IDAPython script to resolve functions in UEFI firmware loaded with efiXloader

efixloader_define_funcs.py

# IDAPython script to resolve functions in UEFI firmware
# loaded with efiXloader

import ida_bytes
import ida_funcs
import ida_idaapi
import idautils
import idc


def search_all(start_ea, end_ea, data):
    res = list()
    while True:
        ea = ida_bytes.bin_search(
            start_ea, end_ea, data, None, ida_bytes.BIN_SEARCH_FORWARD, 0
        )

        if ea == ida_idaapi.BADADDR:
            break

        res.append(ea)
        start_ea = ea + len(data)
    return res


def resolve(addr):
    ea = addr

    while ida_bytes.get_byte(ea) == 0xCC:
        ea += 1

    if ida_bytes.get_byte(ea) == 0x48:
        func = ida_funcs.get_func(ea)
        if func is None:
            print(f"Found undefined function by address {ea:#x}")
            ida_funcs.add_func(ea)


for s in idautils.Segments():
    segm_name = idc.get_segm_name(s)
    if "_.text" not in segm_name:
        continue
    start = idc.get_segm_start(s)
    end = idc.get_segm_end(s)
    print(f"Current segment: {segm_name}, start = {start:#x}, end = {end:#x}")
    res = search_all(start, end, b"\xc3\xcc")
    res += search_all(start, end, b"\xc3\x48")
    for addr in res:
        # create function if it is necessary
        resolve(addr + 1)