from
idautils
import
*
from
idaapi
import
*
from
idc
import
*
import
subprocess
for
segea
in
Segments():
for
funcea
in
Functions(segea, get_segm_end(segea)):
for
(startea, endea)
in
Chunks(funcea):
for
line
in
Heads(startea, endea):
if
idc.GetDisasm(line)
in
[
"ADRP X8, #dword_C0144@PAGE"
, \
"ADRP X8, #dword_C0140@PAGE"
, \
"ADRP X8, #dword_C013C@PAGE"
, \
"ADRP X8, #dword_C0138@PAGE"
, \
"ADRP X8, #dword_C0134@PAGE"
, \
"ADRP X8, #dword_C0130@PAGE"
, \
"ADRP X8, #dword_C012C@PAGE"
, \
"ADRP X8, #dword_C0128@PAGE"
, \
"ADRP X8, #dword_C0124@PAGE"
, \
"ADRP X8, #dword_C0120@PAGE"
, \
"ADRP X8, #dword_C011C@PAGE"
, \
"ADRP X8, #dword_C0118@PAGE"
]:
pi
=
subprocess.Popen([
'D:\\keystone-0.9.2-win64\\kstool.exe'
,
'arm64'
,
'ADRP X8, 0xA0000'
,
hex
(line)], shell
=
True
, stdout
=
subprocess.PIPE)
output
=
pi.stdout.read()
asmcode
=
str
(output[
20
:
33
])[:
-
1
]
asmcode
=
asmcode.split(
" "
)
asmcode
=
"0x"
+
asmcode[
4
]
+
asmcode[
3
]
+
asmcode[
2
]
+
asmcode[
1
]
print
(asmcode)
patch_dword(line,
int
(asmcode,
16
))
elif
idc.GetDisasm(line)
in
[
"ADRP X9, #dword_C0140@PAGE"
, \
"ADRP X9, #dword_C013C@PAGE"
, \
"ADRP X9, #dword_C0138@PAGE"
, \
"ADRP X9, #dword_C0134@PAGE"
, \
"ADRP X9, #dword_C0130@PAGE"
, \
"ADRP X9, #dword_C012C@PAGE"
, \
"ADRP X9, #dword_C0128@PAGE"
, \
"ADRP X9, #dword_C0124@PAGE"
, \
"ADRP X9, #dword_C0120@PAGE"
, \
"ADRP X9, #dword_C011C@PAGE"
, \
"ADRP X9, #dword_C0118@PAGE"
]:
pi
=
subprocess.Popen([
'D:\\keystone-0.9.2-win64\\kstool.exe'
,
'arm64'
,
'ADRP X9, 0xA0000'
,
hex
(line)], shell
=
True
, stdout
=
subprocess.PIPE)
output
=
pi.stdout.read()
asmcode
=
str
(output[
20
:
33
])[:
-
1
]
asmcode
=
asmcode.split(
" "
)
asmcode
=
"0x"
+
asmcode[
4
]
+
asmcode[
3
]
+
asmcode[
2
]
+
asmcode[
1
]
print
(asmcode)
patch_dword(line,
int
(asmcode,
16
))
elif
idc.GetDisasm(line)
in
[
"ADRP X10, #dword_C0140@PAGE"
, \
"ADRP X10, #dword_C013C@PAGE"
, \
"ADRP X10, #dword_C0138@PAGE"
, \
"ADRP X10, #dword_C0134@PAGE"
, \
"ADRP X10, #dword_C0130@PAGE"
, \
"ADRP X10, #dword_C012C@PAGE"
, \
"ADRP X10, #dword_C0128@PAGE"
, \
"ADRP X10, #dword_C0124@PAGE"
, \
"ADRP X10, #dword_C0120@PAGE"
, \
"ADRP X10, #dword_C011C@PAGE"
, \
"ADRP X10, #dword_C0118@PAGE"
]:
pi
=
subprocess.Popen([
'D:\\keystone-0.9.2-win64\\kstool.exe'
,
'arm64'
,
'ADRP X10, 0xA0000'
,
hex
(line)], shell
=
True
, stdout
=
subprocess.PIPE)
output
=
pi.stdout.read()
asmcode
=
str
(output[
20
:
33
])[:
-
1
]
asmcode
=
asmcode.split(
" "
)
asmcode
=
"0x"
+
asmcode[
4
]
+
asmcode[
3
]
+
asmcode[
2
]
+
asmcode[
1
]
print
(asmcode)
patch_dword(line,
int
(asmcode,
16
))