feat(int3): Now looking for instructions instead of bytes and add a comment to the listing

2022-10-11 10:56:49 +02:00
parent 85fc745508
commit df1c0f59d5
2 changed files with 43 additions and 33 deletions
--- a/RemoveINT3.py
+++ b/RemoveINT3.py
@@ -0,0 +1,43 @@
+# Replaces all INT3 instructions in the selection by NOPs
+#@author AlxCzl
+#@category Instructions
+#@keybinding
+#@menupath
+#@toolbar
+
+from ghidra.app.plugin.assembler import Assemblers
+
+def main():
+    """Main"""
+
+    if not currentSelection:
+        print("[!] Please select the range to be patched")
+        return
+
+    print('[*] Patching instructions...')
+
+    # Get the current listing to add comments
+    listing = currentProgram.getListing()
+    # Get an assembler to patch the instructions
+    asm = Assemblers.getAssembler(currentProgram)
+    # Get the address range
+    addrRange = currentSelection.getAddressRanges().next()
+    currAddr = addrRange.minAddress
+    # Count the number of patches
+    count = 0
+
+    while currAddr < addrRange.maxAddress:
+        instr = getInstructionAt(currAddr)
+        if instr.toString() == "INT3":
+            count += 1
+            asm.assemble(currAddr, "NOP")
+            unit = listing.getCodeUnitAt(currAddr)
+            unit.setComment(unit.PRE_COMMENT, "Hypercall")
+
+        currAddr = instr.getNext().getAddress()
+
+    print('[*] Removed {} int3.'.format(count))
+
+
+if __name__ == '__main__':
+    main()
--- a/removeint3.py
+++ b/removeint3.py
@@ -1,33 +0,0 @@
-# Replaces all INT3 instructions in the selection by NOPs
-#@author AlxCzl
-#@category Instructions
-#@keybinding
-#@menupath
-#@toolbar
-
-def main():
-    """Main"""
-
-    if not currentSelection:
-        print("[!] Please select the range to be patched")
-        return
-
-    print('[*] Patching instructions...')
-
-    addrRange = currentSelection.getAddressRanges().next()
-    currAddr = addrRange.minAddress
-    count = 0
-
-    while currAddr < addrRange.maxAddress:
-        currVal = getByte(currAddr)
-        if currVal == 0xcc - 256:
-            count += 1
-            setByte(currAddr, 0x90)
-
-        currAddr = currAddr.add(1)
-
-    print('[*] Removed {} int3.'.format(count))
-
-
-if __name__ == '__main__':
-    main()