Various scripts for Gidhra reverse engineering suite
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

80 lines
2.9 KiB

# DynamoRIO coverage visualization script
#@author hackade <ben@hackade.org>
#@category Hackade Scripts
from os.path import basename
from os import linesep
from ghidra.app.plugin.core.colorizer import ColorizingService
from ghidra.app.script import GhidraScript
from docking.options.editor import GhidraColorChooser
from ghidra.program.model.listing import Program
from ghidra.program.model.mem import Memory, MemoryBlock
from ghidra.program.model.address import Address
from ghidra.program.model.address import AddressSet
from ghidra.util import Msg
from java.awt import Color
from java.lang import IllegalArgumentException
print "DynamoRIO coverage visualization"
# Get executables addresses ranges
executable_addr_range = []
image_base = currentProgram.getImageBase().getOffset()
print "Image base is 0x%x" % int(image_base)
filename = basename(currentProgram.getExecutablePath())
print filename
blocks = currentProgram.getMemory().getBlocks()
for block in blocks:
if block.isExecute():
start = block.getStart().getOffset() - image_base
end = block.getEnd().getOffset() - image_base
executable_addr_range.append((start, end))
# Select the trace file
try:
trace_file = askFile("FILE", "Choose a file")
except IllegalArgumentException as error:
Msg.warn(self, "Error during headless processing: " + error.toString())
addresses = AddressSet()
Module_Table_Found = False
Target_Module_Found = False
with open(str(trace_file), "r") as f:
for line in f.readlines():
if not Module_Table_Found:
if line.startswith("Module Table"):
Module_Table_Found = True
print "Module table found"
continue
if Module_Table_Found and not Target_Module_Found:
if line.endswith(filename + linesep):
Target_Module_Found = True
target_module = int(line.split(",")[0])
print "Target module ID is %d" % target_module
if Target_Module_Found:
module_str = ("module[%3d]:" % target_module)
if line.startswith(module_str):
iaddr = int(line.split(':')[1].split(',')[0],16)
size = int(line.split(',')[1])
for block in executable_addr_range:
if iaddr >= block[0] and iaddr <= block[1]:
saddr = ("0x%x" % (iaddr+int(image_base)))
addr_start = currentProgram.parseAddress(saddr)[0]
addr_end = addr_start.add(size)
addr = addr_start
while addr != addr_end:
addresses.add(addr)
addr = addr.next()
# Choose a color
colorchooser = GhidraColorChooser()
color = colorchooser.showDialog(None)
# Taints addrresses
service = state.getTool().getService(ColorizingService)
if service is None:
print "Can't find ColorizingService service"
service.setBackgroundColor(addresses, color)