend'] 275 | linux_func += ['_WPe_mq_timedreceive'] 276 | linux_func += ['_WPe_mq_notify'] 277 | linux_func += ['_WPe_mq_getsetattr'] 278 | linux_func += ['_WPe_kexec_load'] 279 | linux_func += ['_WPe_add_key'] 280 | linux_func += ['_WPe_request_key'] 281 | linux_func += ['_WPe_keyctl'] 282 | linux_func += ['_WPe_waitid'] 283 | linux_func += ['_WPe_ioprio_set'] 284 | linux_func += ['_WPe_ioprio_get'] 285 | linux_func += ['_WPe_inotify_init'] 286 | linux_func += ['_WPe_inotify_add_watch'] 287 | linux_func += ['_WPe_inotify_rm_watch'] 288 | linux_func += ['_WPe_spu_run'] 289 | linux_func += ['_WPe_spu_create'] 290 | linux_func += ['_WPe_pselect6'] 291 | linux_func += ['_WPe_ppoll'] 292 | linux_func += ['_WPe_unshare'] 293 | linux_func += ['_WPe_splice'] 294 | linux_func += ['_WPe_tee'] 295 | linux_func += ['_WPe_vmsplice'] 296 | linux_func += ['_WPe_openat'] 297 | linux_func += ['_WPe_mkdirat'] 298 | linux_func += ['_WPe_mknodat'] 299 | linux_func += ['_WPe_fchownat'] 300 | linux_func += ['_WPe_futimesat'] 301 | linux_func += ['_WPe_fstatat64'] 302 | linux_func += ['_WPe_unlinkat'] 303 | linux_func += ['_WPe_renameat'] 304 | linux_func += ['_WPe_linkat'] 305 | linux_func += ['_WPe_symlinkat'] 306 | linux_func += ['_WPe_readlinkat'] 307 | linux_func += ['_WPe_fchmodat'] 308 | linux_func += ['_WPe_faccessat'] 309 | linux_func += ['_WPe_get_robust_list'] 310 | linux_func += ['_WPe_set_robust_list'] 311 | linux_func += ['_WPe_move_pages'] 312 | linux_func += ['_WPe_getcpu'] 313 | linux_func += ['_WPe_epoll_pwait'] 314 | linux_func += ['_WPe_utimensat'] 315 | linux_func += ['_WPe_signalfd'] 316 | linux_func += ['_WPe_timerfd_create'] 317 | linux_func += ['_WPe_eventfd'] 318 | linux_func += ['_WPe_sync_file_range2'] 319 | linux_func += ['_WPe_fallocate'] 320 | linux_func += ['_WPe_subpage_prot'] 321 | linux_func += ['_WPe_timerfd_settime'] 322 | linux_func += ['_WPe_timerfd_gettime'] 323 | linux_func += ['_WPe_signalfd4'] 324 | linux_func += ['_WPe_eventfd2'] 325 | linux_func += ['_WPe_epoll_create1'] 326 | linux_func += ['_WPe_dup3'] 327 | linux_func += ['_WPe_pipe2'] 328 | linux_func += ['_WPe_inotify_init1'] 329 | linux_func += ['_WPe_perf_event_open'] 330 | linux_func += ['_WPe_preadv'] 331 | linux_func += ['_WPe_pwritev'] 332 | linux_func += ['_WPe_rt_tgsigqueueinfo'] 333 | linux_func += ['_WPe_fanotify_init'] 334 | linux_func += ['_WPe_fanotify_mark'] 335 | linux_func += ['_WPe_prlimit64'] 336 | linux_func += ['_WPe_socket'] 337 | linux_func += ['_WPe_bind'] 338 | linux_func += ['_WPe_connect'] 339 | linux_func += ['_WPe_listen'] 340 | linux_func += ['_WPe_accept'] 341 | linux_func += ['_WPe_getsockname'] 342 | linux_func += ['_WPe_getpeername'] 343 | linux_func += ['_WPe_socketpair'] 344 | linux_func += ['_WPe_send'] 345 | linux_func += ['_WPe_sendto'] 346 | linux_func += ['_WPe_recv'] 347 | linux_func += ['_WPe_recvfrom'] 348 | linux_func += ['_WPe_shutdown'] 349 | linux_func += ['_WPe_setsockopt'] 350 | linux_func += ['_WPe_getsockopt'] 351 | linux_func += ['_WPe_sendmsg'] 352 | linux_func += ['_WPe_recvmsg'] 353 | linux_func += ['_WPe_recvmmsg'] 354 | linux_func += ['_WPe_accept4'] 355 | linux_func += ['_WPe_name_to_handle_at'] 356 | linux_func += ['_WPe_open_by_handle_at'] 357 | linux_func += ['_WPe_clock_adjtime'] 358 | linux_func += ['_WPe_syncfs'] 359 | linux_func += ['_WPe_sendmmsg'] 360 | linux_func += ['_WPe_setns'] 361 | linux_func += ['_WPe_process_vm_readv'] 362 | linux_func += ['_WPe_process_vm_writev'] 363 | linux_func += ['_WPe_finit_module'] 364 | linux_func += ['_WPe_kcmp'] 365 | linux_func += ['_WPe_sched_setattr'] 366 | linux_func += ['_WPe_sched_getattr'] 367 | linux_func += ['_WPe_renameat2'] 368 | linux_func += ['_WPe_seccomp'] 369 | linux_func += ['_WPe_getrandom'] 370 | linux_func += ['_WPe_memfd_create'] 371 | linux_func += ['_WPe_bpf'] 372 | linux_func += ['_WPe_execveat'] 373 | linux_func += ['_WPe_switch_endian'] 374 | linux_func += ['_WPe_userfaultfd'] 375 | linux_func += ['_WPe_membarrier'] 376 | linux_func += ['_WPe_Unused'] 377 | linux_func += ['_WPe_Unused'] 378 | linux_func += ['_WPe_Unused'] 379 | linux_func += ['_WPe_Unused'] 380 | linux_func += ['_WPe_Unused'] 381 | linux_func += ['_WPe_Unused'] 382 | linux_func += ['_WPe_Unused'] 383 | linux_func += ['_WPe_Unused'] 384 | linux_func += ['_WPe_Unused'] 385 | linux_func += ['_WPe_Unused'] 386 | linux_func += ['_WPe_Unused'] 387 | linux_func += ['_WPe_Unused'] 388 | linux_func += ['_WPe_mlock2'] 389 | linux_func += ['_WPe_copy_file_range'] 390 | linux_func += ['_WPe_preadv2'] 391 | linux_func += ['_WPe_pwritev2'] 392 | linux_func += ['_WPe_kexec_file_load'] 393 | linux_func += ['_WPe_statx'] 394 | linux_func += ['_WPe_pkey_alloc'] 395 | linux_func += ['_WPe_pkey_free'] 396 | linux_func += ['_WPe_pkey_mprotect'] 397 | linux_func += ['_WPe_rseq'] 398 | linux_func += ['_WPe_io_pgetevents'] 399 | linux_func += ['_WPe_room_for_arch_specific_syscalls'] 400 | linux_func += ['_WPe_room_for_arch_specific_syscalls'] 401 | linux_func += ['_WPe_room_for_arch_specific_syscalls'] 402 | linux_func += ['_WPe_semtimedop'] 403 | linux_func += ['_WPe_semget'] 404 | linux_func += ['_WPe_semctl'] 405 | linux_func += ['_WPe_shmget'] 406 | linux_func += ['_WPe_shmctl'] 407 | linux_func += ['_WPe_shmat'] 408 | linux_func += ['_WPe_shmdt'] 409 | linux_func += ['_WPe_msgget'] 410 | linux_func += ['_WPe_msgsnd'] 411 | linux_func += ['_WPe_msgrcv'] 412 | linux_func += ['_WPe_msgctl'] 413 | linux_func += ['_WPe_clock_gettime64'] 414 | linux_func += ['_WPe_clock_settime64'] 415 | linux_func += ['_WPe_clock_adjtime64'] 416 | linux_func += ['_WPe_clock_getres_time64'] 417 | linux_func += ['_WPe_clock_nanosleep_time64'] 418 | linux_func += ['_WPe_timer_gettime64'] 419 | linux_func += ['_WPe_timer_settime64'] 420 | linux_func += ['_WPe_timerfd_gettime64'] 421 | linux_func += ['_WPe_timerfd_settime64'] 422 | linux_func += ['_WPe_utimensat_time64'] 423 | linux_func += ['_WPe_pselect6_time64'] 424 | linux_func += ['_WPe_ppoll_time64'] 425 | linux_func += ['_WPe_Unused'] 426 | linux_func += ['_WPe_io_pgetevents_time64'] 427 | linux_func += ['_WPe_recvmmsg_time64'] 428 | linux_func += ['_WPe_mq_timedsend_time64'] 429 | linux_func += ['_WPe_mq_timedreceive_time64'] 430 | linux_func += ['_WPe_semtimedop_time64'] 431 | linux_func += ['_WPe_rt_sigtimedwait_time64'] 432 | linux_func += ['_WPe_futex_time64'] 433 | linux_func += ['_WPe_sys_sched_rr_get_interval'] 434 | linux_func += ['_WPe_pidfd_send_signal'] 435 | linux_func += ['_WPe_io_uring_setup'] 436 | linux_func += ['_WPe_io_uring_enter'] 437 | linux_func += ['_WPe_io_uring_register'] 438 | linux_func += ['_WPe_open_tree'] 439 | linux_func += ['_WPe_move_mount'] 440 | linux_func += ['_WPe_fsopen'] 441 | linux_func += ['_WPe_fsconfig'] 442 | linux_func += ['_WPe_fsmount'] 443 | linux_func += ['_WPe_fspick'] 444 | linux_func += ['_WPe_pidfd_open'] 445 | linux_func += ['_WPe_clone3'] 446 | linux_func += ['_WPe_close_range'] 447 | linux_func += ['_WPe_openat2'] 448 | linux_func += ['_WPe_pidfd_getfd'] 449 | linux_func += ['_WPe_faccessat2'] 450 | linux_func += ['_WPe_process_madvise'] 451 | linux_func += ['_WPe_epoll_pwait2'] 452 | linux_func += ['_WPe_mount_setattr'] 453 | linux_func += ['_WPe_quotactl_fd'] 454 | linux_func += ['_WPe_landlock_create_ruleset'] 455 | linux_func += ['_WPe_landlock_add_rule'] 456 | linux_func += ['_WPe_landlock_restrict_self'] 457 | linux_func += ['_WPe_reserved_for_memfd_secret'] 458 | linux_func += ['_WPe_process_mrelease'] 459 | linux_func += ['_WPe_futex_waitv'] 460 | linux_func += ['_WPe_set_mempolicy_home_node'] 461 | 462 | socket_func = [''] 463 | socket_func += ['socket'] 464 | socket_func += ['bind'] 465 | socket_func += ['connect'] 466 | socket_func += ['listen'] 467 | socket_func += ['accept'] 468 | socket_func += ['getsockname'] 469 | socket_func += ['getpeername'] 470 | socket_func += ['socketpair'] 471 | socket_func += ['send'] 472 | socket_func += ['recv'] 473 | socket_func += ['sendto'] 474 | socket_func += ['recvfrom'] 475 | socket_func += ['shutdown'] 476 | socket_func += ['setsockopt'] 477 | socket_func += ['getsockopt'] 478 | socket_func += ['sendmsg'] 479 | socket_func += ['recvmsg'] 480 | socket_func += ['accept4'] 481 | socket_func += ['recvmmsg'] 482 | socket_func += ['sendmmsg'] 483 | 484 | def ReName(): 485 | sum = 0 486 | for func in idautils.Functions(): 487 | dism_addr = list(idautils.FuncItems(func)) 488 | for line in dism_addr: 489 | op = idc.print_insn_mnem(line) 490 | lastline = idc.prev_head(line) 491 | while op == "sc": 492 | op_last = idc.print_insn_mnem(lastline) 493 | if op_last == "li" and idc.get_operand_value(lastline, 0) == 0: 494 | callnumber = idc.get_operand_value(lastline, 1) 495 | address = idc.get_name_ea_simple(idc.get_func_name(line)) 496 | funcName = idc.get_func_name(address) 497 | if funcName != "start" and funcName != "_WPe_fork": 498 | if linux_func[callnumber] == "_WPe_socketcall": 499 | funcStartAddr = idc.get_func_attr(line, idc.FUNCATTR_START) 500 | xrefs = list(idautils.XrefsTo(funcStartAddr)) 501 | for xrefAddr in xrefs: 502 | sockNrAddr = idc.prev_head(xrefAddr.frm) 503 | socketop = idc.print_insn_mnem(sockNrAddr) 504 | while socketop != "li": 505 | sockNrAddr = idc.prev_head(sockNrAddr) 506 | socketop = idc.print_insn_mnem(sockNrAddr) 507 | socketFuncAddress = idc.get_name_ea_simple(idc.get_func_name(sockNrAddr)) 508 | socketNumber = idc.get_operand_value(sockNrAddr, 1) 509 | idc.set_name(socketFuncAddress, socket_func[socketNumber], SN_FORCE) 510 | print(socket_func[socketNumber]) 511 | else: 512 | idc.set_name(address, linux_func[callnumber], SN_FORCE) 513 | print(linux_func[callnumber]) 514 | sum += 1 515 | break 516 | else: 517 | lastline = idc.prev_head(lastline) 518 | print("LinuxFuncFinder_PPC32 finished！总共重命名%d个函数" %sum) 519 | 520 | def GetMainFunc(func): 521 | end = idc.prev_head(func.end_ea) 522 | initMainAddr = idc.get_name_ea_simple(idc.print_operand(end, 0)) 523 | mainOP = idc.print_operand(idc.prev_head(end), 0) 524 | mainAddrStr = idc.print_operand(idc.prev_head(idc.prev_head(end)), 1) 525 | if mainOP == "r3": 526 | mainAddr = idc.get_name_ea_simple(mainAddrStr) 527 | if mainAddr != 0xffffffff: 528 | print("main address = 0x%x" %mainAddr) 529 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 530 | idc.set_name(mainAddr, "main", SN_FORCE) 531 | 532 | def RenameStartFunc(): 533 | startAddr = idc.get_name_ea_simple("start") 534 | func = idaapi.get_func(startAddr) 535 | if func != None: 536 | GetMainFunc(func) 537 | else: 538 | startAddr = idc.get_name_ea_simple("_start") 539 | func = idaapi.get_func(startAddr) 540 | if func != None: 541 | GetMainFunc(func) 542 | 543 | def main(): 544 | ReName() 545 | RenameStartFunc() 546 | 547 | if __name__ == "__main__": 548 | main() -------------------------------------------------------------------------------- /LffPlugDir_WPeace/LinuxFuncFinder_Mips32.