Halo,
Ketika bekerja di IDA, saya, dan mungkin juga Anda, sering harus berurusan dengan aplikasi yang memiliki jumlah kode yang cukup besar, tidak memiliki informasi simbolik dan, apalagi, mengandung banyak kode perpustakaan. Seringkali, kode tersebut harus dapat membedakannya dari yang ditulis oleh pengguna. Dan, jika saja int, void *ya const char *, Anda bisa keluar dengan tanda tangan saja (file sig dibuat menggunakan utilitas FLAIR) dikirimkan ke kode perpustakaan . Tetapi, jika Anda membutuhkan struktur, argumen, jumlah mereka, Anda tidak dapat melakukannya tanpa sihir tambahan ... Sebagai contoh, saya akan bekerja dengan game untuk Sony Playstation 1, menggunakan tulisan PSYQ v4.7.
Sihir ekstra
Bayangkan sebuah situasi: Anda menemukan firmware dari perangkat keras. ROM Bare-metal biasa (bahkan dengan RTOS). Atau game ROM. Dalam kasus seperti itu, kemungkinan besar, selama kompilasi beberapa SDK / DDK digunakan, yang memiliki satu set file LIB / H / OBJ yang ditempelkan oleh linker ke file final.
Rencana tindakan kami akan menjadi seperti ini:
- Ambil semua file lib / obj , dan buat tanda tangan (atau satu set tanda tangan) dari mereka. Ini akan membantu kami memisahkan kode perpustakaan yang terhubung secara statis.
- Ambil semua file-h dan buat tipe perpustakaan dari mereka. Perpustakaan ini menyimpan tidak hanya tipe data, tetapi juga informasi tentang nama dan tipe argumen untuk fungsi di mana tipe yang dideklarasikan digunakan.
- , .
- , .
sig-
FLAIR-, IDA. :
pcf— LIB/OBJ-parser, PAT- COFF-pelf— LIB/OBJ-, PAT- ELF- (Unix)plb— LIB/OBJ-parser, PAT- OMF-pmacho— MACH-O-, PAT- MACH-O- (MacOS)ppsx— OBJ-, PAT- PSYQptmobj— OBJ-, PAT- Trimediasigmake— PAT- SIG-, IDA
ppsx. bat-, lib- obj-, ppsx, PAT-. :
@echo off
ppsx -a 2MBYTE.OBJ psyq47.pat
ppsx -a 8MBYTE.OBJ psyq47.pat
ppsx -a LIBAPI.LIB psyq47.pat
ppsx -a LIBC.LIB psyq47.pat
ppsx -a LIBC2.LIB psyq47.pat
ppsx -a LIBCARD.LIB psyq47.pat
ppsx -a LIBCD.LIB psyq47.pat
ppsx -a LIBCOMB.LIB psyq47.pat
ppsx -a LIBDS.LIB psyq47.pat
ppsx -a LIBETC.LIB psyq47.pat
ppsx -a LIBGPU.LIB psyq47.pat
ppsx -a LIBGS.LIB psyq47.pat
ppsx -a LIBGTE.LIB psyq47.pat
ppsx -a LIBGUN.LIB psyq47.pat
ppsx -a LIBHMD.LIB psyq47.pat
ppsx -a LIBMATH.LIB psyq47.pat
ppsx -a LIBMCRD.LIB psyq47.pat
ppsx -a LIBMCX.LIB psyq47.pat
ppsx -a LIBPAD.LIB psyq47.pat
ppsx -a LIBPRESS.LIB psyq47.pat
ppsx -a LIBSIO.LIB psyq47.pat
ppsx -a ashldi3.obj psyq47.pat
ppsx -a ashrdi3.obj psyq47.pat
ppsx -a CACHE.OBJ psyq47.pat
ppsx -a clear_cache.obj psyq47.pat
ppsx -a CLOSE.OBJ psyq47.pat
ppsx -a cmpdi2.obj psyq47.pat
ppsx -a CREAT.OBJ psyq47.pat
ppsx -a ctors.obj psyq47.pat
ppsx -a divdi3.obj psyq47.pat
ppsx -a dummy.obj psyq47.pat
ppsx -a eh.obj psyq47.pat
ppsx -a eh_compat.obj psyq47.pat
ppsx -a exit.obj psyq47.pat
ppsx -a ffsdi2.obj psyq47.pat
ppsx -a fixdfdi.obj psyq47.pat
ppsx -a fixsfdi.obj psyq47.pat
ppsx -a fixtfdi.obj psyq47.pat
ppsx -a fixunsdfdi.obj psyq47.pat
ppsx -a fixunsdfsi.obj psyq47.pat
ppsx -a fixunssfdi.obj psyq47.pat
