darkarnium · November 14, 2022 15:33 · darkarnium · Nov 14, 2022
diff --git a/ida-procedures-from-kallsyms.py b/ida-procedures-from-kallsyms.py
 '''
 Attempts to mark all addresses indicated by kallsyms as procedures, and renames
 to match.

 This script assumes that the contents of /proc/kallsyms from the target device
 has been copied into the same directory as this script. It also assumes that
 the relocation base / offset is properly set below.

 Author: Peter Adkins (@Darkarnium)
 '''
 import os
 import sys


 RELA_OFFSET = 0xFFFFFFFF
 KALLSYMS_FILE = 'kallsyms'


 try:
    kallsyms_raw = []
    kallsyms_path = os.path.join(
        os.path.dirname(os.path.realpath(os.path.expanduser(__file__))),
        KALLSYMS_FILE
    )
    with open(kallsyms_path, 'r') as fin:
        kallsyms_raw = fin.read().split('\n')
 except IOError as err:
    print('[!] Unable to read from {0}: {1}'.format(kallsyms_path, err))
    sys.exit(-1)

 # Process kallsyms, ignoring modules and fixing offset.
 for symbol in kallsyms_raw:
    if not symbol:
        continue

    # Split into components, and skip if a module or malformed.
    symbol_parts = symbol.strip('\n').split(' ')
    if len(symbol_parts) != 3 or '[' in symbol_parts[2]:
        continue

    # Calculate the address before relocation.
    # addr = int(symbol_parts[0], 16) ^ RELA_OFFSET
    addr = int(symbol_parts[0], 16)
    name = '{0}_{1:0x}'.format(symbol_parts[2], addr)

    # Attempt to set the name.
    if idc.set_name(addr, name, idc.SN_NOWARN) != 1:
        print('[!] Unable to set name for {0} (0x{1:0x})'.format(name, addr))

    # Attempt to mark as a procedure, and wait for AA.
    ida_auto.auto_make_proc(addr)
    ida_auto.auto_wait()

    if not ida_bytes.is_code(ida_bytes.get_full_flags(addr)):
        print('[!] Unable to mark {0} (0x{1:0x}) as code'.format(name, addr))
        continue
	'''
	Attempts to mark all addresses indicated by kallsyms as procedures, and renames
	to match.

	This script assumes that the contents of /proc/kallsyms from the target device
	has been copied into the same directory as this script. It also assumes that
	the relocation base / offset is properly set below.

	Author: Peter Adkins (@Darkarnium)
	'''
	import os
	import sys


	RELA_OFFSET = 0xFFFFFFFF
	KALLSYMS_FILE = 'kallsyms'


	try:
	kallsyms_raw = []
	kallsyms_path = os.path.join(
	os.path.dirname(os.path.realpath(os.path.expanduser(__file__))),
	KALLSYMS_FILE
	)
	with open(kallsyms_path, 'r') as fin:
	kallsyms_raw = fin.read().split('\n')
	except IOError as err:
	print('[!] Unable to read from {0}: {1}'.format(kallsyms_path, err))
	sys.exit(-1)

	# Process kallsyms, ignoring modules and fixing offset.
	for symbol in kallsyms_raw:
	if not symbol:
	continue

	# Split into components, and skip if a module or malformed.
	symbol_parts = symbol.strip('\n').split(' ')
	if len(symbol_parts) != 3 or '[' in symbol_parts[2]:
	continue

	# Calculate the address before relocation.
	# addr = int(symbol_parts[0], 16) ^ RELA_OFFSET
	addr = int(symbol_parts[0], 16)
	name = '{0}_{1:0x}'.format(symbol_parts[2], addr)

	# Attempt to set the name.
	if idc.set_name(addr, name, idc.SN_NOWARN) != 1:
	print('[!] Unable to set name for {0} (0x{1:0x})'.format(name, addr))

	# Attempt to mark as a procedure, and wait for AA.
	ida_auto.auto_make_proc(addr)
	ida_auto.auto_wait()

	if not ida_bytes.is_code(ida_bytes.get_full_flags(addr)):
	print('[!] Unable to mark {0} (0x{1:0x}) as code'.format(name, addr))
	continue