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | import idc 4 | import idautils 5 | import re 6 | import idaapi 7 | 8 | SN_FORCE = 0x800 9 | 10 | mips_func = {} 11 | __NR_Linux = 4000 12 | mips_func.update({__NR_Linux+0: "_WPe_syscall"}) 13 | mips_func.update({__NR_Linux+1: "_WPe_exit"}) 14 | mips_func.update({__NR_Linux+2: "_WPe_fork"}) 15 | mips_func.update({__NR_Linux+3: "_WPe_read"}) 16 | mips_func.update({__NR_Linux+4: "_WPe_write"}) 17 | mips_func.update({__NR_Linux+5: "_WPe_open"}) 18 | mips_func.update({__NR_Linux+6: "_WPe_close"}) 19 | mips_func.update({__NR_Linux+7: "_WPe_waitpid"}) 20 | mips_func.update({__NR_Linux+8: "_WPe_creat"}) 21 | mips_func.update({__NR_Linux+9: "_WPe_link"}) 22 | mips_func.update({__NR_Linux+10: "_WPe_unlink"}) 23 | mips_func.update({__NR_Linux+11: "_WPe_execve"}) 24 | mips_func.update({__NR_Linux+12: "_WPe_chdir"}) 25 | mips_func.update({__NR_Linux+13: "_WPe_time"}) 26 | mips_func.update({__NR_Linux+14: "_WPe_mknod"}) 27 | mips_func.update({__NR_Linux+15: "_WPe_chmod"}) 28 | mips_func.update({__NR_Linux+16: "_WPe_lchown"}) 29 | mips_func.update({__NR_Linux+17: "_WPe_break"}) 30 | mips_func.update({__NR_Linux+18: "_WPe_unused18"}) 31 | mips_func.update({__NR_Linux+19: "_WPe_lseek"}) 32 | mips_func.update({__NR_Linux+20: "_WPe_getpid"}) 33 | mips_func.update({__NR_Linux+21: "_WPe_mount"}) 34 | mips_func.update({__NR_Linux+22: "_WPe_umount"}) 35 | mips_func.update({__NR_Linux+23: "_WPe_setuid"}) 36 | mips_func.update({__NR_Linux+24: "_WPe_getuid"}) 37 | mips_func.update({__NR_Linux+25: "_WPe_stime"}) 38 | mips_func.update({__NR_Linux+26: "_WPe_ptrace"}) 39 | mips_func.update({__NR_Linux+27: "_WPe_alarm"}) 40 | mips_func.update({__NR_Linux+28: "_WPe_unused28"}) 41 | mips_func.update({__NR_Linux+29: "_WPe_pause"}) 42 | mips_func.update({__NR_Linux+30: "_WPe_utime"}) 43 | mips_func.update({__NR_Linux+31: "_WPe_stty"}) 44 | mips_func.update({__NR_Linux+32: "_WPe_gtty"}) 45 | mips_func.update({__NR_Linux+33: "_WPe_access"}) 46 | mips_func.update({__NR_Linux+34: "_WPe_nice"}) 47 | mips_func.update({__NR_Linux+35: "_WPe_ftime"}) 48 | mips_func.update({__NR_Linux+36: "_WPe_sync"}) 49 | mips_func.update({__NR_Linux+37: "_WPe_kill"}) 50 | mips_func.update({__NR_Linux+38: "_WPe_rename"}) 51 | mips_func.update({__NR_Linux+39: "_WPe_mkdir"}) 52 | mips_func.update({__NR_Linux+40: "_WPe_rmdir"}) 53 | mips_func.update({__NR_Linux+41: "_WPe_dup"}) 54 | mips_func.update({__NR_Linux+42: "_WPe_pipe"}) 55 | mips_func.update({__NR_Linux+43: "_WPe_times"}) 56 | mips_func.update({__NR_Linux+44: "_WPe_prof"}) 57 | mips_func.update({__NR_Linux+45: "_WPe_brk"}) 58 | mips_func.update({__NR_Linux+46: "_WPe_setgid"}) 59 | mips_func.update({__NR_Linux+47: "_WPe_getgid"}) 60 | mips_func.update({__NR_Linux+48: "_WPe_signal"}) 61 | mips_func.update({__NR_Linux+49: "_WPe_geteuid"}) 62 | mips_func.update({__NR_Linux+50: "_WPe_getegid"}) 63 | mips_func.update({__NR_Linux+51: "_WPe_acct"}) 64 | mips_func.update({__NR_Linux+52: "_WPe_umount2"}) 65 | mips_func.update({__NR_Linux+53: "_WPe_lock"}) 66 | mips_func.update({__NR_Linux+54: "_WPe_ioctl"}) 67 | mips_func.update({__NR_Linux+55: "_WPe_fcntl"}) 68 | mips_func.update({__NR_Linux+56: "_WPe_mpx"}) 69 | mips_func.update({__NR_Linux+57: "_WPe_setpgid"}) 70 | mips_func.update({__NR_Linux+58: "_WPe_ulimit"}) 71 | mips_func.update({__NR_Linux+59: "_WPe_unused59"}) 72 | mips_func.update({__NR_Linux+60: "_WPe_umask"}) 73 | mips_func.update({__NR_Linux+61: "_WPe_chroot"}) 74 | mips_func.update({__NR_Linux+62: "_WPe_ustat"}) 75 | mips_func.update({__NR_Linux+63: "_WPe_dup2"}) 76 | mips_func.update({__NR_Linux+64: "_WPe_getppid"}) 77 | mips_func.update({__NR_Linux+65: "_WPe_getpgrp"}) 78 | mips_func.update({__NR_Linux+66: "_WPe_setsid"}) 79 | mips_func.update({__NR_Linux+67: "_WPe_sigaction"}) 80 | mips_func.update({__NR_Linux+68: "_WPe_sgetmask"}) 81 | mips_func.update({__NR_Linux+69: "_WPe_ssetmask"}) 82 | mips_func.update({__NR_Linux+70: "_WPe_setreuid"}) 83 | mips_func.update({__NR_Linux+71: "_WPe_setregid"}) 84 | mips_func.update({__NR_Linux+72: "_WPe_sigsuspend"}) 85 | mips_func.update({__NR_Linux+73: "_WPe_sigpending"}) 86 | mips_func.update({__NR_Linux+74: "_WPe_sethostname"}) 87 | mips_func.update({__NR_Linux+75: "_WPe_setrlimit"}) 88 | mips_func.update({__NR_Linux+76: "_WPe_getrlimit"}) 89 | mips_func.update({__NR_Linux+77: "_WPe_getrusage"}) 90 | mips_func.update({__NR_Linux+78: "_WPe_gettimeofday"}) 91 | mips_func.update({__NR_Linux+79: "_WPe_settimeofday"}) 92 | mips_func.update({__NR_Linux+80: "_WPe_getgroups"}) 93 | mips_func.update({__NR_Linux+81: "_WPe_setgroups"}) 94 | mips_func.update({__NR_Linux+82: "_WPe_reserved82"}) 95 | mips_func.update({__NR_Linux+83: "_WPe_symlink"}) 