darkarnium · December 20, 2019 11:40
diff --git a/arm-ldr-string-patchup.py b/arm-ldr-string-patchup.py
 import idautils

 # Define the addresses to 'scan' for literal pools.
 rom_scan_start = 0x8000000
 rom_scan_end = 0x807FFFF

 ldr_addrs = dict()


 def get_ldr_psudo_instructions(s_addr, e_addr):
    '''
    Attempts to build a dictionary of all LDR pseudo-instructions where an
    immediate value is referenced. These are pushed into a dictionary keyed by
    their address, with the immediate address as the value.

    Args:
        s_addr (int): The starting to start scanning at.
        e_addr (int): The address to stop scanning at.
    
    Returns:
        A dictionary of LDR pseudo-immediate instructions. Keyed by address,
        with the address of the immediate as the value.
    '''
    matches = dict()

    c_addr = s_addr
    while c_addr < e_addr:
        size = get_item_size(c_addr)

        # Check if this is an LDR instruction, and if so, record the address
        # and associated immediate address.
        if print_insn_mnem(c_addr) == 'LDR':
            try:
                matches[c_addr] = ida_ua.get_immvals(c_addr, 1)[0]
            except IndexError:
                pass

        c_addr += size

    return matches


 # First up, enumerate all LDR immediate instructions to speed things up.
 ldr_addrs = get_ldr_psudo_instructions(rom_scan_start, rom_scan_end)

 # Next, loop over all string addresses, and check whether they are referenced
 # in any LDR operations.
 for string in idautils.Strings():
    print('[-] Looking for LDR with string from 0x{0:0x}'.format(string.ea))

    for addr, immediate in ldr_addrs.items():
        # Ignore ourselves.
        if addr == string.ea:
            continue

        # For everything else, try and find and references, and patch them up.
        if string.ea == immediate:
            print(
                '[+] LDR at 0x{0:0x} is ref. to string at 0x{0:0x}'.format(
                    immediate,
                    string.ea
                )
            )

            # Add the reference.
            if add_dref(addr, string.ea, dr_R):
                print('[+] Successfully created data reference')
            else:
                print('[!] Failed to create data reference')
	import idautils

	# Define the addresses to 'scan' for literal pools.
	rom_scan_start = 0x8000000
	rom_scan_end = 0x807FFFF

	ldr_addrs = dict()


	def get_ldr_psudo_instructions(s_addr, e_addr):
	'''
	Attempts to build a dictionary of all LDR pseudo-instructions where an
	immediate value is referenced. These are pushed into a dictionary keyed by
	their address, with the immediate address as the value.

	Args:
	s_addr (int): The starting to start scanning at.
	e_addr (int): The address to stop scanning at.

	Returns:
	A dictionary of LDR pseudo-immediate instructions. Keyed by address,
	with the address of the immediate as the value.
	'''
	matches = dict()

	c_addr = s_addr
	while c_addr < e_addr:
	size = get_item_size(c_addr)

	# Check if this is an LDR instruction, and if so, record the address
	# and associated immediate address.
	if print_insn_mnem(c_addr) == 'LDR':
	try:
	matches[c_addr] = ida_ua.get_immvals(c_addr, 1)[0]
	except IndexError:
	pass

	c_addr += size

	return matches


	# First up, enumerate all LDR immediate instructions to speed things up.
	ldr_addrs = get_ldr_psudo_instructions(rom_scan_start, rom_scan_end)

	# Next, loop over all string addresses, and check whether they are referenced
	# in any LDR operations.
	for string in idautils.Strings():
	print('[-] Looking for LDR with string from 0x{0:0x}'.format(string.ea))

	for addr, immediate in ldr_addrs.items():
	# Ignore ourselves.
	if addr == string.ea:
	continue

	# For everything else, try and find and references, and patch them up.
	if string.ea == immediate:
	print(
	'[+] LDR at 0x{0:0x} is ref. to string at 0x{0:0x}'.format(
	immediate,
	string.ea
	)
	)

	# Add the reference.
	if add_dref(addr, string.ea, dr_R):
	print('[+] Successfully created data reference')
	else:
	print('[!] Failed to create data reference')