想学习一下IDA,找了个路由器的镜像文件发进去,说是134号机器代码未收录在数据库中,该机器码对应cyan tchnology ecog2 microprocessor 。只分析出几行代码,其余均是dd。找了一个IDA-PYTHON脚本帮助继续识别函数:
class EnhancedAnalysis:
RESULT_OK = 0
RESULT_ERR = 1
WAS_BREAK = 2
def __init__(self):
self.data_segs = list()
self.code_segs = list()
def createUnresolvedFunctions(self):
"""
Analyze the code section to find every non-function byte and
create a function at that position. This is highly reliable
because CISCO compiler creates one function after another
and every instruction is aligned to 4bytes because of the
RISC arch.
"""
print '[+] Processing CODE segments:'
# Iterate through each code segment available
for seg in self.code_segs:
curr_address = seg.startEA
counter = 0
initial_funcs_qty = get_func_qty()
result = self.RESULT_OK
print ' Analyzing \'%s\'...' % SegName(seg.startEA),
# Start iteration on every non-function byte until we
# reach the end of the current working segment.
while curr_address < seg.endEA:
# If 'cancel' button was pressed, stop
# processing functions.
if wasBreak():
result = self.WAS_BREAK
print 'Cancelled'
return
# Get the next address that is not a function
# recognized by IDA.
Page 9 of 37
next_address=find_not_func(curr_address,SEARCH_DOWN)
if next_address != BADADDR and \
next_address != 0xFFFFFFFF:
if MakeFunction( next_address, BADADDR ) != 0:
counter += 1
curr_address = next_address;
# Check if we reached the end of the code segment
if get_item_size( curr_address ) == 0:
break
curr_address = get_item_end( curr_address )
# Detect an invalid item or function at the
# current position.
if curr_address == BADADDR or \
curr_address == 0xFFFFFFFF:
result = self.RESULT_ERR
break
print 'Done'
print '[+] Created a total of %d new functions' % counter
return result
结果不能成功运行,请达人帮助!
