Editing IDA pro disassembler and debugger

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 32: Line 32:


Source code and precompiled plugins:  
Source code and precompiled plugins:  
http://www.ps3hax.net/attachment.php?attachmentid=3039&d=1376890580
<strike>http://www.ps3hax.net/attachment.php?attachmentid=3039&d=1376890580</strike>
found on hax in forum, you may wish to relocate
found on hax in forum, you may wish to relocate


Mirror: <strike>http://akitel.com/download/ppcjt.rar</strike>
Mirror: <strike>http://akitel.com/download/ppcjt.rar</strike>
 
re-upload this?
 
Fixed downloads for PPCJT v0.3:
* http://web.archive.org/web/20120512013125/http://akitel.com/download/ppcjt.rar
* http://playstation.lukeeey.tk/static/ppcjt.rar


==Optional==
==Optional==
Line 47: Line 43:
*ppchelper // http://www.hex-rays.com/contest2009/PPCHelper/ppchelper.zip
*ppchelper // http://www.hex-rays.com/contest2009/PPCHelper/ppchelper.zip
*ppc2c // http://www.hex-rays.com/contest2009/PPC2C/ppc2c.zip
*ppc2c // http://www.hex-rays.com/contest2009/PPC2C/ppc2c.zip
*pypyc2c - improved ppc2c ported to ida python (ida 7.4+, python3) // https://github.com/Goatman13/pypyc2c
*spu2c - ppc2c inspired spu plugin (ida 7.4+, python3) // https://github.com/Goatman13/spu2c
*altivec2c - ppc2c inspired altivec plugin (ida 7.4+, python3) // https://github.com/Goatman13/altivec2c
*xorloser's PS3 Loaders // http://rghost.net/46524423
*xorloser's PS3 Loaders // http://rghost.net/46524423
*xorloser's PPCAltivec plugin (not required since ida 6.1+) // http://xorloser.com/blog/wp-content/uploads/2009/05/ppcaltivec-plugin-for-ida-v52.rar (reup)
*xorloser's PPCAltivec plugin // http://xorloser.com/blog/wp-content/uploads/2009/05/ppcaltivec-plugin-for-ida-v52.rar (reup) / <span style="text-decoration: line-through;">http://megaupload.com/?d=MYVWMKUP</span>
*xorloser's ps3.xml (updated lv2syscalls + sysmodules) : [[Ps3.xml]]
*xorloser's ps3.xml (updated lv2syscalls + sysmodules) (down?)<span style="text-decoration: line-through;"> http://paste2.org/p/1437457</span>
*ida-spu http://code.google.com/p/ida-spu/ // [http://www.multiupload.com/28N7UHCG8J spu_processor_module_1.2.1.zip (114.25 KB)]
*ida-spu http://code.google.com/p/ida-spu/ // [http://www.multiupload.com/28N7UHCG8J spu_processor_module_1.2.1.zip (114.25 KB)]
*more Exports for fnids.idh : [[Fnids.idh]]
*more Exports for fnids.idh (down?)<span style="text-decoration: line-through;">http://paste2.org/p/1802527</span>
*updated syscall_names.idh (reup!) // https://github.com/kakaroto/ps3ida/blob/master/syscall_names.idh
*updated syscall_names.idh (reup!) // https://github.com/kakaroto/ps3ida/blob/master/syscall_names.idh


Line 73: Line 66:
=Continuing your or someone else's work in another database=
=Continuing your or someone else's work in another database=


You might stump with someone's IDA database and you would like to continue their work.
You might stump with someone's IDA database and you would like to continue his work.
Or you found that there is a new great plugin/script that makes everything easier, but you don´t want to lose your work.
Or you found that there is a new great plugin/script that makes everything easier but you don´t want to loose your work.


==Continuing graf_chokolo's work==
==Continuing graf_chokolo's work==
Line 93: Line 86:
Assuming you produced a file named DATABASE.IDC
Assuming you produced a file named DATABASE.IDC


This file contains all what they have done to their database. We only want their function renames and comments so in linux we do
This file contains all what he has done to his database. We only want his function renames and comments so in linux we do
<pre>
<pre>
grep "MakeComm" DATABASE.IDC
grep "MakeComm" DATABASE.IDC
Line 171: Line 164:
= Recommended IDA references =
= Recommended IDA references =
* [http://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593271786/ref=sr_1_1?ie=UTF8&qid=1328764116&sr=8-1 The IDA Pro Book - The Unofficial Guide to the World's Most Popular Disassembler - by Chris Eagle] / August 2008, 640 pp. $59.95 / ISBN-10 1-59327-178-6 / ISBN-13 978-1-59327-178-7
* [http://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593271786/ref=sr_1_1?ie=UTF8&qid=1328764116&sr=8-1 The IDA Pro Book - The Unofficial Guide to the World's Most Popular Disassembler - by Chris Eagle] / August 2008, 640 pp. $59.95 / ISBN-10 1-59327-178-6 / ISBN-13 978-1-59327-178-7
= Scripts =
==vmlinux kallsyms==
This kallsyms.py script resolves all kallsyms symbols from the kernel in \opt\ibm\systemsim-cell\images\cell\vmlinux
<source lang="python">
# Linux kernel kallsyms unpacker
# Version 0.1ps3
# Copyright (c) 2010 Igor Skochinsky
#
# This software is provided 'as-is', without any express or implied
# warranty. In no event will the authors be held liable for any damages
# arising from the use of this software.
#
# Permission is granted to anyone to use this software for any purpose,
# including commercial applications, and to alter it and redistribute it
# freely, subject to the following restrictions:
#
#    1. The origin of this software must not be misrepresented; you must not
#    claim that you wrote the original software. If you use this software
#    in a product, an acknowledgment in the product documentation would be
#    appreciated but is not required.
#
#    2. Altered source versions must be plainly marked as such, and must not be
#    misrepresented as being the original software.
#
#    3. This notice may not be removed or altered from any source
#    distribution.
#
#
# * IBM Full-System Simulator for the CBE Processor vmlinux support added by mysis
def do_kallsyms(do_rename, do_dump):
  token_idxs = LocByName("kallsyms_token_index")
  tokens = LocByName("kallsyms_token_table")
  names = LocByName("kallsyms_names")
  addrs = LocByName("kallsyms_addresses")
  namecnt = LocByName("kallsyms_num_syms")
  if namecnt == BADADDR:
    Warning("kallsyms_num_syms is not defined!");
    return
  #namecnt = Dword(namecnt)
  namecnt = Qword(namecnt)
  if tokens == BADADDR:
    Warning("kallsyms_token_table is not defined!");
    return
  if token_idxs == BADADDR:
    Warning("kallsyms_token_index is not defined!");
    return
  if names == BADADDR:
    Warning("kallsyms_names is not defined!");
    return
  if addrs == BADADDR:
    Warning("kallsyms_addresses is not defined!");
    return
  nametbl = []
  tokentbl = []
  for i in range(256):
    idx = Word(token_idxs+i*2)
    #idx = Qword(token_idxs+i*8)
    token = GetString(tokens+idx, -1, 0)
    #print "token %d: %s"%(i, token)
    if token == None: token=""
    tokentbl.append(token)
  if do_dump:
    dump = file("ksym","w")
  if names != BADADDR:
    for i in range(namecnt):
      nlen = Byte(names)
      names += 1
      name = ""
      while nlen>0:
        j = Byte(names)
        #print "j: %d, token: %s"%(j, tokentbl[j])
        name += tokentbl[j]
        names += 1
        nlen -= 1
      print "Name %d: %s"%(i, name)
      #nametbl.append(name)
      #addr = Dword(addrs+i*4)
      addr = Qword(addrs+i*8)
      if do_dump:
        dump.write("%08X %s %s\n"%(addr, name[0], name[1:]))
      if do_rename and name.find(".") == -1:
        print "%08X: %s"%(addr, name[1:])
        if isTail(GetFlags(addr)):
            MakeUnkn(addr, DOUNK_SIMPLE)
        if Qword(addr) > 0xC000000000000000 and Qword(addr) < 0xC0000000004ACA6C or Qword(addr) > 0xC000000000660000 and Qword(addr) < 0xC0000000006A3D40 :
            MakeNameEx(Qword(addr), name[1:], SN_NOWARN)
        else:
            MakeNameEx(addr, name[1:], SN_NOWARN)
       
 
  if do_dump:
    dump.close()
# you will need to find the kallsyms_num_syms value in the kernel image
# and all other tables mentioned below
# consult kallsyms.c from the kernel sources
# after that the script can parse the tables and create the symbols list
a = 0xC000000000545600
MakeName(a, "kallsyms_num_syms")
n = Qword(a)
b = (a - n*8) & ~0xFF
MakeName(b, "kallsyms_addresses")
MakeName(0xC000000000545700, "kallsyms_names")




MakeName(0xC0000000005C8600, "kallsyms_token_table")
MakeName(0xC0000000005C8A00, "kallsyms_token_index")
do_kallsyms(True, True)
</source>
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)