JHUAPL/IDAPythonEmbeddedToolkit
1
0
Fork 0
mirror of https://github.com/JHUAPL/IDAPythonEmbeddedToolkit.git synced 2026-01-09 07:08:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
IDAPythonEmbeddedToolkit/make_strings.py
Maddie Stone 8880a668cf Initial Upload
2017-06-18 11:08:28 -04:00

67 lines
3.8 KiB
Python
Raw Permalink Blame History

##############################################################################################
# Copyright 2017 The Johns Hopkins University Applied Physics Laboratory LLC
# All rights reserved.
# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
# OR OTHER DEALINGS IN THE SOFTWARE.
##############################################################################################
# make_strings.py
# Searches the user entered address range for a series of ASCII bytes to define as strings.
# If the continuous series of ASCII bytes has a length greater or equal to minimum_length and
# ends with a character in string_end, the scripts undefines the bytes in the series
# and attempts to define it as a string.
#
# Input: start_addr: Start address for range to search for strings
# end_addr: End address for range to search for strings
#
##############################################################################################
################### USER DEFINED VALUES ###################
min_length = 5 # Minimum number of characters needed to define a string
string_end = [0x00] # Possible "ending characters" for strings. A string will not be
# defined if it does not end with one of these characters
###########################################################
start_addr = AskAddr(MinEA(), "Please enter the starting address for the data to be analyzed.")
end_addr = AskAddr(MaxEA(), "Please enter the ending address for the data to be analyzed.")
if ((start_addr is not None and end_addr is not None) and (start_addr != BADADDR and end_addr != BADADDR) and start_addr < end_addr):
string_start = start_addr
print "[make_strings.py] STARTING. Attempting to make strings with a minimum length of %d on data in range 0x%x to 0x%x" % (min_length, start_addr, end_addr)
num_strings = 0;
while string_start < end_addr:
num_chars = 0
curr_addr = string_start
while curr_addr < end_addr:
byte = Byte(curr_addr)
if ((byte < 0x7F and byte > 0x1F) or byte in (0x9, 0xD, 0xA)): # Determine if a byte is a "character" based on this ASCII range
num_chars += 1
curr_addr += 1
else:
if ((byte in string_end) and (num_chars >= min_length)):
MakeUnknown(string_start, curr_addr - string_start, DOUNK_SIMPLE)
if (MakeStr(string_start, curr_addr) == 1):
print "[make_strings.py] String created at 0x%x to 0x%x" % (string_start, curr_addr)
num_strings += 1
string_start = curr_addr
break
else:
print "[make_strings.py] String create FAILED at 0x%x to 0x%x" % (string_start, curr_addr)
break
else:
# String does not end with one of the defined "ending characters", does not meet the minimum string length, or is not an ASCII character
break
string_start += 1
print "[make_strings.py] FINISHED. Created %d strings in range 0x%x to 0x%x" % (num_strings, start_addr, end_addr)
else:
print "[make_strings.py] QUITTING. Entered address values not valid."
Reference in New Issue View Git Blame Copy Permalink