Created
July 9, 2017 18:05
-
-
Save jantore/63c9fc4792a482c59c62c8bbfa99b07f to your computer and use it in GitHub Desktop.
IDAPython script for finding functions in PPC code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idc | |
| # When setting up a new stack frame, r0 is used to store the old link | |
| # register, and r1 is the stack pointer. Some compilers create the | |
| # following function prologue: | |
| # stwu r1, d(r1) | |
| # mflr r0 | |
| prologue = "94 21 ? ? 7C 08 02 A6" | |
| ea = MinEA() | |
| while ea != idc.BADADDR: | |
| ea = idc.FindBinary(ea + 4, 1, prologue, 16) | |
| if not idc.GetFunctionName(ea): | |
| idc.MakeFunction(ea) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment