Merge pull request #93 from imbillow/v500

V500 Support

Author: XVilka

idb/analysis.py

@@ -485,7 +485,7 @@ def pcb_version(self):
         v_ea_t = v_word
         v_sel_t = v_word
 
-        if 610 <= self.version < 700:
+        if 480 <= self.version < 700:
             self.vsAddField("lflags", v_uint8())  # 0x0d
             self.vsAddField("demnames", v_uint8())
 
@@ -573,9 +573,9 @@ def pcb_version(self):
             self.vsAddField("margin", v_uint16())
             self.vsAddField("lenxref", v_uint16())
 
-            self.vsAddField("lprefix", v_str(size=16))
+            self.vsAddField("lprefix", v_str(size=16))  # 167
 
-            self.vsAddField("lprefixlen", v_uint8())
+            self.vsAddField("lprefixlen", v_uint8())  # 183
             self.vsAddField("compiler", v_uint8())
             self.vsAddField("model", v_uint8())
             self.vsAddField("sizeof_int", v_uint8())
@@ -586,7 +586,10 @@ def pcb_version(self):
             self.vsAddField("sizeof_long", v_uint8())
             self.vsAddField("sizeof_llong", v_uint8())
 
-            self.vsAddField("change_counter", v_uint32())
+            if self.len_sbytes < 193:
+                return
+
+            self.vsAddField("change_counter", v_uint32())  # 193
 
             self.vsAddField("sizeof_ldbl", v_uint8())
 
@@ -1051,10 +1054,13 @@ def get_type(self):
         # nodeid: ff000078 tag: S index: 0x3000
         # 00000000: 3D 0A 48 49 4E 53 54 41  4E 43 45 00              =.HINSTANCE.
 
-        v = self.netnode.supval(tag="S", index=0x3000)
-        s = TypeString()
-        s.vsParse(v)
-        return s.s
+        try:
+            v = self.netnode.supval(tag="S", index=0x3000)
+            s = TypeString()
+            s.vsParse(v)
+            return s.s
+        except KeyError:
+            return None
 
     def get_enum_id(self):
         return self.netnode.altval(tag="A", index=0xB)
@@ -1122,6 +1128,14 @@ class Struct:
     """
 
     def __init__(self, db, identity):
+        """from https://github.com/nlitsme/pyidbutil/blob/7705bcde167fd34a5800bfe54ba99d195b44bbbb/idblib.py#L1380
+            Decodes info for structures
+            (structnode, N)          = structname
+            (structnode, D, address) = xref-type
+            (structnode, M, 0)       = packed struct info
+            (structnode, S, 27)      = packed value(addr, byte)
+        """
+
         self.idb = db
 
         if isinstance(identity, six.integer_types):
@@ -1146,9 +1160,6 @@ def get_members(self):
         flags = u.dd()
         count = u.dd()
 
-        if not flags & STRUCT_FLAGS.SF_FRAME:
-            raise RuntimeError("unexpected frame header")
-
         for i in range(count):
             nodeid_offset = u.addr()
             _ = u.addr()

tests/test_analysis.py

@@ -38,7 +38,7 @@ def lpluck(prop, s):
 def test_root(kernel32_idb, version, bitness, expected):
     root = idb.analysis.Root(kernel32_idb)
 
-    assert root.version in (610, 640, 650, 670, 680, 695, 700)
+    assert root.version in (480, 610, 640, 650, 670, 680, 695, 700)
     assert root.get_field_tag("version") == "A"
     assert root.get_field_index("version") == -1
 
@@ -140,7 +140,7 @@ def test_struct(kernel32_idb, version, bitness, expected):
         "lpReserved",
     ]
 
-    assert members[2].get_type() == "HINSTANCE"
+    assert members[2].get_type() == ("HINSTANCE" if version > 500 else None)
 
