gabe-k · January 29, 2018 05:03
diff --git a/label_syscalls.py b/label_syscalls.py
 # based on info from switchbrew and reswitched
 from idaapi import *
 from idc import *

 syscall_map = {
    0x01: "svcSetHeapSize",
    0x02: "svcSetMemoryPermission",
    0x03: "svcSetMemoryAttribute",
    0x04: "svcMapMemory",
    0x05: "svcUnmapMemory",
    0x06: "svcQueryMemory",
    0x07: "svcExitProcess",
    0x08: "svcCreateThread",
    0x09: "svcStartThread",
    0x0A: "svcExitThread",
    0x0B: "svcSleepThread",
    0x0C: "svcGetThreadPriority",
    0x0D: "svcSetThreadPriority",
    0x0E: "svcGetThreadCoreMask",
    0x0F: "svcSetThreadCoreMask",
    0x10: "svcGetCurrentProcessorNumber",
    0x11: "svcSignalEvent",
    0x12: "svcClearEvent",
    0x13: "svcMapSharedMemory",
    0x14: "svcUnmapSharedMemory",
    0x15: "svcCreateTransferMemory",
    0x16: "svcCloseHandle",
    0x17: "svcResetSignal",
    0x18: "svcWaitSynchronization",
    0x19: "svcCancelSynchronization",
    0x1A: "svcArbitrateLock",
    0x1B: "svcArbitrateUnlock",
    0x1C: "svcWaitProcessWideKeyAtomic",
    0x1D: "svcSignalProcessWideKey",
    0x1E: "svcGetSystemTick",
    0x1F: "svcConnectToNamedPort", 
    0x20: "svcSendSyncRequestLight",
    0x21: "svcSendSyncRequest",
    0x22: "svcSendSyncRequestWithUserBuffer",
    0x23: "svcSendAsyncRequestWithUserBuffer",
    0x25: "svcGetThreadId",
    0x26: "svcBreak",
    0x27: "svcOutputDebugString",
    0x28: "svcReturnFromException",
    0x29: "svcGetInfo",
    0x2A: "svcFlushEntireDataCache",
    0x2B: "svcFlushDataCache",
    0x2C: "svcMapPhysicalMemory",
    0x2D: "svcUnmapPhysicalMemory",
    0x2F: "svcGetLastThreadInfo",
    0x30: "svcGetResourceLimitLimitValue",
    0x31: "svcGetResourceLimitCurrentValue",
    0x32: "svcSetThreadActivity",
    0x33: "svcGetThreadContext3",
    0x3C: "svcDumpInfo",
    0x3D: "svcDumpInfoNew",
    0x40: "svcCreateSession",
    0x41: "svcAcceptSession",
    0x42: "svcReplyAndReceiveLight",
    0x43: "svcReplyAndReceive", 
    0x44: "svcReplyAndReceiveWithUserBuffer",
    0x45: "svcCreateEvent",
    0x4B: "svcCreateJitMemory",
    0x4C: "svcMapJitMemory",
    0x4D: "svcSleepSystem",
    0x4E: "svcReadWriteRegister",
    0x4F: "svcSetProcessActivity",
    0x50: "svcCreateSharedMemory",
    0x51: "svcMapTransferMemory",
    0x52: "svcUnmapTransferMemory",
    0x53: "svcCreateInterruptEvent",
    0x54: "svcQueryPhysicalAddress",
    0x55: "svcQueryIoMapping",
    0x56: "svcCreateDeviceAddressSpace",
    0x57: "svcAttachDeviceAddressSpace",
    0x58: "svcDetachDeviceAddressSpace",
    0x59: "svcMapDeviceAddressSpaceByForce",
    0x5A: "svcMapDeviceAddressSpaceAligned",
    0x5B: "svcMapDeviceAddressSpace",
    0x5C: "svcUnmapDeviceAddressSpace",
    0x5D: "svcInvalidateProcessDataCache",
