Advertisement
Guest User

FISeek

a guest
Jul 15th, 2021
119
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.32 KB | None
  1. from ghidra.program.model.data import PointerDataType, TerminatedStringDataType
  2.  
  3. # traversable addresses
  4. addrs = []
  5. # bad address
  6. baddrs = [0x004C095C, 0x0966DDBC]
  7. # misaligned address
  8. maddrs = [0x05474C15, 0x0549184C, 0x0544C560]
  9. # filter commands
  10. fcmds = ['community-list', 'community-filter']
  11.  
  12. def createPointerEx(addr):
  13.   data = getDataAt(addr)
  14.   if data is not None:
  15.     if data.isPointer():
  16.       return data
  17.     else:
  18.       removeData(data)
  19.   else:
  20.     data = getDataContaining(addr)
  21.     if data is not None:
  22.       removeData(data)
  23.     else:
  24.       while True:
  25.         data = getDataAfter(addr)
  26.         if data is not None and (addr <= data.minAddress <= addr.add(4)):
  27.           removeData(data)
  28.         else:
  29.           break
  30.   return createData(addr, PointerDataType.dataType)
  31.  
  32. def createAsciiStringEx(addr):
  33.   dat = getDataAt(addr)
  34.   if dat is None:
  35.     dat = getDataContaining(addr)
  36.   if dat is not None:
  37.     if isinstance(dat.baseDataType, TerminatedStringDataType):
  38.       return dat
  39.     else:
  40.       removeData(dat)
  41.   dat = None
  42.   while dat is not None:
  43.     try:
  44.       dat = createAsciiString(addr)
  45.     except:
  46.       dat = getDataAfter(addr)
  47.       if dat is not None:
  48.         removeData(dat)
  49.         dat = None
  50.   return dat
  51.  
  52. def traverseCommandAt(addr, lcmd, depth):
  53.   global addrs
  54.   if addr.offset == 0 or addr.offset in baddrs or depth > 15:
  55.     return
  56.   iaddr = addr
  57.   leaf = bool(getByte(iaddr) & 0x80)
  58.   hide = bool(getByte(iaddr) & 0x20)
  59.   iaddr = iaddr.add(4)
  60.   # Pointer to command string
  61.   try:
  62.     dat = createPointerEx(iaddr)
  63.   except:
  64.     print(addr)
  65.     raise
  66.   paddr = dat.value
  67.   cmd = None
  68.   try:
  69.     dat = createAsciiStringEx(paddr)
  70.   except:
  71.     print(addr)
  72.   else:
  73.     cmd = dat.value[(paddr.offset - dat.address.offset) * paddr.compareTo(dat.address):]
  74.   finally:
  75.     if not cmd:
  76.       cmd = '<>'
  77.     else:
  78.       if hide:
  79.         cmd = '*' + cmd + '*'
  80.   iaddr = iaddr.add(4)
  81.   # Pointer to command help string
  82.   dat = createPointerEx(iaddr)
  83.   paddr = dat.value
  84.   try:
  85.     dat = createAsciiStringEx(paddr)
  86.   except:
  87.     pass
  88.   iaddr = iaddr.add(4)
  89.   # Pointer to sub command structure
  90.   dat = createPointerEx(iaddr)
  91.   if dat.value.offset != 0 and \
  92.      dat.value.offset != addr.offset and \
  93.      cmd == '<>' or \
  94.      lcmd.find(cmd) == -1 and \
  95.      not cmd in fcmds:
  96.     addrs.append([dat.value,  lcmd + cmd + ' ', depth + 1])
  97.   iaddr = iaddr.add(4)
  98.   # Pointer to command function
  99.   dat = createPointerEx(iaddr)
  100.   if not leaf:
  101.     iaddr = iaddr.add(9)
  102.     if addr.offset in maddrs:
  103.       iaddr = iaddr.add(4 - (iaddr.offset % 4) % 4)
  104.     addrs.append([iaddr, lcmd, depth])
  105.   if dat.value.offset != 0:
  106.     return lcmd + cmd
  107.  
  108. # User
  109. #addrs.append([toAddr(0x05444E78), '', 0])
  110. # Privilege
  111. #addrs.append([toAddr(0x054443e4), '', 0])
  112. # Configure
  113. #addrs.append([toAddr(0x0543b580), '', 0])
  114. # Ask
  115. addrs.append([askAddress("Command Address", "Enter command address"), '', 0])
  116.  
  117. # unique commands
  118. cmds = []
  119.  
  120. monitor.initialize(100)
  121. monitor.setIndeterminate(True)
  122. while addrs and not monitor.isCancelled():
  123.   args = addrs.pop()
  124.   monitor.setMessage(args[1])
  125.   cmd = traverseCommandAt(*args)
  126.   if cmd is not None:
  127.     i = cmd.rfind('*')
  128.     if i >= 0:
  129.       cmd = cmd[0:i+1]
  130.       if cmd not in cmds:
  131.         cmds.append(cmd)
  132.         print(cmd)
Advertisement
RAW Paste Data Copied
Advertisement