 
 @kern32_test()
@@ -170,7 +170,7 @@ def test_function(kernel32_idb, version, bitness, expected):
     # .text:689016B8 8B EC                                   mov     ebp, esp
     # .text:689016BA 81 EC 14 02 00 00                       sub     esp, 214h
     sub_689016B5 = idb.analysis.Function(kernel32_idb, 0x689016B5)
-    if version <= 700:
+    if 500 < version <= 700:
         assert sub_689016B5.get_name() == "sub_689016B5"
     else:
         assert sub_689016B5.get_name() == "__BaseDllInitialize@12"
@@ -319,11 +319,15 @@ def test_segments(kernel32_idb, version, bitness, expected):
         0x689DB000,
         0x689DD000,
     ]
-    assert list(sorted(map(lambda s: s.endEA, segs.values()))) == [
-        0x689DB000,
-        0x689DD000,
-        0x689DE230,
-    ]
+    end_ea = list(sorted(map(lambda s: s.endEA, segs.values())))
+    if version > 500:
+        assert end_ea == [
+            0x689DB000,
+            0x689DD000,
+            0x689DE230,
+        ]
+    else:
+        assert end_ea == [1755164672, 1755169504, 1755177520]
 
 
 @kern32_test(
@@ -621,21 +625,24 @@ def test_idainfo(kernel32_idb, version, bitness, expected):
         assert idainfo.tag == "IDA"
     elif version == 700:
         assert idainfo.tag == "ida"
-    assert 610 <= idainfo.version <= 700
+    assert 480 <= idainfo.version <= 700
     assert idainfo.procname == "metapc"
 
     # Portable Executable (PE)
     assert idainfo.filetype == 11
-    if version == 695:
+    if version <= 695:
         assert idainfo.af == 0xFFFF
         assert idainfo.ascii_break == ord("\n")
-        # Visual C++
-        assert idainfo.compiler == 0x01
+        if version == 630:
+            assert idainfo.compiler == 129
+        else:
+            assert idainfo.compiler == 0x01
         assert idainfo.sizeof_int == 4
-        assert idainfo.sizeof_bool == 1
+        assert idainfo.sizeof_bool in (1, 4)
         assert idainfo.sizeof_long == 4
         assert idainfo.sizeof_llong == 8
-        assert idainfo.sizeof_ldbl == 8
+        if version > 500:
+            assert idainfo.sizeof_ldbl == 8
     elif version >= 700:
         assert idainfo.af == 0xDFFFFFF7
         assert idainfo.strlit_break == ord("\n")

tests/test_idaapi.py

@@ -337,8 +337,10 @@ def test_func_t(kernel32_idb, version, bitness, expected):
     assert idb.idapython.is_flag_set(flags, api.ida_funcs.FUNC_THUNK) is False
     assert idb.idapython.is_flag_set(flags, api.ida_funcs.FUNC_BOTTOMBP) is False
     assert idb.idapython.is_flag_set(flags, api.ida_funcs.FUNC_NORET_PENDING) is False
-    assert idb.idapython.is_flag_set(flags, api.ida_funcs.FUNC_SP_READY) is True
-    assert idb.idapython.is_flag_set(flags, api.ida_funcs.FUNC_PURGED_OK) is True
+
+    if version > 500:
+        assert idb.idapython.is_flag_set(flags, api.ida_funcs.FUNC_SP_READY) is True
+        assert idb.idapython.is_flag_set(flags, api.ida_funcs.FUNC_PURGED_OK) is True
     assert idb.idapython.is_flag_set(flags, api.ida_funcs.FUNC_TAIL) is False
     # also demonstrate finding the func from an address it may contain.
     # note: this can be a pretty slow search, since we do everything on demand
@@ -554,6 +556,9 @@ def test_get_mnem(kernel32_idb, version, bitness, expected):
 
 @kern32_test()
 def test_functions(kernel32_idb, version, bitness, expected):
+    if version <= 500:
+        return
+
     api = idb.IDAPython(kernel32_idb)
 
     funcs = api.idautils.Functions()
@@ -577,13 +582,14 @@ def test_function_names(kernel32_idb, version, bitness, expected):
     )
     assert (
         api.idc.GetFunctionName(0x689016B5) == "sub_689016b5"
-        if version <= 700
+        if 500 < version <= 700
         else "__BaseDllInitialize@12"
     )
 