ppsx -a fixunssfsi.obj psyq47.pat
ppsx -a fixunstfdi.obj psyq47.pat
ppsx -a fixunsxfdi.obj psyq47.pat
ppsx -a fixunsxfsi.obj psyq47.pat
ppsx -a fixxfdi.obj psyq47.pat
ppsx -a floatdidf.obj psyq47.pat
ppsx -a floatdisf.obj psyq47.pat
ppsx -a floatditf.obj psyq47.pat
ppsx -a floatdixf.obj psyq47.pat
ppsx -a FSINIT.OBJ psyq47.pat
ppsx -a gcc_bcmp.obj psyq47.pat
ppsx -a LSEEK.OBJ psyq47.pat
ppsx -a lshrdi3.obj psyq47.pat
ppsx -a moddi3.obj psyq47.pat
ppsx -a muldi3.obj psyq47.pat
ppsx -a negdi2.obj psyq47.pat
ppsx -a new_handler.obj psyq47.pat
ppsx -a op_delete.obj psyq47.pat
ppsx -a op_new.obj psyq47.pat
ppsx -a op_vdel.obj psyq47.pat
ppsx -a op_vnew.obj psyq47.pat
ppsx -a OPEN.OBJ psyq47.pat
ppsx -a PROFILE.OBJ psyq47.pat
ppsx -a pure.obj psyq47.pat
ppsx -a read.obj psyq47.pat
ppsx -a shtab.obj psyq47.pat
ppsx -a snctors.obj psyq47.pat
ppsx -a SNDEF.OBJ psyq47.pat
ppsx -a SNMAIN.OBJ psyq47.pat
ppsx -a SNREAD.OBJ psyq47.pat
ppsx -a SNWRITE.OBJ psyq47.pat
ppsx -a trampoline.obj psyq47.pat
ppsx -a ucmpdi2.obj psyq47.pat
ppsx -a udiv_w_sdiv.obj psyq47.pat
ppsx -a udivdi3.obj psyq47.pat
ppsx -a udivmoddi4.obj psyq47.pat
ppsx -a umoddi3.obj psyq47.pat
ppsx -a varargs.obj psyq47.pat
ppsx -a write.obj psyq47.pat
ppsx -a LIBSND.LIB psyq47.pat
ppsx -a LIBSPU.LIB psyq47.pat
ppsx -a LIBTAP.LIB psyq47.pat
ppsx -a LOW.OBJ psyq47.pat
ppsx -a MCGUI.OBJ psyq47.pat
ppsx -a MCGUI_E.OBJ psyq47.pat
ppsx -a NOHEAP.OBJ psyq47.pat
ppsx -a NONE3.OBJ psyq47.pat
ppsx -a NOPRINT.OBJ psyq47.pat
ppsx -a POWERON.OBJ psyq47.patLIBSN.LIB , , OBJ- PSYLIB2.EXE, PSYQ. run_47.bat. :
2MBYTE.OBJ: skipped 0, total 1
8MBYTE.OBJ: skipped 0, total 1
LIBAPI.LIB: skipped 0, total 89
LIBC.LIB: skipped 0, total 55
LIBC2.LIB: skipped 0, total 50
LIBCARD.LIB: skipped 0, total 18
LIBCD.LIB: skipped 0, total 51
LIBCOMB.LIB: skipped 0, total 3
LIBDS.LIB: skipped 0, total 36
LIBETC.LIB: skipped 0, total 8
LIBGPU.LIB: skipped 0, total 60
LIBGS.LIB: skipped 0, total 167
LIBGTE.LIB: skipped 0, total 535
LIBGUN.LIB: skipped 0, total 2
LIBHMD.LIB: skipped 0, total 585
LIBMATH.LIB: skipped 0, total 59
LIBMCRD.LIB: skipped 0, total 7
LIBMCX.LIB: skipped 0, total 31
LIBPAD.LIB: skipped 0, total 21
LIBPRESS.LIB: skipped 0, total 7
LIBSIO.LIB: skipped 0, total 4
ashldi3.obj: skipped 0, total 1
ashrdi3.obj: skipped 0, total 1
CACHE.OBJ: skipped 0, total 1
clear_cache.obj: skipped 0, total 1
CLOSE.OBJ: skipped 0, total 1
cmpdi2.obj: skipped 0, total 1
CREAT.OBJ: skipped 0, total 1
ctors.obj: skipped 0, total 0
divdi3.obj: skipped 0, total 1
dummy.obj: skipped 0, total 1
Fatal: Illegal relocation information at file pos 0000022D
eh_compat.obj: skipped 0, total 1
exit.obj: skipped 0, total 1
ffsdi2.obj: skipped 0, total 1
fixdfdi.obj: skipped 0, total 1
fixsfdi.obj: skipped 0, total 1
fixtfdi.obj: skipped 0, total 0
fixunsdfdi.obj: skipped 0, total 1
fixunsdfsi.obj: skipped 0, total 1
fixunssfdi.obj: skipped 0, total 1
fixunssfsi.obj: skipped 0, total 1
fixunstfdi.obj: skipped 0, total 0
