Hola,
Cuando trabajo en IDA, yo, y probablemente usted también, a menudo tengo que lidiar con aplicaciones que tienen una cantidad bastante grande de código, no tienen información simbólica y, además, contienen mucho código de biblioteca. A menudo, dicho código debe poder distinguirse del escrito por el usuario. Y, si solo se proporcionan señales de biblioteca a la entrada int, void *sí const char *, puede salir solo con las firmas (archivos sig creados con las utilidades FLAIR). Pero, si necesita estructuras, argumentos, su número, no puede prescindir de magia adicional ... Como ejemplo, trabajaré con un juego para Sony Playstation 1 escrito usando PSYQ v4.7.
Magia extra
Imaginemos una situación: obtuviste un firmware de alguna pieza de hardware. La ROM de Bare-metal habitual (puede incluso con RTOS). O juegos de ROM. En tales casos, lo más probable es que, durante la compilación, se usó SDK / DDK, que tiene un conjunto de archivos LIB / H / OBJ que el vinculador pega en el archivo final.
Nuestro plan de acción será algo como esto:
- Tome todos los archivos lib / obj y cree firmas (o un conjunto de firmas) a partir de ellos. Esto nos ayudará a desacoplar el código de biblioteca estáticamente vinculado.
- Tome todos los archivos h y cree una biblioteca de tipos a partir de ellos. Esta biblioteca almacena no solo tipos de datos, sino también información sobre los nombres y tipos de argumentos para las funciones en las que se utilizan los tipos declarados.
- , .
- , .
sig-
FLAIR-, IDA. :
pcf— LIB/OBJ-parser, PAT- COFF-pelf— LIB/OBJ-, PAT- ELF- (Unix)plb— LIB/OBJ-parser, PAT- OMF-pmacho— MACH-O-, PAT- MACH-O- (MacOS)ppsx— OBJ-, PAT- PSYQptmobj— OBJ-, PAT- Trimediasigmake— PAT- SIG-, IDA
ppsx. bat-, lib- obj-, ppsx, PAT-. :
@echo off
ppsx -a 2MBYTE.OBJ psyq47.pat
ppsx -a 8MBYTE.OBJ psyq47.pat
ppsx -a LIBAPI.LIB psyq47.pat
ppsx -a LIBC.LIB psyq47.pat
ppsx -a LIBC2.LIB psyq47.pat
ppsx -a LIBCARD.LIB psyq47.pat
ppsx -a LIBCD.LIB psyq47.pat
ppsx -a LIBCOMB.LIB psyq47.pat
ppsx -a LIBDS.LIB psyq47.pat
ppsx -a LIBETC.LIB psyq47.pat
ppsx -a LIBGPU.LIB psyq47.pat
ppsx -a LIBGS.LIB psyq47.pat
ppsx -a LIBGTE.LIB psyq47.pat
ppsx -a LIBGUN.LIB psyq47.pat
ppsx -a LIBHMD.LIB psyq47.pat
ppsx -a LIBMATH.LIB psyq47.pat
ppsx -a LIBMCRD.LIB psyq47.pat
ppsx -a LIBMCX.LIB psyq47.pat
ppsx -a LIBPAD.LIB psyq47.pat
ppsx -a LIBPRESS.LIB psyq47.pat
ppsx -a LIBSIO.LIB psyq47.pat
ppsx -a ashldi3.obj psyq47.pat
ppsx -a ashrdi3.obj psyq47.pat
ppsx -a CACHE.OBJ psyq47.pat
ppsx -a clear_cache.obj psyq47.pat
ppsx -a CLOSE.OBJ psyq47.pat
ppsx -a cmpdi2.obj psyq47.pat
ppsx -a CREAT.OBJ psyq47.pat
ppsx -a ctors.obj psyq47.pat
ppsx -a divdi3.obj psyq47.pat
ppsx -a dummy.obj psyq47.pat
ppsx -a eh.obj psyq47.pat
ppsx -a eh_compat.obj psyq47.pat
ppsx -a exit.obj psyq47.pat
ppsx -a ffsdi2.obj psyq47.pat
ppsx -a fixdfdi.obj psyq47.pat
ppsx -a fixsfdi.obj psyq47.pat
ppsx -a fixtfdi.obj psyq47.pat
ppsx -a fixunsdfdi.obj psyq47.pat
ppsx -a fixunsdfsi.obj psyq47.pat
ppsx -a fixunssfdi.obj psyq47.pat