96 | mips_func.update({__NR_Linux+84: "_WPe_unused84"}) 97 | mips_func.update({__NR_Linux+85: "_WPe_readlink"}) 98 | mips_func.update({__NR_Linux+86: "_WPe_uselib"}) 99 | mips_func.update({__NR_Linux+87: "_WPe_swapon"}) 100 | mips_func.update({__NR_Linux+88: "_WPe_reboot"}) 101 | mips_func.update({__NR_Linux+89: "_WPe_readdir"}) 102 | mips_func.update({__NR_Linux+90: "_WPe_mmap"}) 103 | mips_func.update({__NR_Linux+91: "_WPe_munmap"}) 104 | mips_func.update({__NR_Linux+92: "_WPe_truncate"}) 105 | mips_func.update({__NR_Linux+93: "_WPe_ftruncate"}) 106 | mips_func.update({__NR_Linux+94: "_WPe_fchmod"}) 107 | mips_func.update({__NR_Linux+95: "_WPe_fchown"}) 108 | mips_func.update({__NR_Linux+96: "_WPe_getpriority"}) 109 | mips_func.update({__NR_Linux+97: "_WPe_setpriority"}) 110 | mips_func.update({__NR_Linux+98: "_WPe_profil"}) 111 | mips_func.update({__NR_Linux+99: "_WPe_statfs"}) 112 | mips_func.update({__NR_Linux+100: "_WPe_fstatfs"}) 113 | mips_func.update({__NR_Linux+101: "_WPe_ioperm"}) 114 | mips_func.update({__NR_Linux+102: "_WPe_socketcall"}) 115 | mips_func.update({__NR_Linux+103: "_WPe_syslog"}) 116 | mips_func.update({__NR_Linux+104: "_WPe_setitimer"}) 117 | mips_func.update({__NR_Linux+105: "_WPe_getitimer"}) 118 | mips_func.update({__NR_Linux+106: "_WPe_stat"}) 119 | mips_func.update({__NR_Linux+107: "_WPe_lstat"}) 120 | mips_func.update({__NR_Linux+108: "_WPe_fstat"}) 121 | mips_func.update({__NR_Linux+109: "_WPe_unused109"}) 122 | mips_func.update({__NR_Linux+110: "_WPe_iopl"}) 123 | mips_func.update({__NR_Linux+111: "_WPe_vhangup"}) 124 | mips_func.update({__NR_Linux+112: "_WPe_idle"}) 125 | mips_func.update({__NR_Linux+113: "_WPe_vm86"}) 126 | mips_func.update({__NR_Linux+114: "_WPe_wait4"}) 127 | mips_func.update({__NR_Linux+115: "_WPe_swapoff"}) 128 | mips_func.update({__NR_Linux+116: "_WPe_sysinfo"}) 129 | mips_func.update({__NR_Linux+117: "_WPe_ipc"}) 130 | mips_func.update({__NR_Linux+118: "_WPe_fsync"}) 131 | mips_func.update({__NR_Linux+119: "_WPe_sigreturn"}) 132 | mips_func.update({__NR_Linux+120: "_WPe_clone"}) 133 | mips_func.update({__NR_Linux+121: "_WPe_setdomainname"}) 134 | mips_func.update({__NR_Linux+122: "_WPe_uname"}) 135 | mips_func.update({__NR_Linux+123: "_WPe_modify_ldt"}) 136 | mips_func.update({__NR_Linux+124: "_WPe_adjtimex"}) 137 | mips_func.update({__NR_Linux+125: "_WPe_mprotect"}) 138 | mips_func.update({__NR_Linux+126: "_WPe_sigprocmask"}) 139 | mips_func.update({__NR_Linux+127: "_WPe_create_module"}) 140 | mips_func.update({__NR_Linux+128: "_WPe_init_module"}) 141 | mips_func.update({__NR_Linux+129: "_WPe_delete_module"}) 142 | mips_func.update({__NR_Linux+130: "_WPe_get_kernel_syms"}) 143 | mips_func.update({__NR_Linux+131: "_WPe_quotactl"}) 144 | mips_func.update({__NR_Linux+132: "_WPe_getpgid"}) 145 | mips_func.update({__NR_Linux+133: "_WPe_fchdir"}) 146 | mips_func.update({__NR_Linux+134: "_WPe_bdflush"}) 147 | mips_func.update({__NR_Linux+135: "_WPe_sysfs"}) 148 | mips_func.update({__NR_Linux+136: "_WPe_personality"}) 149 | mips_func.update({__NR_Linux+137: "_WPe_afs_syscall"}) 150 | mips_func.update({__NR_Linux+138: "_WPe_setfsuid"}) 151 | mips_func.update({__NR_Linux+139: "_WPe_setfsgid"}) 152 | mips_func.update({__NR_Linux+140: "_WPe__llseek"}) 153 | mips_func.update({__NR_Linux+141: "_WPe_getdents"}) 154 | mips_func.update({__NR_Linux+142: "_WPe__newselect"}) 155 | mips_func.update({__NR_Linux+143: "_WPe_flock"}) 156 | mips_func.update({__NR_Linux+144: "_WPe_msync"}) 157 | mips_func.update({__NR_Linux+145: "_WPe_readv"}) 158 | mips_func.update({__NR_Linux+146: "_WPe_writev"}) 159 | mips_func.update({__NR_Linux+147: "_WPe_cacheflush"}) 160 | mips_func.update({__NR_Linux+148: "_WPe_cachectl"}) 161 | mips_func.update({__NR_Linux+149: "_WPe_sysmips"}) 162 | mips_func.update({__NR_Linux+150: "_WPe_unused150"}) 163 | mips_func.update({__NR_Linux+151: "_WPe_getsid"}) 164 | mips_func.update({__NR_Linux+152: "_WPe_fdatasync"}) 165 | mips_func.update({__NR_Linux+153: "_WPe__sysctl"}) 166 | mips_func.update({__NR_Linux+154: "_WPe_mlock"}) 167 | mips_func.update({__NR_Linux+155: "_WPe_munlock"}) 168 | mips_func.update({__NR_Linux+156: "_WPe_mlockall"}) 169 | mips_func.update({__NR_Linux+157: "_WPe_munlockall"}) 170 | mips_func.update({__NR_Linux+158: "_WPe_sched_setparam"}) 171 | mips_func.update({__NR_Linux+159: "_WPe_sched_getparam"}) 172 | mips_func.update({__NR_Linux+160: "_WPe_sched_setscheduler"}) 173 | mips_func.update({__NR_Linux+161: "_WPe_sched_getscheduler"}) 174 | mips_func.update({__NR_Linux+162: "_WPe_sched_yield"}) 175 | mips_func.update({__NR_Linux+163: "_WPe_sched_get_priority_max"}) 176 | mips_func.update({__NR_Linux+164: "_WPe_sched_get_priority_min"}) 177 | mips_func.update({__NR_Linux+165: "_WPe_sched_rr_get_interval"}) 178 | mips_func.update({__NR_Linux+166: "_WPe_nanosleep"}) 179 | mips_func.update({__NR_Linux+167: "_WPe_mremap"}) 180 | mips_func.update({__NR_Linux+168: "_WPe_accept"}) 181 | mips_func.update({__NR_Linux+169: "_WPe_bind"}) 182 | mips_func.update({__NR_Linux+170: "_WPe_connect"}) 183 | mips_func.update({__NR_Linux+171: "_WPe_getpeername"}) 184 | mips_func.update({__NR_Linux+172: "_WPe_getsockname"}) 185 | mips_func.update({__NR_Linux+173: "_WPe_getsockopt"}) 186 | mips_func.update({__NR_Linux+174: "_WPe_listen"}) 187 | mips_func.update({__NR_Linux+175: "_WPe_recv"}) 188 | mips_func.update({__NR_Linux+176: "_WPe_recvfrom"}) 189 | mips_func.update({__NR_Linux+177: "_WPe_recvmsg"}) 190 | mips_func.update({__NR_Linux+178: "_WPe_send"}) 191 | mips_func.update({__NR_Linux+179: "_WPe_sendmsg"}) 192 | mips_func.update({__NR_Linux+180: "_WPe_sendto"}) 193 | mips_func.update({__NR_Linux+181: "_WPe_setsockopt"}) 194 | mips_func.update({__NR_Linux+182: "_WPe_shutdown"}) 195 | mips_func.update({__NR_Linux+183: "_WPe_socket"}) 196 | mips_func.update({__NR_Linux+184: "_WPe_socketpair"}) 197 | mips_func.update({__NR_Linux+185: "_WPe_setresuid"}) 198 | mips_func.update({__NR_Linux+186: "_WPe_getresuid"}) 199 | mips_func.update({__NR_Linux+187: "_WPe_query_module"}) 200 | mips_func.update({__NR_Linux+188: "_WPe_poll"}) 201 | mips_func.update({__NR_Linux+189: "_WPe_nfsservctl"}) 202 | mips_func.update({__NR_Linux+190: "_WPe_setresgid"}) 203 | mips_func.update({__NR_Linux+191: "_WPe_getresgid"}) 204 | mips_func.update({__NR_Linux+192: "_WPe_prctl"}) 205 | mips_func.update({__NR_Linux+193: "_WPe_rt_sigreturn"}) 206 | mips_func.update({__NR_Linux+194: "_WPe_rt_sigaction"}) 207 | mips_func.update({__NR_Linux+195: "_WPe_rt_sigprocmask"}) 208 | mips_func.update({__NR_Linux+196: "_WPe_rt_sigpending"}) 209 | mips_func.update({__NR_Linux+197: "_WPe_rt_sigtimedwait"}) 210 | mips_func.update({__NR_Linux+198: "_WPe_rt_sigqueueinfo"}) 211 | mips_func.update({__NR_Linux+199: "_WPe_rt_sigsuspend"}) 212 | mips_func.update({__NR_Linux+200: "_WPe_pread64"}) 213 | mips_func.update({__NR_Linux+201: "_WPe_pwrite64"}) 214 | mips_func.update({__NR_Linux+202: "_WPe_chown"}) 215 | mips_func.update({__NR_Linux+203: "_WPe_getcwd"}) 216 | mips_func.update({__NR_Linux+204: "_WPe_capget"}) 217 | mips_func.update({__NR_Linux+205: "_WPe_capset"}) 218 | mips_func.update({__NR_Linux+206: "_WPe_sigaltstack"}) 219 | mips_func.update({__NR_Linux+207: "_WPe_sendfile"}) 220 | mips_func.update({__NR_Linux+208: "_WPe_getpmsg"}) 221 | mips_func.update({__NR_Linux+209: "_WPe_putpmsg"}) 222 | mips_func.update({__NR_Linux+210: "_WPe_mmap2"}) 223 | mips_func.update({__NR_Linux+211: "_WPe_truncate64"}) 224 | mips_func.update({__NR_Linux+212: "_WPe_ftruncate64"}) 225 | mips_func.update({__NR_Linux+213: "_WPe_stat64"}) 226 | mips_func.update({__NR_Linux+214: "_WPe_lstat64"}) 227 | mips_func.update({__NR_Linux+215: "_WPe_fstat64"}) 228 | mips_func.update({__NR_Linux+216: "_WPe_pivot_root"}) 229 | mips_func.update({__NR_Linux+217: "_WPe_mincore"}) 230 | mips_func.update({__NR_Linux+218: "_WPe_madvise"}) 231 | mips_func.update({__NR_Linux+219: "_WPe_getdents64"}) 232 | mips_func.update({__NR_Linux+220: "_WPe_fcntl64"}) 233 | mips_func.update({__NR_Linux+221: "_WPe_reserved221"}) 234 | mips_func.update({__NR_Linux+222: "_WPe_gettid"}) 235 | mips_func.update({__NR_Linux+223: "_WPe_readahead"}) 236 | mips_func.update({__NR_Linux+224: "_WPe_setxattr"}) 237 | mips_func.update({__NR_Linux+225: "_WPe_lsetxattr"}) 238 | mips_func.update({__NR_Linux+226: "_WPe_fsetxattr"}) 239 | mips_func.update({__NR_Linux+227: "_WPe_getxattr"}) 240 | mips_func.update({__NR_Linux+228: "_WPe_lgetxattr"}) 241 | mips_func.update({__NR_Linux+229: "_WPe_fgetxattr"}) 242 | mips_func.update({__NR_Linux+230: "_WPe_listxattr"}) 243 | mips_func.update({__NR_Linux+231: "_WPe_llistxattr"}) 244 | mips_func.update({__NR_Linux+232: "_WPe_flistxattr"}) 245 | mips_func.update({__NR_Linux+233: "_WPe_removexattr"}) 246 | mips_func.update({__NR_Linux+234: "_WPe_lremovexattr"}) 247 | mips_func.update({__NR_Linux+235: "_WPe_fremovexattr"}) 248 | mips_func.update({__NR_Linux+236: "_WPe_tkill"}) 249 | mips_func.update({__NR_Linux+237: "_WPe_sendfile64"}) 250 | mips_func.update({__NR_Linux+238: "_WPe_futex"}) 251 | mips_func.update({__NR_Linux+239: "_WPe_sched_setaffinity"}) 252 | mips_func.update({__NR_Linux+240: "_WPe_sched_getaffinity"}) 253 | mips_func.update({__NR_Linux+241: "_WPe_io_setup"}) 254 | mips_func.update({__NR_Linux+242: "_WPe_io_destroy"}) 255 | mips_func.update({__NR_Linux+243: "_WPe_io_getevents"}) 256 | mips_func.update({__NR_Linux+244: "_WPe_io_submit"}) 257 | mips_func.update({__NR_Linux+245: "_WPe_io_cancel"}) 258 | mips_func.update({__NR_Linux+246: "_WPe_exit_group"}) 259 | mips_func.update({__NR_Linux+247: "_WPe_lookup_dcookie"}) 260 | mips_func.update({__NR_Linux+248: "_WPe_epoll_create"}) 261 | mips_func.update({__NR_Linux+249: "_WPe_epoll_ctl"}) 262 | mips_func.update({__NR_Linux+250: "_WPe_epoll_wait"}) 263 | mips_func.update({__NR_Linux+251: "_WPe_remap_file_pages"}) 264 | mips_func.update({__NR_Linux+252: "_WPe_set_tid_address"}) 265 | mips_func.update({__NR_Linux+253: "_WPe_restart_syscall"}) 266 | mips_func.update({__NR_Linux+254: "_WPe_fadvise64"}) 267 | mips_func.update({__NR_Linux+255: "_WPe_statfs64"}) 268 | mips_func.update({__NR_Linux+256: "_WPe_fstatfs64"}) 269 | mips_func.update({__NR_Linux+257: "_WPe_timer_create"}) 270 | mips_func.update({__NR_Linux+258: "_WPe_timer_settime"}) 271 | mips_func.update({__NR_Linux+259: "_WPe_timer_gettime"}) 272 | mips_func.update({__NR_Linux+260: "_WPe_timer_getoverrun"}) 