    0x5E: "svcStoreProcessDataCache",
    0x5F: "svcFlushProcessDataCache",
    0x60: "svcDebugActiveProcess",
    0x61: "svcBreakDebugProcess",
    0x62: "svcTerminateDebugProcess",
    0x63: "svcGetDebugEvent",
    0x64: "svcContinueDebugEvent",
    0x65: "svcGetProcessList",
    0x66: "svcGetThreadList",
    0x67: "svcGetDebugThreadContext",
    0x68: "svcSetDebugThreadContext",
    0x69: "svcQueryDebugProcessMemory",
    0x6A: "svcReadDebugProcessMemory",
    0x6B: "svcWriteDebugProcessMemory",
    0x6C: "svcSetHardwareBreakPoint",
    0x6D: "svcGetDebugThreadParam",
    0x70: "svcCreatePort",
    0x71: "svcManageNamedPort",
    0x72: "svcConnectToPort",
    0x73: "svcSetProcessMemoryPermission",
    0x74: "svcMapProcessMemory",
    0x75: "svcUnmapProcessMemory",
    0x76: "svcQueryProcessMemory",
    0x77: "svcMapProcessCodeMemory",
    0x78: "svcUnmapProcessCodeMemory",
    0x79: "svcCreateProcess",
    0x7A: "svcStartProcess",
    0x7B: "svcTerminateProcess",
    0x7C: "svcGetProcessInfo",
    0x7D: "svcCreateResourceLimit",
    0x7E: "svcSetResourceLimitLimitValue",
    0x7F: "svcCallSecureMonitor"
 }

 for segea in Segments():
    for funcea in Functions(segea, SegEnd(segea)):
        for (startea, endea) in Chunks(funcea):
            for head in Heads(startea, endea):
                if GetMnem(head) == 'SVC':
                    syscall_num = GetOperandValue(head, 0)
                    if syscall_num in syscall_map:
                        MakeNameEx(startea, syscall_map[syscall_num], SN_NOWARN)
                    else:
                        MakeNameEx(startea, "svcUnknown" + hex(syscall_num)[:-1], SN_NOWARN)
	# based on info from switchbrew and reswitched
	from idaapi import *
	from idc import *

	syscall_map = {
	0x01: "svcSetHeapSize",
	0x02: "svcSetMemoryPermission",
	0x03: "svcSetMemoryAttribute",
	0x04: "svcMapMemory",
	0x05: "svcUnmapMemory",
	0x06: "svcQueryMemory",
	0x07: "svcExitProcess",
	0x08: "svcCreateThread",
	0x09: "svcStartThread",
	0x0A: "svcExitThread",
	0x0B: "svcSleepThread",
	0x0C: "svcGetThreadPriority",
	0x0D: "svcSetThreadPriority",
	0x0E: "svcGetThreadCoreMask",
	0x0F: "svcSetThreadCoreMask",
	0x10: "svcGetCurrentProcessorNumber",
	0x11: "svcSignalEvent",
	0x12: "svcClearEvent",
	0x13: "svcMapSharedMemory",
	0x14: "svcUnmapSharedMemory",
	0x15: "svcCreateTransferMemory",
	0x16: "svcCloseHandle",
	0x17: "svcResetSignal",
	0x18: "svcWaitSynchronization",
	0x19: "svcCancelSynchronization",
	0x1A: "svcArbitrateLock",
	0x1B: "svcArbitrateUnlock",
	0x1C: "svcWaitProcessWideKeyAtomic",
	0x1D: "svcSignalProcessWideKey",
	0x1E: "svcGetSystemTick",
	0x1F: "svcConnectToNamedPort",
	0x20: "svcSendSyncRequestLight",
	0x21: "svcSendSyncRequest",
	0x22: "svcSendSyncRequestWithUserBuffer",
