Merge pull request 'Added script for dumping C callbacks' (#7) from Strongleong/ScrapHacks:callbacks into master

Reviewed-on: Earthnuker/ScrapHacks#7
This commit is contained in:
Daniel S. 2023-02-04 11:24:00 +00:00
commit b5afe0e2a5

View file

@ -0,0 +1,58 @@
from ghidra.app.decompiler import DecompileOptions
from ghidra.app.decompiler import DecompInterface
from ghidra.util.task import ConsoleTaskMonitor
TARGET_FUNC = "add_callback"
def xref_params(target_func):
target_addr = 0
callers = []
funcs = getGlobalFunctions(target_func)
for func in funcs:
if func.getName() == target_func:
target_addr = func.getEntryPoint()
references = getReferencesTo(target_addr)
for xref in references:
call_addr = xref.getFromAddress()
caller = getFunctionContaining(call_addr)
callers.append(caller)
break
callers = list(set(callers))
options = DecompileOptions()
monitor = ConsoleTaskMonitor()
ifc = DecompInterface()
ifc.setOptions(options)
ifc.openProgram(currentProgram)
with open("callbacks.md", "w") as file:
res = "|Callback setup address|Callback name|Callback funcion|Callback address|"
print(res)
file.write(res + "\n")
res = "|-----|----|----|--------|"
print(res)
file.write(res + "\n")
for caller in callers:
callback_setup_addr = caller.getEntryPoint()
res = ifc.decompileFunction(caller, 60, monitor)
code = str(res.getDecompiledFunction().getC())
code = code.split(target_func)[1]
code = code.split(';')[0]
code = code.strip()
code = code.split(',')
callback_name = code[1].strip()
callback_func = code[2].strip()[:-1].strip().replace('_', '.')
res = ifc.decompileFunction(caller, 60, monitor)
hf = res.getHighFunction()
opiter = hf.getPcodeOps()
callback_addr = "not found"
while opiter.hasNext():
op = opiter.next()
mnemonic = op.getMnemonic()
if mnemonic == "CALL":
core_func = op.getInput(3)
callback_addr = toAddr(core_func.getDef().getInput(1).getOffset())
res = "|`{}`|{}|`{}`|`{}`|".format(callback_setup_addr, callback_name, callback_func, callback_addr)
print(res)
file.write(res + "\n")
xref_params(TARGET_FUNC)