ida_name_binding_ida_to_reven.py

• Linux path to script:
  • Not shipped on Linux (IDA script)
• Windows path to script:
  • amd64: C:\Program Files (x86)\Reven-PythonAPI-amd64\python-examples\ida\ida_name_binding_ida_to_reven.py
  • x86: C:\Program Files (x86)\Reven-PythonAPI-x86\python-examples\ida\ida_name_binding_ida_to_reven.py

This is an example of IDA script using the REVEN Python API. Must be run from IDA!

See the script's documentation below for more information:

"""
Purpose:
    This script updates symbol names in a REVEN's project using bound names of the
    corresponding binary analyzed in IDA.

Usage:
    Use IDA to load the binary, and give the following arguments before
    executing the script:
        host = your REVEN server name, and
        port = your REVEN project on this host.

Remark:
    This script takes all basic block names and use them to assign "symbol names"
    for the corresponding binary in REVEN. We should note that:
        - the name of the binary must be obtained from REVEN (that is usually the
          case if "dump process" is executed properly), and be case insentively
          identical with the one analyzed in IDA (i.e. we do not rename the binary)

        - only function names are used for binding

        - if there is several binaries of the same name (but located at different
          paths), then the first one will be used for name binding only.
"""


import idaapi
import idautils
import idc

import reven


def main(host, port):
    project = reven.Project(host, port)
    binary_path = get_binary_runtime_path(project)

    if binary_path is not None:
        name_binding = get_name_binding()
        update_binding(binary_path, project, name_binding)
        print 'binding names from IDA to REVEN done.'
    else:
        print 'binary {} not found in the REVEN\'s project'.format(os.path.basename(idc.GetInputFilePath()))


def get_binary_runtime_path(reven_project):
    """
    Look for current IDA's binary name in the REVEN trace's binaries.
    If found, return the full path it was located at at runtime, otherwise return None.
    """
    binary_basename = os.path.basename(idc.GetInputFilePath()).lower()
    main_binary_path = None
    for bin_path in reven_project.binaries():
        bin_basename = os.path.basename(bin_path).lower()
        # We will look for the first matched name only...
        if bin_basename == binary_basename:
            main_binary_path = bin_path
            # so break immediately when found
            break
    return main_binary_path


def update_binding(binary_path, reven_project, name_binding):
    """
    Update REVEN project's symbol base with known IDA symbols
    """
    base_addr = idaapi.get_imagebase()
    for offset in name_binding:
        print "bind 0x{:x} as {:s}".format(base_addr + offset, name_binding[offset])

    symbols = [reven.Symbol(offset, name_binding[offset]) for offset in name_binding]

    # Note we add all symbols with a single call to keep overhead low.
    # If symbols were previously defined, they are overriden.
    reven_project.add_symbols_to_binary(binary_path, symbols)


def get_name_binding():
    name_binding = {}
    base_addr = idaapi.get_imagebase()
    for fun_head in idautils.Functions():
        fun_name = idc.GetFunctionName(fun_head)
        if fun_name is not None:
            name_binding[fun_head - base_addr] = fun_name

    return name_binding


if __name__ == '__main__':
    host_port_str = idc.AskStr('localhost:13370', "REVEN's project address")
    if host_port_str is not None:
        try:
            host, port_str = host_port_str.split(':')
            port = int(port_str)
            print("REVEN's project: {}:{}").format(host, port)
            main(host, port)
        except ValueError:
            print("please give a correct REVEN\'s project address, e.g. localhost:13370")
        except RuntimeError as e:
            print('{}').format(e)
        except:
            print('unknown error')