initialize stack and add ignore instruction

idkwim · Dec 14, 2016 · f722e3c · f722e3c
1 parent 321a6dd
commit f722e3c
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 46 deletions.
diff --git a/ida_plugin/eliminate.py b/ida_plugin/eliminate.py
@@ -6,22 +6,25 @@ def check_deadcode(instruction_list):
     begin_address = instruction_list[0][0]
     all_opcodes = ''
 
-    for i in instruction_list:
-        all_opcodes += i[1]
+    for i in instruction_list[0:-4]:
+        if ('offset' not in i[2]) and ('call' not in i[2]) and ('ret' not in i[2]):
+            all_opcodes += i[1]
 
-    origin_regs = emulate(begin_address, all_opcodes) # begin_address, all_opcodes)
-    print origin_regs
+    origin_regs = emulate(begin_address, all_opcodes)
 
     return instruction_list
 
 def emulate(begin_address, opcodes):
     mu = Uc(UC_ARCH_X86, UC_MODE_32)
     page_address = begin_address - begin_address % 0x1000
     mu.mem_map(page_address, 4 * 1024 * 1024) # map 4MB for this emulation
-    print hex(page_address)
-    print hex(begin_address)
     mu.mem_write(begin_address, opcodes)
 
+    # initialize stack
+    mu.reg_write(UC_X86_REG_ESP, ADDRESS + 0x200000)
+    # initialize flags
+    mu.reg_write(UC_X86_REG_EFLAGS, 0x0)
+
     mu.emu_start(begin_address, begin_address + len(opcodes))
 
     r_eax = mu.reg_read(UC_X86_REG_EAX)
@@ -30,6 +33,8 @@ def emulate(begin_address, opcodes):
     r_edx = mu.reg_read(UC_X86_REG_EDX)
     r_edi = mu.reg_read(UC_X86_REG_EDI)
     r_esi = mu.reg_read(UC_X86_REG_ESI)
+    r_esp = mu.reg_read(UC_X86_REG_ESP)
+    r_ebp = mu.reg_read(UC_X86_REG_EBP)
     r_eflags = mu.reg_read(UC_X86_REG_EFLAGS)
 
-    return r_eax, r_ebx, r_ecx, r_edx, r_edi, r_esi, r_eflags
+    return r_eax, r_ebx, r_ecx, r_edx, r_edi, r_esi, r_esp, r_ebp, r_eflags
diff --git a/ida_plugin/plugin.py b/ida_plugin/plugin.py
@@ -111,52 +111,47 @@ def jump(self):
         for i in xrange(self.Count()):
             search_addr = self.GetLine(i)[0].rsplit(":")[0].replace("\x01\x0c","").replace("\x02\x0c","")
             if str_addr == search_addr:
-                self.Jump(i,0,0)     
-   
+                self.Jump(i,0,0)
+
     def reload_file(self, ea):
         if not self.colorize_file(ea):
             self.Close()
             return False
         return True
 
     def colorize_file(self, ea):
-        try:
-            instruction_list = []
-            address_list = list(FuncItems(ea))
-            lines = ""
-            for i, row_begin_addr in enumerate(address_list):
-                disasm = GetDisasm(row_begin_addr)
-                lines += disasm + "\n"
-                try:
-                    size = address_list[i+1] - row_begin_addr
-
-                except IndexError:
-                    last_row_begin_addr = row_begin_addr
-                    last_row_end_addr = FindFuncEnd(last_row_begin_addr)
-                    size = last_row_end_addr - last_row_begin_addr
-
-                row_opcode = ''
-                for i in range(size):
-                    int_opcode = GetOriginalByte(row_begin_addr + i)
-                    opcode = binascii.a2b_hex(hex(int_opcode)[2:].zfill(2))
-                    row_opcode += opcode
-
-                instruction_list.append((row_begin_addr, row_opcode, disasm))
-
-            checked_instruction_list = eliminate.check_deadcode(instruction_list)
-
-            lines = ''
-            for i in checked_instruction_list:
-                lines += i[2] + '\n'
+        instruction_list = []
+        address_list = list(FuncItems(ea))
+        lines = ""
+        for i, row_begin_addr in enumerate(address_list):
+            disasm = GetDisasm(row_begin_addr)
+            lines += disasm + "\n"
+            try:
+                size = address_list[i+1] - row_begin_addr
 
-            self.ClearLines()
-            self.colorize(lines)
+            except IndexError:
+                last_row_begin_addr = row_begin_addr
+                last_row_end_addr = FindFuncEnd(last_row_begin_addr)
+                size = last_row_end_addr - last_row_begin_addr
 
-            return True
+            row_opcode = ''
+            for i in range(size):
+                int_opcode = GetOriginalByte(row_begin_addr + i)
+                opcode = binascii.a2b_hex(hex(int_opcode)[2:].zfill(2))
+                row_opcode += opcode
 
-        except Exception, e:
-            print e
-            return False
+            instruction_list.append((row_begin_addr, row_opcode, disasm))
+
+        checked_instruction_list = eliminate.check_deadcode(instruction_list)
+
+        lines = ''
+        for i in checked_instruction_list:
+            lines += str(format(i[0], 'x')).upper() + ":    " + i[2] + '\n'
+
+        self.ClearLines()
+        self.colorize(lines)
+
+        return True
 
     def add_line(self, s=None):
         if not s:
@@ -166,7 +161,7 @@ def add_line(self, s=None):
         if target in self.block_list:
             self.AddLine("----------------------------------------------------------------")
             if idc.Name(int(target, 16))!= '':
-                self.AddLine(idc.Name(int(target, 16)))    
+                self.AddLine(idc.Name(int(target, 16)))
         self.AddLine(s)
 
     def as_comment(self, s):
@@ -238,7 +233,7 @@ def cb():
         #    return
         view.Create()
         view.Show()
-        
+
     #cb()    #if you want create deadcode_eliminate view, call cb() in main()
     ex_addmenu_item_ctx = idaapi.add_menu_item("Edit/", "dead code eliminate", "Shift-D", 0, cb, ())
     if ex_addmenu_item_ctx is None:
@@ -247,6 +242,7 @@ def cb():
     else:
         print("Menu added successfully.")
         return True
-    
+
     return view
+
 view = main()