Scripting a Processor Module

Introduced in IDA 5.7, the capability to create processor modules using one of IDA’s scripting languages somewhat simplifies the creation of processor modules. If nothing else, it completely eliminates the build phase of module creation. Elias Bachaalany of Hex-Rays introduced scripted processor modules in a post on Hex Blog[139] and IDA’s EFI bytecode processor module is implemented as a Python script (see <IDADIR>/procs/ebc.py). Note that while the Hex Blog post serves as useful background, the actual API used for scripting processor modules seems to have evolved. The best place for you to start development of your own processor module script is with the template module that ships with the SDK (see <SDKDIR>/module/script/proctemplate.py). Among other things, this template enumerates all of the fields required in a Python processor module.

Scripted processor modules make use of nearly all elements discussed previously. Understanding these elements will ease your transition to scripted modules. Additionally, the three Python processor modules that currently ship with IDA (as of IDA 6.1) serve as excellent examples from which to begin your own module development. The structure of these two modules is a bit easier to understand than the C++ examples that ship with the SDK, which span several files and require you to correctly configure a build environment.

From a very high level, two things are required to implement a processor module in Python:

  • Define a subclass idaapi.processor_t, providing implementations for all required processor module functions such as emu, ana, out, and outop.

  • Define a PROCESSOR_ENTRY function (not a member of your subclass) that returns an instance of your processor class.

The following listing begins to outline some of the required elements:

from idaapi import *

class demo_processor_t(idaapi.processor_t):
   # Initialize required processor data fields including id and
   # assembler and many others. The assembler field is a dictionary
   # containing keys for all of the fields of an asm_t. A list of
   # instructions named instruc is also required. Each item in the list
   # is a two-element dictionary containing name and feature keys.

   # Also define functions required by processor_t such as those below.

   def ana(self):
      # analyzer behavior

   def emu(self):
      # emulator behavior

   def out(self):
      # outputter behavior

   def outop(self):
      # outop behavior

# define the processor entry point function which instantiates
# and returns an instance of processor_t
def PROCESSOR_ENTRY():
    return demo_processor_t()

A valid Python processor module contains far more fields and functions than shown above, essentially mirroring the fields required in any processor module implemented in C++. Once your script is complete, installation of your module is accomplished by copying your script to <IDADIR>/procs.


[139] See http://www.hexblog.com/?p=116.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.14.134.130