diff --git a/RemoveINT3.py b/RemoveINT3.py new file mode 100644 index 0000000..e3280b6 --- /dev/null +++ b/RemoveINT3.py @@ -0,0 +1,43 @@ +# Replaces all INT3 instructions in the selection by NOPs +#@author AlxCzl +#@category Instructions +#@keybinding +#@menupath +#@toolbar + +from ghidra.app.plugin.assembler import Assemblers + +def main(): + """Main""" + + if not currentSelection: + print("[!] Please select the range to be patched") + return + + print('[*] Patching instructions...') + + # Get the current listing to add comments + listing = currentProgram.getListing() + # Get an assembler to patch the instructions + asm = Assemblers.getAssembler(currentProgram) + # Get the address range + addrRange = currentSelection.getAddressRanges().next() + currAddr = addrRange.minAddress + # Count the number of patches + count = 0 + + while currAddr < addrRange.maxAddress: + instr = getInstructionAt(currAddr) + if instr.toString() == "INT3": + count += 1 + asm.assemble(currAddr, "NOP") + unit = listing.getCodeUnitAt(currAddr) + unit.setComment(unit.PRE_COMMENT, "Hypercall") + + currAddr = instr.getNext().getAddress() + + print('[*] Removed {} int3.'.format(count)) + + +if __name__ == '__main__': + main() diff --git a/removeint3.py b/removeint3.py deleted file mode 100644 index be3adfa..0000000 --- a/removeint3.py +++ /dev/null @@ -1,33 +0,0 @@ -# Replaces all INT3 instructions in the selection by NOPs -#@author AlxCzl -#@category Instructions -#@keybinding -#@menupath -#@toolbar - -def main(): - """Main""" - - if not currentSelection: - print("[!] Please select the range to be patched") - return - - print('[*] Patching instructions...') - - addrRange = currentSelection.getAddressRanges().next() - currAddr = addrRange.minAddress - count = 0 - - while currAddr < addrRange.maxAddress: - currVal = getByte(currAddr) - if currVal == 0xcc - 256: - count += 1 - setByte(currAddr, 0x90) - - currAddr = currAddr.add(1) - - print('[*] Removed {} int3.'.format(count)) - - -if __name__ == '__main__': - main()