Merge pull request #21 from zznop/3-structs-bn-to-ida

Transfer structures from BN to IDA
zznop · Dec 28, 2019 · b92011d · b92011d
2 parents 8bd7324 + 3b1a595
commit b92011d
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 2 deletions.
diff --git a/binja/binja_export.py b/binja/binja_export.py
@@ -1,6 +1,7 @@
 import json
 from optparse import OptionParser
 from binaryninja import *
+from collections import OrderedDict
 
 """
 Exports analysis data from a BN database to a bnida JSON file
@@ -106,6 +107,35 @@ def get_line_comments(self):
 
         return comments
 
+    def get_structures(self):
+        """
+        Export structures/types
+
+        :return: Dict containing structure info
+        """
+
+        structures = OrderedDict()
+        for type_token in self.bv.types:
+            typ = self.bv.get_type_by_name(type_token)
+            if typ.structure is None:
+                continue
+
+            struct_name = type_token.name[0]
+            members = {}
+            for member in typ.structure.members:
+                members[member.name] = {}
+                members[member.name]['offset'] = member.offset
+                members[member.name]['size']   = member.type.width
+                members[member.name]['type']   = ''
+                for token in member.type.tokens:
+                    members[member.name]['type'] += str(token)
+
+            structures[struct_name] = {}
+            structures[struct_name]['size'] = typ.structure.width
+            structures[struct_name]['members'] = members
+
+        return structures
+
     def run(self):
         """
         Export analysis data to bnida JSON file
@@ -118,7 +148,7 @@ def run(self):
         json_array['functions']      = self.get_functions()
         json_array['func_comments']  = self.get_function_comments()
         json_array['line_comments']  = self.get_line_comments()
-        json_array['structs']        = {} # TODO
+        json_array['structs']        = self.get_structures()
 
         with open(self.options.json_file, 'w+') as f:
             json.dump(json_array, f, indent=4)

diff --git a/ida/ida_import.py b/ida/ida_import.py
@@ -3,6 +3,8 @@
 import ida_kernwin
 import idaapi
 import ida_segment
+import ida_struct
+import ida_bytes
 import json
 
 """
@@ -13,6 +15,21 @@
 __copyright__ = 'Copyright 2018, [email protected]'
 __license__   = 'MIT'
 
+def get_flag_from_type(typ):
+    """
+    Get IDA flag_t from type string
+
+    :param typ: Type string
+    """
+
+    if typ in ['uint32_t', 'int32_t', 'DWORD', 'int']:
+        return ida_bytes.dword_flag()
+    elif typ in ['uint64_t', 'int64_t', 'LONG LONG']:
+        return ida_bytes.qword_flag()
+    elif typ in ['uint16_t', 'int16_t']:
+        return ida_bytes.word_flag()
+    else:
+        return ida_bytes.byte_flag()
 
 def sanitize_name(name):
     """
@@ -67,7 +84,10 @@ def import_functions(functions, sections):
     """
 
     for addr in functions:
-        addr = adjust_addr(sections, addr)
+        addr = adjust_addr(sections, int(addr))
+        if addr is None:
+            continue
+
         if ida_funcs.get_func(addr):
             continue
 
@@ -123,6 +143,30 @@ def import_names(names, sections):
         if idc.get_name_ea_simple(name) == idaapi.BADADDR:
             idc.set_name(addr, name)
 
+def import_structures(structures):
+    """
+    Import structures
+
+    :param structures: Dict containing structure information
+    """
+
+    curr_idx = ida_struct.get_last_struc_idx() + 1
+    for struct_name, struct_info in structures.items():
+        # Create structure
+        tid = ida_struct.add_struc(curr_idx, struct_name)
+
+        # Get struct object and add members
+        struct = ida_struct.get_struc(tid)
+        for member_name, member_info in struct_info['members'].items():
+            flag = get_flag_from_type(member_info['type'])
+            ida_struct.add_struc_member(
+                struct, member_name, member_info['offset'],
+                flag, None, member_info['size']
+            )
+
+        curr_idx += 1
+
+
 def get_json(json_file):
     """
     Read bnida JSON file
@@ -157,6 +201,7 @@ def main(json_file):
     import_function_comments(json_array['func_comments'], json_array['sections'])
     import_line_comments(json_array['line_comments'], json_array['sections'])
     import_names(json_array['names'], json_array['sections'])
+    import_structures(json_array['structs'])
     print('[+] Done importing analysis data')
 
 if __name__ == '__main__':