-    with pytest.raises(KeyError):
-        # this is issue #7.
-        _ = api.idc.GetFunctionName(0x689018E5)
+    if version > 500:
+        with pytest.raises(KeyError):
+            # this is issue #7.
+            _ = api.idc.GetFunctionName(0x689018E5)
 
 
 @pytest.mark.slow
@@ -651,7 +657,7 @@ def test_all_comments(kernel32_idb, version, bitness, expected):
 def test_LocByName(kernel32_idb, version, bitness, expected):
     api = idb.IDAPython(kernel32_idb)
 
-    if version <= 700:
+    if 500 < version <= 700:
         assert api.idc.LocByName("CancelIo") == 0x6892E70A
         assert api.idc.GetFunctionName(api.idc.LocByName("CancelIo")) == "CancelIo"
 
@@ -976,7 +982,9 @@ def test_ida_structs(kernel32_idb, version, bitness, expected):
     idapy = idb.IDAPython(kernel32_idb)
     assert idapy.ida_struct.get_first_struc_idx() == 0
     last_idx = idapy.ida_struct.get_last_struc_idx()
-    if version <= 630:
+    if version == 500:
+        assert last_idx == 23
+    elif version <= 630:
         assert last_idx == 31
     elif version <= 700:
         assert last_idx == 0x29

tests/test_idb.py

@@ -255,7 +255,7 @@ def test_find_exact_match_min(kernel32_idb, version, bitness, expected):
 
 @kern32_test()
 def test_find_exact_match_max(kernel32_idb, version, bitness, expected):
-    if version <= 700:
+    if 500 < version <= 700:
         maxkey = h2b("4e776373737472")
         assert kernel32_idb.id0.find(maxkey).key == maxkey
 

tests/test_netnode.py

@@ -22,8 +22,16 @@ def test_valobj(kernel32_idb, version, bitness, expected):
     # Out[29]: 'Z:\\home\\user\\Downloads\\kernel32\\kernel32.dll\x00'
     root = idb.netnode.Netnode(kernel32_idb, ROOT_NODEID)
     assert root.value_exists() is True
-    assert root.valobj().endswith(b"kernel32.dll\x00")
-    assert root.valstr().endswith("kernel32.dll")
+    if version > 500:
+        assert root.valobj().endswith(b"kernel32.dll\x00")
+        assert root.valstr().endswith("kernel32.dll")
+    else:
+        assert root.valobj().endswith(
+            b"ba1bc09b7bb290656582b4e4d896105caf00825b557ce45621e76741cd5dc262\x00"
+        )
+        assert root.valstr().endswith(
+            "ba1bc09b7bb290656582b4e4d896105caf00825b557ce45621e76741cd5dc262"
+        )
 
 
 @kern32_test(
@@ -43,8 +51,9 @@ def test_sups(kernel32_idb, version, bitness, expected):
 def test_alts(kernel32_idb, version, bitness, expected):
     root = idb.netnode.Netnode(kernel32_idb, ROOT_NODEID)
     uint = kernel32_idb.uint
+    alts = list(root.alts())
     if version > 680:
-        assert list(root.alts()) == [
+        assert alts == [
             uint(-8),
             uint(-6),
             uint(-5),
@@ -53,15 +62,23 @@ def test_alts(kernel32_idb, version, bitness, expected):
             uint(-2),
             uint(-1),
         ]
-    else:
-        assert list(root.alts()) == [
+    elif version >= 630:
+        assert alts == [
             uint(-6),
             uint(-5),
             uint(-4),
             uint(-3),
             uint(-2),
             uint(-1),
         ]
+    else:
+        alts == [
+            uint(-5),
+            uint(-4),
+            uint(-3),
+            uint(-2),
+            uint(-1),
+        ]
 
 
 # the small netnode has a root btree node with a single child.