ppsx -a fixunssfsi.obj psyq47.pat
ppsx -a fixunstfdi.obj psyq47.pat
ppsx -a fixunsxfdi.obj psyq47.pat
ppsx -a fixunsxfsi.obj psyq47.pat
ppsx -a fixxfdi.obj psyq47.pat
ppsx -a floatdidf.obj psyq47.pat
ppsx -a floatdisf.obj psyq47.pat
ppsx -a floatditf.obj psyq47.pat
ppsx -a floatdixf.obj psyq47.pat
ppsx -a FSINIT.OBJ psyq47.pat
ppsx -a gcc_bcmp.obj psyq47.pat
ppsx -a LSEEK.OBJ psyq47.pat
ppsx -a lshrdi3.obj psyq47.pat
ppsx -a moddi3.obj psyq47.pat
ppsx -a muldi3.obj psyq47.pat
ppsx -a negdi2.obj psyq47.pat
ppsx -a new_handler.obj psyq47.pat
ppsx -a op_delete.obj psyq47.pat
ppsx -a op_new.obj psyq47.pat
ppsx -a op_vdel.obj psyq47.pat
ppsx -a op_vnew.obj psyq47.pat
ppsx -a OPEN.OBJ psyq47.pat
ppsx -a PROFILE.OBJ psyq47.pat
ppsx -a pure.obj psyq47.pat
ppsx -a read.obj psyq47.pat
ppsx -a shtab.obj psyq47.pat
ppsx -a snctors.obj psyq47.pat
ppsx -a SNDEF.OBJ psyq47.pat
ppsx -a SNMAIN.OBJ psyq47.pat
ppsx -a SNREAD.OBJ psyq47.pat
ppsx -a SNWRITE.OBJ psyq47.pat
ppsx -a trampoline.obj psyq47.pat
ppsx -a ucmpdi2.obj psyq47.pat
ppsx -a udiv_w_sdiv.obj psyq47.pat
ppsx -a udivdi3.obj psyq47.pat
ppsx -a udivmoddi4.obj psyq47.pat
ppsx -a umoddi3.obj psyq47.pat
ppsx -a varargs.obj psyq47.pat
ppsx -a write.obj psyq47.pat
ppsx -a LIBSND.LIB psyq47.pat
ppsx -a LIBSPU.LIB psyq47.pat
ppsx -a LIBTAP.LIB psyq47.pat
ppsx -a LOW.OBJ psyq47.pat
ppsx -a MCGUI.OBJ psyq47.pat
ppsx -a MCGUI_E.OBJ psyq47.pat
ppsx -a NOHEAP.OBJ psyq47.pat
ppsx -a NONE3.OBJ psyq47.pat
ppsx -a NOPRINT.OBJ psyq47.pat
ppsx -a POWERON.OBJ psyq47.patLIBSN.LIB , , OBJ- PSYLIB2.EXE, PSYQ. run_47.bat. :
2MBYTE.OBJ: skipped 0, total 1
8MBYTE.OBJ: skipped 0, total 1
LIBAPI.LIB: skipped 0, total 89
LIBC.LIB: skipped 0, total 55
LIBC2.LIB: skipped 0, total 50
LIBCARD.LIB: skipped 0, total 18
LIBCD.LIB: skipped 0, total 51
LIBCOMB.LIB: skipped 0, total 3
LIBDS.LIB: skipped 0, total 36
LIBETC.LIB: skipped 0, total 8
LIBGPU.LIB: skipped 0, total 60
LIBGS.LIB: skipped 0, total 167
LIBGTE.LIB: skipped 0, total 535
LIBGUN.LIB: skipped 0, total 2
LIBHMD.LIB: skipped 0, total 585
LIBMATH.LIB: skipped 0, total 59
LIBMCRD.LIB: skipped 0, total 7
LIBMCX.LIB: skipped 0, total 31
LIBPAD.LIB: skipped 0, total 21
LIBPRESS.LIB: skipped 0, total 7
LIBSIO.LIB: skipped 0, total 4
ashldi3.obj: skipped 0, total 1
ashrdi3.obj: skipped 0, total 1
CACHE.OBJ: skipped 0, total 1
clear_cache.obj: skipped 0, total 1
CLOSE.OBJ: skipped 0, total 1
cmpdi2.obj: skipped 0, total 1
CREAT.OBJ: skipped 0, total 1
ctors.obj: skipped 0, total 0
divdi3.obj: skipped 0, total 1
dummy.obj: skipped 0, total 1
Fatal: Illegal relocation information at file pos 0000022D
eh_compat.obj: skipped 0, total 1
exit.obj: skipped 0, total 1
ffsdi2.obj: skipped 0, total 1
fixdfdi.obj: skipped 0, total 1
fixsfdi.obj: skipped 0, total 1
fixtfdi.obj: skipped 0, total 0
fixunsdfdi.obj: skipped 0, total 1
fixunsdfsi.obj: skipped 0, total 1
fixunssfdi.obj: skipped 0, total 1
fixunssfsi.obj: skipped 0, total 1
fixunstfdi.obj: skipped 0, total 0
