IDA processor module

IDA processor module"/>

IDA processor module

IDA 处理器模块

     1.主要解析非主流的文件格式，或者自定义的文件格式。

     2.放置在路径 IDAX\procs\ 之下。

一个最小的IDA空处理器模块必须包含以下要素：

必须要有的函数
1.def notify_emu(self, insn):
2.def notify_out_insn(self, ctx):
3.def notify_ana(self, insn):
4.def notify_out_operand(self, ctx, op):

必须要有的字段

1.Processor field 'reg_names' is missing or incorrectly defined

2.Processor field 'reg_first_sreg' is missing or incorrectly defined

3.Processor field 'reg_code_sreg' is missing or incorrectly defined

4.Processor field 'instruc_end' is missing or incorrectly defined

5.Missing processor instructions definition

一个最小的处理器模块：

#!/usr/bin/python2.7  
# -*- coding: utf-8 -*-  import sys
from ida_bytes import *
from ida_ua import *
from ida_idp import *
from ida_auto import *
from ida_nalt import *
import ida_frame
from ida_funcs import *
from ida_lines import *
from ida_problems import *
import ida_offset
from ida_segment import *
from ida_name import *
from ida_netnode import *
import idautils
import idcclass test_processor_t(processor_t):id = 0x800+1234flag = PR_ASSEMBLE | PR_SEGS | PR_DEFSEG32 | PR_USE32 | PRN_HEX | PR_RNAMESOK | PR_NO_SEGMOVEcnbits = 8dnbits = 8psnames = ['test']plnames = ['test proc']segreg_size = 0instruc_start = 0tbyte_size = 0assembler = {'flag' : ASH_HEXF3 | AS_COLON | ASB_BINF0 | ASO_OCTF1 | AS_NCMAS,'uflag' : 0,'name': "test assembler",'origin': "",'end': "end",'cmnt': ";",'ascsep': "\"",'accsep': "'",'esccodes': "\"'",'a_ascii': ".ascii",'a_byte': ".byte",'a_word': ".short",'a_dword': ".int",'a_qword': ".quad",'a_oword': ".int128",'a_float': ".float",'a_double': ".double",#'a_tbyte': "dt",#'a_dups': "#d dup(#v)",'a_bss': "dfs %s",'a_seg': "seg",'a_curip': ".",'a_public': "public",'a_weak': "weak",'a_extrn': ".extrn",'a_comdef': "",'a_align': ".align",'lbrace': "(",'rbrace': ")",'a_mod': "%",'a_band': "&",'a_bor': "|",'a_xor': "^",'a_bnot': "~",'a_shl': "<<",'a_shr': ">>",'a_sizeof_fmt': "size %s",}#第一步?def __init__(self):processor_t.__init__(self)self.PTRSZ = 4 self.init_instructions()self.init_registers()def init_instructions(self):class idef:"""Internal class that describes an instruction by:- instruction name- instruction decoding routine- canonical flags used by IDA"""def __init__(self, name, d, cf, cmt = None):self.name = nameself.d = dself.cf  = cfself.cmt = cmt## Instructions table (w/ pointer to decoder)#self.itable = {0xff: idef(name='test', d=self.decode_test, cf=CF_USE1, cmt=''),}# Now create an instruction table compatible