273 | mips_func.update({__NR_Linux+261: "_WPe_timer_delete"}) 274 | mips_func.update({__NR_Linux+262: "_WPe_clock_settime"}) 275 | mips_func.update({__NR_Linux+263: "_WPe_clock_gettime"}) 276 | mips_func.update({__NR_Linux+264: "_WPe_clock_getres"}) 277 | mips_func.update({__NR_Linux+265: "_WPe_clock_nanosleep"}) 278 | mips_func.update({__NR_Linux+266: "_WPe_tgkill"}) 279 | mips_func.update({__NR_Linux+267: "_WPe_utimes"}) 280 | mips_func.update({__NR_Linux+268: "_WPe_mbind"}) 281 | mips_func.update({__NR_Linux+269: "_WPe_get_mempolicy"}) 282 | mips_func.update({__NR_Linux+270: "_WPe_set_mempolicy"}) 283 | mips_func.update({__NR_Linux+271: "_WPe_mq_open"}) 284 | mips_func.update({__NR_Linux+272: "_WPe_mq_unlink"}) 285 | mips_func.update({__NR_Linux+273: "_WPe_mq_timedsend"}) 286 | mips_func.update({__NR_Linux+274: "_WPe_mq_timedreceive"}) 287 | mips_func.update({__NR_Linux+275: "_WPe_mq_notify"}) 288 | mips_func.update({__NR_Linux+276: "_WPe_mq_getsetattr"}) 289 | mips_func.update({__NR_Linux+277: "_WPe_vserver"}) 290 | mips_func.update({__NR_Linux+278: "_WPe_waitid"}) 291 | mips_func.update({__NR_Linux+280: "_WPe_add_key"}) 292 | mips_func.update({__NR_Linux+281: "_WPe_request_key"}) 293 | mips_func.update({__NR_Linux+282: "_WPe_keyctl"}) 294 | mips_func.update({__NR_Linux+283: "_WPe_set_thread_area"}) 295 | mips_func.update({__NR_Linux+284: "_WPe_inotify_init"}) 296 | mips_func.update({__NR_Linux+285: "_WPe_inotify_add_watch"}) 297 | mips_func.update({__NR_Linux+286: "_WPe_inotify_rm_watch"}) 298 | mips_func.update({__NR_Linux+287: "_WPe_migrate_pages"}) 299 | mips_func.update({__NR_Linux+288: "_WPe_openat"}) 300 | mips_func.update({__NR_Linux+289: "_WPe_mkdirat"}) 301 | mips_func.update({__NR_Linux+290: "_WPe_mknodat"}) 302 | mips_func.update({__NR_Linux+291: "_WPe_fchownat"}) 303 | mips_func.update({__NR_Linux+292: "_WPe_futimesat"}) 304 | mips_func.update({__NR_Linux+293: "_WPe_fstatat64"}) 305 | mips_func.update({__NR_Linux+294: "_WPe_unlinkat"}) 306 | mips_func.update({__NR_Linux+295: "_WPe_renameat"}) 307 | mips_func.update({__NR_Linux+296: "_WPe_linkat"}) 308 | mips_func.update({__NR_Linux+297: "_WPe_symlinkat"}) 309 | mips_func.update({__NR_Linux+298: "_WPe_readlinkat"}) 310 | mips_func.update({__NR_Linux+299: "_WPe_fchmodat"}) 311 | mips_func.update({__NR_Linux+300: "_WPe_faccessat"}) 312 | mips_func.update({__NR_Linux+301: "_WPe_pselect6"}) 313 | mips_func.update({__NR_Linux+302: "_WPe_ppoll"}) 314 | mips_func.update({__NR_Linux+303: "_WPe_unshare"}) 315 | mips_func.update({__NR_Linux+304: "_WPe_splice"}) 316 | mips_func.update({__NR_Linux+305: "_WPe_sync_file_range"}) 317 | mips_func.update({__NR_Linux+306: "_WPe_tee"}) 318 | mips_func.update({__NR_Linux+307: "_WPe_vmsplice"}) 319 | mips_func.update({__NR_Linux+308: "_WPe_move_pages"}) 320 | mips_func.update({__NR_Linux+309: "_WPe_set_robust_list"}) 321 | mips_func.update({__NR_Linux+310: "_WPe_get_robust_list"}) 322 | mips_func.update({__NR_Linux+311: "_WPe_kexec_load"}) 323 | mips_func.update({__NR_Linux+312: "_WPe_getcpu"}) 324 | mips_func.update({__NR_Linux+313: "_WPe_epoll_pwait"}) 325 | mips_func.update({__NR_Linux+314: "_WPe_ioprio_set"}) 326 | mips_func.update({__NR_Linux+315: "_WPe_ioprio_get"}) 327 | mips_func.update({__NR_Linux+316: "_WPe_utimensat"}) 328 | mips_func.update({__NR_Linux+317: "_WPe_signalfd"}) 329 | mips_func.update({__NR_Linux+318: "_WPe_timerfd"}) 330 | mips_func.update({__NR_Linux+319: "_WPe_eventfd"}) 331 | mips_func.update({__NR_Linux+320: "_WPe_fallocate"}) 332 | mips_func.update({__NR_Linux+321: "_WPe_timerfd_create"}) 333 | mips_func.update({__NR_Linux+322: "_WPe_timerfd_gettime"}) 334 | mips_func.update({__NR_Linux+323: "_WPe_timerfd_settime"}) 335 | mips_func.update({__NR_Linux+324: "_WPe_signalfd4"}) 336 | mips_func.update({__NR_Linux+325: "_WPe_eventfd2"}) 337 | mips_func.update({__NR_Linux+326: "_WPe_epoll_create1"}) 338 | mips_func.update({__NR_Linux+327: "_WPe_dup3"}) 339 | mips_func.update({__NR_Linux+328: "_WPe_pipe2"}) 340 | mips_func.update({__NR_Linux+329: "_WPe_inotify_init1"}) 341 | mips_func.update({__NR_Linux+330: "_WPe_preadv"}) 342 | mips_func.update({__NR_Linux+331: "_WPe_pwritev"}) 343 | mips_func.update({__NR_Linux+332: "_WPe_rt_tgsigqueueinfo"}) 344 | mips_func.update({__NR_Linux+333: "_WPe_perf_event_open"}) 345 | mips_func.update({__NR_Linux+334: "_WPe_accept4"}) 346 | mips_func.update({__NR_Linux+335: "_WPe_recvmmsg"}) 347 | mips_func.update({__NR_Linux+336: "_WPe_fanotify_init"}) 348 | mips_func.update({__NR_Linux+337: "_WPe_fanotify_mark"}) 349 | mips_func.update({__NR_Linux+338: "_WPe_prlimit64"}) 350 | mips_func.update({__NR_Linux+339: "_WPe_name_to_handle_at"}) 351 | mips_func.update({__NR_Linux+340: "_WPe_open_by_handle_at"}) 352 | mips_func.update({__NR_Linux+341: "_WPe_clock_adjtime"}) 353 | mips_func.update({__NR_Linux+342: "_WPe_syncfs"}) 354 | mips_func.update({__NR_Linux+343: "_WPe_sendmmsg"}) 355 | mips_func.update({__NR_Linux+344: "_WPe_setns"}) 356 | mips_func.update({__NR_Linux+345: "_WPe_process_vm_readv"}) 357 | mips_func.update({__NR_Linux+346: "_WPe_process_vm_writev"}) 358 | mips_func.update({__NR_Linux+347: "_WPe_kcmp"}) 359 | mips_func.update({__NR_Linux+348: "_WPe_finit_module"}) 360 | mips_func.update({__NR_Linux+349: "_WPe_sched_setattr"}) 361 | mips_func.update({__NR_Linux+350: "_WPe_sched_getattr"}) 362 | mips_func.update({__NR_Linux+351: "_WPe_renameat2"}) 363 | mips_func.update({__NR_Linux+352: "_WPe_seccomp"}) 364 | mips_func.update({__NR_Linux+353: "_WPe_getrandom"}) 365 | mips_func.update({__NR_Linux+354: "_WPe_memfd_create"}) 366 | mips_func.update({__NR_Linux+355: "_WPe_bpf"}) 367 | mips_func.update({__NR_Linux+356: "_WPe_execveat"}) 368 | mips_func.update({__NR_Linux+357: "_WPe_userfaultfd"}) 369 | mips_func.update({__NR_Linux+358: "_WPe_membarrier"}) 370 | mips_func.update({__NR_Linux+359: "_WPe_mlock2"}) 371 | mips_func.update({__NR_Linux+360: "_WPe_copy_file_range"}) 372 | mips_func.update({__NR_Linux+361: "_WPe_preadv2"}) 373 | mips_func.update({__NR_Linux+362: "_WPe_pwritev2"}) 374 | mips_func.update({__NR_Linux+363: "_WPe_pkey_mprotect"}) 375 | mips_func.update({__NR_Linux+364: "_WPe_pkey_alloc"}) 376 | mips_func.update({__NR_Linux+365: "_WPe_pkey_free"}) 377 | mips_func.update({__NR_Linux+366: "_WPe_statx"}) 378 | mips_func.update({__NR_Linux+367: "_WPe_rseq"}) 379 | mips_func.update({__NR_Linux+368: "_WPe_io_pgetevents"}) 380 | mips_func.update({__NR_Linux+393: "_WPe_semget"}) 381 | mips_func.update({__NR_Linux+394: "_WPe_semctl"}) 382 | mips_func.update({__NR_Linux+395: "_WPe_shmget"}) 383 | mips_func.update({__NR_Linux+396: "_WPe_shmctl"}) 384 | mips_func.update({__NR_Linux+397: "_WPe_shmat"}) 385 | mips_func.update({__NR_Linux+398: "_WPe_shmdt"}) 386 | mips_func.update({__NR_Linux+399: "_WPe_msgget"}) 387 | mips_func.update({__NR_Linux+400: "_WPe_msgsnd"}) 388 | mips_func.update({__NR_Linux+401: "_WPe_msgrcv"}) 389 | mips_func.update({__NR_Linux+402: "_WPe_msgctl"}) 390 | mips_func.update({__NR_Linux+403: "_WPe_clock_gettime64"}) 391 | mips_func.update({__NR_Linux+404: "_WPe_clock_settime64"}) 392 | mips_func.update({__NR_Linux+405: "_WPe_clock_adjtime64"}) 393 | mips_func.update({__NR_Linux+406: "_WPe_clock_getres_time64"}) 394 | mips_func.update({__NR_Linux+407: "_WPe_clock_nanosleep_time64"}) 395 | mips_func.update({__NR_Linux+408: "_WPe_timer_gettime64"}) 396 | mips_func.update({__NR_Linux+409: "_WPe_timer_settime64"}) 397 | mips_func.update({__NR_Linux+410: "_WPe_timerfd_gettime64"}) 398 | mips_func.update({__NR_Linux+411: "_WPe_timerfd_settime64"}) 399 | mips_func.update({__NR_Linux+412: "_WPe_utimensat_time64"}) 400 | mips_func.update({__NR_Linux+413: "_WPe_pselect6_time64"}) 401 | mips_func.update({__NR_Linux+414: "_WPe_ppoll_time64"}) 402 | mips_func.update({__NR_Linux+416: "_WPe_io_pgetevents_time64"}) 403 | mips_func.update({__NR_Linux+417: "_WPe_recvmmsg_time64"}) 404 | mips_func.update({__NR_Linux+418: "_WPe_mq_timedsend_time64"}) 405 | mips_func.update({__NR_Linux+419: "_WPe_mq_timedreceive_time64"}) 406 | mips_func.update({__NR_Linux+420: "_WPe_semtimedop_time64"}) 407 | mips_func.update({__NR_Linux+421: "_WPe_rt_sigtimedwait_time64"}) 408 | mips_func.update({__NR_Linux+422: "_WPe_futex_time64"}) 409 | mips_func.update({__NR_Linux+423: "_WPe_sched_rr_get_interval_time64"}) 410 | mips_func.update({__NR_Linux+424: "_WPe_pidfd_send_signal"}) 411 | mips_func.update({__NR_Linux+425: "_WPe_io_uring_setup"}) 412 | mips_func.update({__NR_Linux+426: "_WPe_io_uring_enter"}) 413 | mips_func.update({__NR_Linux+427: "_WPe_io_uring_register"}) 414 | mips_func.update({__NR_Linux+428: "_WPe_open_tree"}) 415 | mips_func.update({__NR_Linux+429: "_WPe_move_mount"}) 416 | mips_func.update({__NR_Linux+430: "_WPe_fsopen"}) 417 | mips_func.update({__NR_Linux+431: "_WPe_fsconfig"}) 418 | mips_func.update({__NR_Linux+432: "_WPe_fsmount"}) 419 | mips_func.update({__NR_Linux+433: "_WPe_fspick"}) 420 | mips_func.update({__NR_Linux+434: "_WPe_pidfd_open"}) 421 | mips_func.update({__NR_Linux+435: "_WPe_clone3"}) 422 | mips_func.update({__NR_Linux+436: "_WPe_close_range"}) 423 | mips_func.update({__NR_Linux+437: "_WPe_openat2"}) 424 | mips_func.update({__NR_Linux+438: "_WPe_pidfd_getfd"}) 425 | mips_func.update({__NR_Linux+439: "_WPe_faccessat2"}) 426 | mips_func.update({__NR_Linux+440: "_WPe_process_madvise"}) 427 | 428 | def TestSyscall(): 429 | for func in idautils.Functions(): 430 | dism_addr = list(idautils.FuncItems(func)) 431 | for line in dism_addr: 432 | m = idc.print_insn_mnem(line) 433 | if m == 'syscall': 434 | opString = idc.print_operand(line - 4, 1) 435 | if len(opString) == 0: 436 | print("Error：请确认调用规则是否正确！") 437 | return 0 438 | try: 439 | callNumber = int(opString, 16) 440 | return 1 441 | except Exception: 442 | return 2 443 | 444 | def ReName_DirectCall(): 445 | sum = 0 446 | for func in idautils.Functions(): 447 | dism_addr = list(idautils.FuncItems(func)) 448 | for line in dism_addr: 449 | m = idc.print_insn_mnem(line) 450 | if m == 'syscall': 451 | op = idc.GetDisasm(line - 4) 452 | op = re.findall('(?<=0x).*$', op) 453 | opString = ''.join(op) 454 | if len(opString) == 0: 455 | print("Error：请确认调用规则是否正确！") 