feat(int3): Now looking for instructions instead of bytes and add a comment to the listing
This commit is contained in:
43
RemoveINT3.py
Normal file
43
RemoveINT3.py
Normal file
@@ -0,0 +1,43 @@
|
|||||||
|
# Replaces all INT3 instructions in the selection by NOPs
|
||||||
|
#@author AlxCzl
|
||||||
|
#@category Instructions
|
||||||
|
#@keybinding
|
||||||
|
#@menupath
|
||||||
|
#@toolbar
|
||||||
|
|
||||||
|
from ghidra.app.plugin.assembler import Assemblers
|
||||||
|
|
||||||
|
def main():
|
||||||
|
"""Main"""
|
||||||
|
|
||||||
|
if not currentSelection:
|
||||||
|
print("[!] Please select the range to be patched")
|
||||||
|
return
|
||||||
|
|
||||||
|
print('[*] Patching instructions...')
|
||||||
|
|
||||||
|
# Get the current listing to add comments
|
||||||
|
listing = currentProgram.getListing()
|
||||||
|
# Get an assembler to patch the instructions
|
||||||
|
asm = Assemblers.getAssembler(currentProgram)
|
||||||
|
# Get the address range
|
||||||
|
addrRange = currentSelection.getAddressRanges().next()
|
||||||
|
currAddr = addrRange.minAddress
|
||||||
|
# Count the number of patches
|
||||||
|
count = 0
|
||||||
|
|
||||||
|
while currAddr < addrRange.maxAddress:
|
||||||
|
instr = getInstructionAt(currAddr)
|
||||||
|
if instr.toString() == "INT3":
|
||||||
|
count += 1
|
||||||
|
asm.assemble(currAddr, "NOP")
|
||||||
|
unit = listing.getCodeUnitAt(currAddr)
|
||||||
|
unit.setComment(unit.PRE_COMMENT, "Hypercall")
|
||||||
|
|
||||||
|
currAddr = instr.getNext().getAddress()
|
||||||
|
|
||||||
|
print('[*] Removed {} int3.'.format(count))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
# Replaces all INT3 instructions in the selection by NOPs
|
|
||||||
#@author AlxCzl
|
|
||||||
#@category Instructions
|
|
||||||
#@keybinding
|
|
||||||
#@menupath
|
|
||||||
#@toolbar
|
|
||||||
|
|
||||||
def main():
|
|
||||||
"""Main"""
|
|
||||||
|
|
||||||
if not currentSelection:
|
|
||||||
print("[!] Please select the range to be patched")
|
|
||||||
return
|
|
||||||
|
|
||||||
print('[*] Patching instructions...')
|
|
||||||
|
|
||||||
addrRange = currentSelection.getAddressRanges().next()
|
|
||||||
currAddr = addrRange.minAddress
|
|
||||||
count = 0
|
|
||||||
|
|
||||||
while currAddr < addrRange.maxAddress:
|
|
||||||
currVal = getByte(currAddr)
|
|
||||||
if currVal == 0xcc - 256:
|
|
||||||
count += 1
|
|
||||||
setByte(currAddr, 0x90)
|
|
||||||
|
|
||||||
currAddr = currAddr.add(1)
|
|
||||||
|
|
||||||
print('[*] Removed {} int3.'.format(count))
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
main()
|
|
||||||
Reference in New Issue
Block a user