IDA Script failing to find entry point in ARM binaries

2018-06-25 03:31:25

I have a python script that invokes an ida script on any binaries that are in its target directory. The ida script finds beginEA(), and then iterates in order to output a .gdl file for each function in the binary, where each gdl contains the basic blocks of that function. The architectures I am dealing with are arm, mips, and x86. Until recently I had been testing on binaries provided by another team. The details of how they compiled them are unknown to us ATM but I am pursuing finding out. When I compile binaries myself and feed them into my ida script everything works perfectly for mips and x86, but not for ARM.

I have been testing with a simple helloworld.c. For x86 I compile with a simple gcc helloworld.c, and mips-linux-gnu-gcc hw.c For arm I have tried all gcc variants I could find in ubuntu's repo. Here is my current .idc

#include <idc.idc>
static main()
{ 


    Wait();
    auto currAddr, func, endSeg, funcName, counter, gdlPath, funcPath, funcStart, funcEnd;
    auto log_path, logfile;
    log_path=sprintf("/home/fury/Desktop/%s_log.txt",GetInputFile());
    logfile=fopen(log_path,"w");


    gdlPath = GetIdbPath();
    gdlPath = substr(gdlPath,0,strlen(gdlPath)-4);

    currAddr = BeginEA();
    func = SegStart(currAddr);
    endSeg = SegEnd(currAddr);

    fprintf(logfile,"currAddr=%dn",currAddr);
    fprintf(logfile,"func=%dn",func);
    fprintf(logfile,"endSeg=%dn",endSeg);

    counter = 0;    
    while (func != BADADDR && func < endSeg){
        funcName = GetFunctionName(func);

        if (funcName != "") {
            funcStart = GetFunctionAttr(func, FUNCATTR_START);
            funcEnd = GetFunctionAttr(func, FUNCATTR_END);
            ++counter;      
            funcPath = gdlPath+"@"+funcName+".gdl";
            GenFuncGdl(funcPath, funcName, func, BADADDR, CHART_PRINT_NAMES|CHART_GEN_GDL);
        }
        func = NextFunction(func);
    }
    fprintf(logfile,"%d gdl's created for %sn",counter,GetInputFile());
    fclose(logfile);
    Exit(0);
}

The line currAddr=BeginEA() is where the behavior starts to diverge for executions with ARM input. This starts chain reaction that touches func and endseg leading to the while loop never executing. Here are simple logs evidencing this. Normally we see addresses like the following:

currAddr=134513424
func=134513424
endSeg=134513858
9 gdl's created for x86_@NAME:addition

But for ARM binaries I am getting -1 which is the IDA constant for BADADDR.

currAddr=-1
func=-1
endSeg=-1
0 gdl's created for arm-linux-gnueabi-gcc_@NAME:addition

I should also mention that if I open these ARM binaries using GUI I can generate the gdl manually without problem, but I really need to automate this. If I open an x86 and arm binary in ida gui, to my relatively amateur eyes they look the same. Because my knowledge of compilers and reversing is generally poor I am hoping I am overlooking something simple. Also, I need command line applicable solutions as this is meant to be done on 1000's of files at a time. I have tried everything I can think of, please assist if possible.

UPDATE: I ended up switching gears and using Objdump with debug info and constructing basic blocks myself, but now I am faced with having to compile an entire data set with debug info manually if I cannot solve the IDA problem.

链接地址: http://www.djcxy.com/p/70406.html

上一篇: 使用RequireJS加载Backbone和Underscore

下一篇: IDA脚本无法在ARM二进制文件中找到入口点