456 | return 457 | try: 458 | callNumber = int(opString, 16) 459 | address = idc.get_name_ea_simple(idc.get_func_name(line)) 460 | flag = 0 461 | for func in idautils.Functions(): 462 | name = idc.get_func_name(func) 463 | if name == mips_func[callNumber]: 464 | flag = 1 465 | if flag == 0: 466 | print(mips_func[callNumber]) 467 | idc.set_name(address, mips_func[callNumber], idc.SN_CHECK) 468 | sum += 1 469 | except Exception as e: 470 | pass 471 | continue 472 | print("LinuxFuncFinder_Mips32_DirectCall finished！总共重命名%d个函数" % sum) 473 | 474 | def ReName_IndirectCall(): 475 | sum = 0 476 | for func in idautils.Functions(): 477 | dism_addr = list(idautils.FuncItems(func)) 478 | for line in dism_addr: 479 | m = idc.print_insn_mnem(line) 480 | if m == 'syscall': 481 | lastline = idc.prev_head(line) 482 | op = idc.print_operand(lastline, 0) 483 | funcStartAddr = idc.get_func_attr(line, idc.FUNCATTR_START) 484 | if "v0" in op: 485 | Mnem_lastline = idc.print_insn_mnem(lastline) 486 | if Mnem_lastline == "li": 487 | opString = idc.print_operand(lastline, 1) 488 | callNumber = int(opString, 16) 489 | funcAddr = funcStartAddr 490 | idc.set_name(funcAddr, mips_func[callNumber], SN_FORCE) 491 | print(mips_func[callNumber]) 492 | sum += 1 493 | elif Mnem_lastline == "move": 494 | xrefs = list(idautils.XrefsTo(funcStartAddr)) 495 | for xrefAddr in xrefs: 496 | uptoFindNrLine = idc.prev_head(xrefAddr.frm) 497 | op_uptoFindNrLine = idc.print_operand(uptoFindNrLine, 0) 498 | while "a0" not in op_uptoFindNrLine: 499 | uptoFindNrLine = idc.prev_head(uptoFindNrLine) 500 | op_uptoFindNrLine = idc.print_operand(uptoFindNrLine, 0) 501 | opString = idc.print_operand(uptoFindNrLine, 1) 502 | callNumber = int(opString, 16) 503 | funcAddr = idc.get_func_attr(uptoFindNrLine, idc.FUNCATTR_START) 504 | idc.set_name(funcAddr, mips_func[callNumber], SN_FORCE) 505 | print(mips_func[callNumber]) 506 | sum += 1 507 | break 508 | elif Mnem_lastline == "lw": 509 | xrefs = list(idautils.XrefsTo(funcStartAddr)) 510 | for xrefAddr in xrefs: 511 | uptoFindNrLine = idc.prev_head(xrefAddr.frm) 512 | op_uptoFindNrLine = idc.print_operand(uptoFindNrLine, 0) 513 | while "a0" not in op_uptoFindNrLine: 514 | uptoFindNrLine = idc.prev_head(uptoFindNrLine) 515 | op_uptoFindNrLine = idc.print_operand(uptoFindNrLine, 0) 516 | Mnem = idc.print_insn_mnem(uptoFindNrLine) 517 | if Mnem == "lw" and "a0" in op_uptoFindNrLine: 518 | funcStartAddrTemp = idc.get_func_attr(uptoFindNrLine, idc.FUNCATTR_START) 519 | xrefsTemp = list(idautils.XrefsTo(funcStartAddrTemp)) 520 | for xrefAddrTemp in xrefsTemp: 521 | MnemSegment = idc.print_insn_mnem(xrefAddrTemp.frm) 522 | if MnemSegment == "jalr": 523 | xrefs.append(xrefAddrTemp) 524 | if Mnem == "li" and "a0" in op_uptoFindNrLine: 525 | opString = idc.print_operand(uptoFindNrLine, 1) 526 | callNumber = int(opString, 16) 527 | funcAddr = idc.get_func_attr(uptoFindNrLine, idc.FUNCATTR_START) 528 | idc.set_name(funcAddr, mips_func[callNumber], SN_FORCE) 529 | print(mips_func[callNumber]) 530 | sum += 1 531 | continue 532 | print("LinuxFuncFinder_Mips32_IndirectCall finished！总共重命名%d个函数" % sum) 533 | 534 | def GetMainFunc(func): 535 | start = func.start_ea 536 | tmpMainAddr = idc.next_head(idc.next_head(idc.next_head(idc.next_head(idc.next_head(idc.next_head(start)))))) 537 | mainOP = idc.print_operand(tmpMainAddr, 1) 538 | if "sub" in mainOP: 539 | mainAddr = int(mainOP.split("sub_")[1], 16) 540 | end = idc.prev_head(func.end_ea) 541 | tmpInitMainAddr = idc.prev_head(idc.prev_head(idc.prev_head(idc.prev_head(idc.prev_head(end))))) 542 | initMainOP = idc.print_operand(tmpInitMainAddr, 1) 543 | initMainAddr = idc.get_name_ea_simple(initMainOP) 544 | print("main address = 0x%x" %mainAddr) 545 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 546 | idc.set_name(mainAddr, "main", SN_FORCE) 547 | elif "loc" in mainOP: 548 | mainAddr = int(mainOP.split("loc_")[1], 16) 549 | end = idc.prev_head(func.end_ea) 550 | tmpInitMainAddr = idc.prev_head(idc.prev_head(idc.prev_head(idc.prev_head(idc.prev_head(end))))) 551 | initMainOP = idc.print_operand(tmpInitMainAddr, 1) 552 | initMainAddr = idc.get_name_ea_simple(initMainOP) 553 | print("main address = 0x%x" %mainAddr) 554 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 555 | idc.set_name(mainAddr, "main", SN_FORCE) 556 | elif "unk" in mainOP: 557 | mainAddr = int(mainOP.split("unk_")[1], 16) 558 | end = idc.prev_head(func.end_ea) 559 | tmpInitMainAddr = idc.prev_head(idc.prev_head(idc.prev_head(idc.prev_head(idc.prev_head(end))))) 560 | initMainOP = idc.print_operand(tmpInitMainAddr, 1) 561 | initMainAddr = idc.get_name_ea_simple(initMainOP) 562 | print("main address = 0x%x" %mainAddr) 563 | idc.set_name(initMainAddr, "Init_Main", SN_FORCE) 564 | idc.set_name(mainAddr, "main", SN_FORCE) 565 | 566 | def RenameStartFunc(): 567 | startAddr = idc.get_name_ea_simple("start") 568 | func = idaapi.get_func(startAddr) 569 | if func != None: 570 | GetMainFunc(func) 571 | else: 572 | startAddr = idc.get_name_ea_simple("_start") 573 | func = idaapi.get_func(startAddr) 574 | if func != None: 575 | GetMainFunc(func) 576 | 577 | def main(): 578 | TS = TestSyscall() 579 | if TS == 1: 580 | ReName_DirectCall() 581 | elif TS == 2: 582 | ReName_IndirectCall() 583 | RenameStartFunc() 584 | 585 | if __name__ == "__main__": 586 | main() 587 | --------------------------------------------------------------------------------