-
Notifications
You must be signed in to change notification settings - Fork 83
/
Copy pathAdd CFString Inline Comments.py
executable file
·46 lines (40 loc) · 1.95 KB
/
Add CFString Inline Comments.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# Go through CFString section, and add inline comments to any uses of those strings with the contents of the string
# This is only really needed on ARM. It seems to happen already on x64
import struct
# configuration parameters, adjust as needed:
ENDIANNESS = "<" # Little endian = <, Big endian = >
# helper methods
def read_data(segment, addr, dlen):
if segment is None:
segment = doc.getSegmentAtAddress(addr)
return "".join(chr(segment.readByte(addr+x)) for x in range(0,dlen))
# first, find the CFString segment
doc = Document.getCurrentDocument()
cfstring_seg = None
for seg_idx in range(0,doc.getSegmentCount()):
cur_seg = doc.getSegment(seg_idx)
if cur_seg.getName() == "__cfstring":
cfstring_seg = cur_seg
cfstring_range = cur_seg
break
elif cur_seg.getName() == "__DATA":
for section in cur_seg.getSectionsList():
if section.getName() == "__cfstring":
cfstring_seg = cur_seg
cfstring_range = section
break
if not cfstring_seg:
raise Exception("No CFString segment found")
# Run though CFStrings
ptr_size = 8 if doc.is64Bits() else 4
struct_typechar = "Q" if doc.is64Bits() else "I"
for addr in xrange(cfstring_range.getStartingAddress(), cfstring_range.getStartingAddress()+cfstring_range.getLength(), ptr_size*4):
cstr_ptr, cstr_len = struct.unpack(ENDIANNESS + struct_typechar * 2, read_data(cfstring_seg, addr + ptr_size * 2, ptr_size * 2))
for xref in cfstring_seg.getReferencesOfAddress(addr):
xref_seg = doc.getSegmentAtAddress(xref)
existing_inline_comment = xref_seg.getInlineCommentAtAddress(xref)
if existing_inline_comment is None or existing_inline_comment.startswith("0x"):
cstr_data = str(read_data(None, cstr_ptr, cstr_len))
doc.log("Set inline comment at 0x%x: %s"%(xref, repr(cstr_data)))
xref_seg.setInlineCommentAtAddress(xref, "@" + repr(cstr_data))