	0x23: "svcSendAsyncRequestWithUserBuffer",
	0x25: "svcGetThreadId",
	0x26: "svcBreak",
	0x27: "svcOutputDebugString",
	0x28: "svcReturnFromException",
	0x29: "svcGetInfo",
	0x2A: "svcFlushEntireDataCache",
	0x2B: "svcFlushDataCache",
	0x2C: "svcMapPhysicalMemory",
	0x2D: "svcUnmapPhysicalMemory",
	0x2F: "svcGetLastThreadInfo",
	0x30: "svcGetResourceLimitLimitValue",
	0x31: "svcGetResourceLimitCurrentValue",
	0x32: "svcSetThreadActivity",
	0x33: "svcGetThreadContext3",
	0x3C: "svcDumpInfo",
	0x3D: "svcDumpInfoNew",
	0x40: "svcCreateSession",
	0x41: "svcAcceptSession",
	0x42: "svcReplyAndReceiveLight",
	0x43: "svcReplyAndReceive",
	0x44: "svcReplyAndReceiveWithUserBuffer",
	0x45: "svcCreateEvent",
	0x4B: "svcCreateJitMemory",
	0x4C: "svcMapJitMemory",
	0x4D: "svcSleepSystem",
	0x4E: "svcReadWriteRegister",
	0x4F: "svcSetProcessActivity",
	0x50: "svcCreateSharedMemory",
	0x51: "svcMapTransferMemory",
	0x52: "svcUnmapTransferMemory",
	0x53: "svcCreateInterruptEvent",
	0x54: "svcQueryPhysicalAddress",
	0x55: "svcQueryIoMapping",
	0x56: "svcCreateDeviceAddressSpace",
	0x57: "svcAttachDeviceAddressSpace",
	0x58: "svcDetachDeviceAddressSpace",
	0x59: "svcMapDeviceAddressSpaceByForce",
	0x5A: "svcMapDeviceAddressSpaceAligned",
	0x5B: "svcMapDeviceAddressSpace",
	0x5C: "svcUnmapDeviceAddressSpace",
	0x5D: "svcInvalidateProcessDataCache",
	0x5E: "svcStoreProcessDataCache",
	0x5F: "svcFlushProcessDataCache",
	0x60: "svcDebugActiveProcess",
	0x61: "svcBreakDebugProcess",
	0x62: "svcTerminateDebugProcess",
	0x63: "svcGetDebugEvent",
	0x64: "svcContinueDebugEvent",
	0x65: "svcGetProcessList",
	0x66: "svcGetThreadList",
	0x67: "svcGetDebugThreadContext",
	0x68: "svcSetDebugThreadContext",
	0x69: "svcQueryDebugProcessMemory",
	0x6A: "svcReadDebugProcessMemory",
	0x6B: "svcWriteDebugProcessMemory",
	0x6C: "svcSetHardwareBreakPoint",
	0x6D: "svcGetDebugThreadParam",
	0x70: "svcCreatePort",
	0x71: "svcManageNamedPort",
	0x72: "svcConnectToPort",
	0x73: "svcSetProcessMemoryPermission",
	0x74: "svcMapProcessMemory",
	0x75: "svcUnmapProcessMemory",
	0x76: "svcQueryProcessMemory",
	0x77: "svcMapProcessCodeMemory",
	0x78: "svcUnmapProcessCodeMemory",
	0x79: "svcCreateProcess",
	0x7A: "svcStartProcess",
	0x7B: "svcTerminateProcess",
	0x7C: "svcGetProcessInfo",
	0x7D: "svcCreateResourceLimit",
	0x7E: "svcSetResourceLimitLimitValue",
	0x7F: "svcCallSecureMonitor"
	}

	for segea in Segments():
	for funcea in Functions(segea, SegEnd(segea)):
	for (startea, endea) in Chunks(funcea):
	for head in Heads(startea, endea):
	if GetMnem(head) == 'SVC':
	syscall_num = GetOperandValue(head, 0)
	if syscall_num in syscall_map:
	MakeNameEx(startea, syscall_map[syscall_num], SN_NOWARN)
	else:
	MakeNameEx(startea, "svcUnknown" + hex(syscall_num)[:-1], SN_NOWARN)