-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathFindZLB.py
73 lines (59 loc) · 2.05 KB
/
FindZLB.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#Find all ZLB archives in file.
#@author Rena
#@category StarFox
#@keybinding
#@menupath
#@toolbar
numFound = 0
AF = currentProgram.getAddressFactory()
listing = currentProgram.getListing()
mem = currentProgram.getMemory()
struc = currentProgram.getDataTypeManager().getDataType("/ZlbHeader")
tByte = currentProgram.getDataTypeManager().getDataType("/byte")
sLen = struc.getLength()
def addrToInt(addr):
return int(str(addr), 16)
def intToAddr(addr):
return AF.getAddress("0x%08X" % addr)
def createZlb(addr):
try:
# create the header struct
addrObj = intToAddr(addr)
listing.clearCodeUnits(addrObj, addrObj.add(sLen), False)
listing.createData(addrObj, struc)
# read it
version = mem.getInt(addrObj.add(4))
decLen = mem.getInt(addrObj.add(8))
compLen = mem.getInt(addrObj.add(12))
# XXX handle version == "DIR\0"
# create the data array
# XXX why doesn't this make an actual array?
listing.createData(addrObj.add(16), tByte, compLen)
# add a comment
codeUnit = listing.getDataAt(addrObj)
codeUnit.setComment(codeUnit.PLATE_COMMENT,
"ZLB v0x%X - raw size=0x%X compressed=0x%X" % (
version, decLen, compLen))
# add a label
createLabel(addrObj, "ZLB_%08X" % addr, False)
except ghidra.program.model.util.CodeUnitInsertionException:
print("Failed to create ZlbHeader at 0x%08X" % addr)
for memRange in list(mem.getAddressRanges()):
aStart = addrToInt(memRange.getMinAddress())
aEnd = addrToInt(memRange.getMaxAddress())
monitor.initialize(aEnd-aStart)
print("Scanning 0x%08X - 0x%08X; Found %d so far" % (aStart, aEnd, numFound))
for addr in range(aStart, aEnd, 4):
if addr & 0xFFF == 0:
monitor.checkCanceled()
monitor.incrementProgress(0x1000)
monitor.setMessage("Checking 0x%08X; Found %d so far" % (addr, numFound))
try:
val = mem.getInt(intToAddr(addr))
except (java.lang.NullPointerException, ghidra.program.model.mem.MemoryAccessException):
break
if val == 0x5a4c4200: #"ZLB\0"
numFound = numFound + 1
print("Found ZLB at 0x%08X" % addr)
createZlb(addr)
print("Found %d archives." % numFound)