fixunsxfdi.obj: skipped 0, total 0
fixunsxfsi.obj: skipped 0, total 0
fixxfdi.obj: skipped 0, total 0
floatdidf.obj: skipped 0, total 1
floatdisf.obj: skipped 0, total 1
floatditf.obj: skipped 0, total 0
floatdixf.obj: skipped 0, total 0
FSINIT.OBJ: skipped 0, total 1
gcc_bcmp.obj: skipped 0, total 1
LSEEK.OBJ: skipped 0, total 1
lshrdi3.obj: skipped 0, total 1
moddi3.obj: skipped 0, total 1
muldi3.obj: skipped 0, total 1
negdi2.obj: skipped 0, total 1
Fatal: Illegal relocation information at file pos 0000013D
op_delete.obj: skipped 0, total 1
op_new.obj: skipped 0, total 1
op_vdel.obj: skipped 0, total 1
op_vnew.obj: skipped 0, total 1
OPEN.OBJ: skipped 0, total 1
PROFILE.OBJ: skipped 0, total 1
pure.obj: skipped 0, total 1
Fatal: Unknown record type 60 at 0000015F
shtab.obj: skipped 0, total 0
Fatal: Unknown record type 60 at 000000EE
SNDEF.OBJ: skipped 0, total 0
SNMAIN.OBJ: skipped 0, total 1
SNREAD.OBJ: skipped 0, total 1
SNWRITE.OBJ: skipped 0, total 1
trampoline.obj: skipped 0, total 0
ucmpdi2.obj: skipped 0, total 1
udiv_w_sdiv.obj: skipped 0, total 1
udivdi3.obj: skipped 0, total 1
udivmoddi4.obj: skipped 0, total 1
umoddi3.obj: skipped 0, total 1
varargs.obj: skipped 0, total 1
Fatal: Unknown record type 60 at 00000160
LIBSND.LIB: skipped 0, total 223
LIBSPU.LIB: skipped 0, total 126
LIBTAP.LIB: skipped 0, total 1
LOW.OBJ: skipped 0, total 1
Fatal: can't find symbol F003
MCGUI_E.OBJ: skipped 0, total 1
NOHEAP.OBJ: skipped 0, total 1
NONE3.OBJ: skipped 0, total 1
NOPRINT.OBJ: skipped 0, total 1
POWERON.OBJ: skipped 0, total 1, 1 (total 1), , . PAT- SIG-:
sigmake -n"PsyQ v4.7" psyq47.pat psyq47.sig
psyq47.sig: modules/leaves: 1345/2177, COLLISIONS: 21
See the documentation to learn how to resolve collisions.:
psyq47.err—psyq47.exc—psyq47.pat—
.exc-. :
;--------- (delete these lines to allow sigmake to read this file)
; add '+' at the start of a line to select a module
; add '-' if you are not sure about the selection
; do nothing if you want to exclude all modules ---------, , , . , . :
CdPosToInt 60 A21C 0000839001008690022903008010050021104500401002000F00633021104300
DsPosToInt 60 A21C 0000839001008690022903008010050021104500401002000F00633021104300, , , . , +. . .
, , SIG-. IDA.
til-
, .. . tilib, (, -, ida.hlp ).
include- SDK/DDK. , "Parse C header file..." IDA. readme:
Its functionality overlaps with "Parse C header file..." from IDA Pro.
However, this utility is easier to use and provides more control
over the output. Also, it can handle the preprocessor symbols, while
the built-in command ignores them.
: , . -Gn.
, include-. , include- :
#include "header1.h"
#include "header2.h"
#include "header3.h"
// ... -hFileName.h. , header- :
tilib -c -Gn -I. -hpsyq47.h psyq47.til til-, . IDA: sig\mips.
ROM- IDA, . , . Options->Compiler:
Unknown GNU C++ ( PSX). :
Shift+F5 ( View->Open subviews->Signatures), Insert :
OK , ( 482 ).
, (til-). Shift+F11 ( View->Open subviews->Type libraries) , IDA ( , ):
til- ( , Insert):
, :
, :
P.S.
, . -!