fixunsxfdi.obj: skipped 0, total 0
fixunsxfsi.obj: skipped 0, total 0
fixxfdi.obj: skipped 0, total 0
floatdidf.obj: skipped 0, total 1
floatdisf.obj: skipped 0, total 1
floatditf.obj: skipped 0, total 0
floatdixf.obj: skipped 0, total 0
FSINIT.OBJ: skipped 0, total 1
gcc_bcmp.obj: skipped 0, total 1
LSEEK.OBJ: skipped 0, total 1
lshrdi3.obj: skipped 0, total 1
moddi3.obj: skipped 0, total 1
muldi3.obj: skipped 0, total 1
negdi2.obj: skipped 0, total 1
Fatal: Illegal relocation information at file pos 0000013D
op_delete.obj: skipped 0, total 1
op_new.obj: skipped 0, total 1
op_vdel.obj: skipped 0, total 1
op_vnew.obj: skipped 0, total 1
OPEN.OBJ: skipped 0, total 1
PROFILE.OBJ: skipped 0, total 1
pure.obj: skipped 0, total 1
Fatal: Unknown record type 60 at 0000015F
shtab.obj: skipped 0, total 0
Fatal: Unknown record type 60 at 000000EE
SNDEF.OBJ: skipped 0, total 0
SNMAIN.OBJ: skipped 0, total 1
SNREAD.OBJ: skipped 0, total 1
SNWRITE.OBJ: skipped 0, total 1
trampoline.obj: skipped 0, total 0
ucmpdi2.obj: skipped 0, total 1
udiv_w_sdiv.obj: skipped 0, total 1
udivdi3.obj: skipped 0, total 1
udivmoddi4.obj: skipped 0, total 1
umoddi3.obj: skipped 0, total 1
varargs.obj: skipped 0, total 1
Fatal: Unknown record type 60 at 00000160
LIBSND.LIB: skipped 0, total 223
LIBSPU.LIB: skipped 0, total 126
LIBTAP.LIB: skipped 0, total 1
LOW.OBJ: skipped 0, total 1
Fatal: can't find symbol F003
MCGUI_E.OBJ: skipped 0, total 1
NOHEAP.OBJ: skipped 0, total 1
NONE3.OBJ: skipped 0, total 1
NOPRINT.OBJ: skipped 0, total 1
POWERON.OBJ: skipped 0, total 1, 1 (total 1), , . PAT- SIG-:
sigmake -n"PsyQ v4.7" psyq47.pat psyq47.sig
psyq47.sig: modules/leaves: 1345/2177, COLLISIONS: 21
See the documentation to learn how to resolve collisions.:
psyq47.err—psyq47.exc—psyq47.pat—
.exc-. :
;--------- (delete these lines to allow sigmake to read this file)
; add '+' at the start of a line to select a module
; add '-' if you are not sure about the selection
; do nothing if you want to exclude all modules ---------, , , . , . :
CdPosToInt 60 A21C 0000839001008690022903008010050021104500401002000F00633021104300
DsPosToInt 60 A21C 0000839001008690022903008010050021104500401002000F00633021104300, , , . , +. . .
, , SIG-. IDA.
til-
, .. . tilib, (, -, ida.hlp ).
include- SDK/DDK. , "Parse C header file..." IDA. readme:
Its functionality overlaps with "Parse C header file..." from IDA Pro.
However, this utility is easier to use and provides more control
over the output. Also, it can handle the preprocessor symbols, while
the built-in command ignores them.
: , . -Gn.
, include-. , include- :
#include "header1.h"
#include "header2.h"
#include "header3.h"
// ... -hFileName.h. , header- :
tilib -c -Gn -I. -hpsyq47.h psyq47.til til-, . IDA: sig\mips.
ROM- IDA, . , . Options->Compiler:
Unknown GNU C++ ( PSX). :
Shift+F5 ( View->Open subviews->Signatures), Insert :
OK , ( 482 ).
, (til-). Shift+F11 ( View->Open subviews->Type libraries) , IDA ( , ):
til- ( , Insert):
, :
, :
P.S.
, . -!