FISeek

1. from ghidra.program.model.data import PointerDataType, TerminatedStringDataType
2.  
3. # traversable addresses
4. addrs = []
5. # bad address
6. baddrs = [0x004C095C, 0x0966DDBC]
7. # misaligned address
8. maddrs = [0x05474C15, 0x0549184C, 0x0544C560]
9. # filter commands
10. fcmds = ['community-list', 'community-filter']
11.  
12. def createPointerEx(addr):
13.   data = getDataAt(addr)
14.   if data is not None:
15.     if data.isPointer():
16.       return data
17.     else:
18.       removeData(data)
19.   else:
20.     data = getDataContaining(addr)
21.     if data is not None:
22.       removeData(data)
23.     else:
24.       while True:
25.         data = getDataAfter(addr)
26.         if data is not None and (addr <= data.minAddress <= addr.add(4)):
27.           removeData(data)
28.         else:
29.           break
30.   return createData(addr, PointerDataType.dataType)
31.  
32. def createAsciiStringEx(addr):
33.   dat = getDataAt(addr)
34.   if dat is None:
35.     dat = getDataContaining(addr)
36.   if dat is not None:
37.     if isinstance(dat.baseDataType, TerminatedStringDataType):
38.       return dat
39.     else:
40.       removeData(dat)
41.   dat = None
42.   while dat is not None:
43.     try:
44.       dat = createAsciiString(addr)
45.     except:
46.       dat = getDataAfter(addr)
47.       if dat is not None:
48.         removeData(dat)
49.         dat = None
50.   return dat
51.  
52. def traverseCommandAt(addr, lcmd, depth):
53.   global addrs
54.   if addr.offset == 0 or addr.offset in baddrs or depth > 15:
55.     return
56.   iaddr = addr
57.   leaf = bool(getByte(iaddr) & 0x80)
58.   hide = bool(getByte(iaddr) & 0x20)
59.   iaddr = iaddr.add(4)
60.   # Pointer to command string
61.   try:
62.     dat = createPointerEx(iaddr)
63.   except:
64.     print(addr)
65.     raise
66.   paddr = dat.value
67.   cmd = None
68.   try:
69.     dat = createAsciiStringEx(paddr)
70.   except:
71.     print(addr)
72.   else:
73.     cmd = dat.value[(paddr.offset - dat.address.offset) * paddr.compareTo(dat.address):]
74.   finally:
75.     if not cmd:
76.       cmd = '<>'
77.     else:
78.       if hide:
79.         cmd = '*' + cmd + '*'
80.   iaddr = iaddr.add(4)
81.   # Pointer to command help string
82.   dat = createPointerEx(iaddr)
83.   paddr = dat.value
84.   try:
85.     dat = createAsciiStringEx(paddr)
86.   except:
87.     pass
88.   iaddr = iaddr.add(4)
89.   # Pointer to sub command structure
90.   dat = createPointerEx(iaddr)
91.   if dat.value.offset != 0 and \
92.      dat.value.offset != addr.offset and \
93.      cmd == '<>' or \
94.      lcmd.find(cmd) == -1 and \
95.      not cmd in fcmds:
96.     addrs.append([dat.value,  lcmd + cmd + ' ', depth + 1])
97.   iaddr = iaddr.add(4)
98.   # Pointer to command function
99.   dat = createPointerEx(iaddr)
100.   if not leaf:
101.     iaddr = iaddr.add(9)
102.     if addr.offset in maddrs:
103.       iaddr = iaddr.add(4 - (iaddr.offset % 4) % 4)
104.     addrs.append([iaddr, lcmd, depth])
105.   if dat.value.offset != 0:
106.     return lcmd + cmd
107.  
108. # User
109. #addrs.append([toAddr(0x05444E78), '', 0])
110. # Privilege
111. #addrs.append([toAddr(0x054443e4), '', 0])
112. # Configure
113. #addrs.append([toAddr(0x0543b580), '', 0])
114. # Ask
115. addrs.append([askAddress("Command Address", "Enter command address"), '', 0])
116.  
117. # unique commands
118. cmds = []
119.  
120. monitor.initialize(100)
121. monitor.setIndeterminate(True)
122. while addrs and not monitor.isCancelled():
123.   args = addrs.pop()
124.   monitor.setMessage(args[1])
125.   cmd = traverseCommandAt(*args)
126.   if cmd is not None:
127.     i = cmd.rfind('*')
128.     if i >= 0:
129.       cmd = cmd[0:i+1]
130.       if cmd not in cmds:
131.         cmds.append(cmd)
132.         print(cmd)