REVEN-Axion 2018v1.5.0
ida_name_binding_reven_to_ida.py

This is an example of IDA script using the REVEN Python API. Must be run from IDA!

See the script's documentation below for more information:

1 """
2 Purpose:
3  This script updates names in a IDA analyzed binary project using symbol names
4  of the corresponding binary analyzed in REVEN.
5 
6 Usage:
7  Use IDA to load the binary, and customize the following arguments before
8  executing the script:
9  host = your REVEN server name, and
10  port = your REVEN project on this host.
11 
12 Remark:
13  This script takes all "symbol names" of the corresponding binary in REVEN to bind
14  locations of the analyzed binary in IDA. We should note that:
15  - the name of the binary must be obtained from REVEN (that is usually the
16  case if "dump process" is executed properly), and be case insentively
17  identical with the one analyzed in IDA (i.e. we do not rename the binary)
18 
19  - if there is several binaries of the same name (but located at different
20  paths), then the first one will be used for name binding only.
21 """
22 
23 
24 import idaapi
25 import idautils
26 import idc
27 
28 import reven
29 
30 
31 def main(host, port):
32  project = reven.Project(host, port)
33  name_binding = get_reven_name_binding(project)
34  if name_binding is not None:
35  update_binding(name_binding)
36  print 'binding names from REVEN to IDA done.'
37  else:
38  print 'binary {:s} cannot found in the REVEN project'.format(os.path.basename(idc.GetInputFilePath()))
39 
40 
41 def get_reven_name_binding(reven_project):
42  """
43  Retrieve all known REVEN's symbols for current IDA's binary and return them as a map of {address: name}.
44  If no matching binary is found in REVEN's binary list, return None
45  """
46  # Binary path is irrelevant, only the name matters.
47  binary_basename = os.path.basename(idc.GetInputFilePath()).lower()
48  name_binding = {}
49 
50  # `Project.binaries()` returns a map {path: binary_object}, see documentation for more details.
51  for path, binary in reven_project.binaries().items():
52  if os.path.basename(path) == binary_basename:
53  name_binding = {symbol.rva: symbol.name for symbol in binary.symbols}
54  break
55  else:
56  name_binding = None
57 
58  return name_binding
59 
60 
61 def update_binding(name_binding):
62  base_addr = idaapi.get_imagebase()
63  for offset in name_binding:
64  print 'bind 0x{:x} as {:s}'.format(base_addr + offset, name_binding[offset])
65  idaapi.set_name(base_addr + offset, name_binding[offset],
66  idaapi.SN_NOCHECK | idaapi.SN_NOWARN)
67 
68 
69 if __name__ == '__main__':
70  host_port_str = idc.AskStr('localhost:13370', "REVEN's project address")
71  if host_port_str is not None:
72  try:
73  host, port_str = host_port_str.split(':')
74  port = int(port_str)
75  print("REVEN's project: {}:{}").format(host, port)
76  main(host, port)
77  except ValueError:
78  print("please give a correct REVEN\'s project address, e.g. localhost:13370")
79  except RuntimeError as e:
80  print('{}').format(e)
81  except:
82  print('unknown error')