Skip to content

Instantly share code, notes, and snippets.

@GaryOderNichts

GaryOderNichts/GhidraWiiSyscallUDF.java

Created November 8, 2023 22:51
Show Gist options
  • Save GaryOderNichts/0a6aa328caad917749377bdd8a58e1c8 to your computer and use it in GitHub Desktop.
Save GaryOderNichts/0a6aa328caad917749377bdd8a58e1c8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
GhidraWiiSyscallUDF.java
//Find Wii IOS syscalls via undefined instruction
//@author rw, GaryOderNichts
//@category ARM
//@keybinding
//@menupath
//@toolbar
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.util.HashMap;
import java.util.Vector;
import ghidra.app.script.GhidraScript;
import ghidra.program.model.address.Address;
import ghidra.program.model.listing.Function;
import ghidra.program.model.listing.FunctionIterator;
import ghidra.program.model.symbol.Symbol;
import ghidra.program.model.symbol.SymbolIterator;
import ghidra.program.model.symbol.SymbolTable;
import ghidra.program.model.mem.Memory;
import ghidra.program.model.symbol.SourceType;
public class GhidraWiiSyscallUDF extends GhidraScript {
private HashMap<Integer, String> Syscalls = new HashMap<Integer, String>();
@Override
protected void run() throws Exception {
File file = askFile("Please specify a syscall definition file", "Select syscalls definition");
println("Using " + file.getName() + " as syscalls description file");
BufferedReader br = new BufferedReader(new FileReader(file));
for (String line = br.readLine(); line != null; line = br.readLine()) {
String[] fields = line.split(":");
Syscalls.put(Integer.decode(fields[0]), fields[1]);
}
Memory memory = currentProgram.getMemory();
SymbolIterator iter = currentProgram.getSymbolTable().getAllSymbols(true);
while (iter.hasNext()) {
Symbol symbol = iter.next();
if (monitor.isCancelled()) {
break;
}
Address instrAddr = symbol.getAddress();
try {
int instrVal = memory.getInt(instrAddr, true);
int instr = instrVal & 0xffffe01f;
if (instr != 0xe6000010) {
continue;
}
int sysnum = (instrVal >>> 5) & 0xff;
if (!Syscalls.containsKey(sysnum)) {
continue;
}
String fnname;
String sysname = Syscalls.get(sysnum);
fnname = "IOS_" + sysname;
println("Renaming: " + symbol.getName() + " -> " + fnname);
symbol.setName(fnname, SourceType.DEFAULT);
// try to also rename thunks for thumb
if (symbol.hasReferences()) {
Address fnAddress = symbol.getReferences()[0].getFromAddress();
Function fn = currentProgram.getFunctionManager().getFunctionAt(fnAddress);
if (fn != null) {
println(" Renaming: " + fn.getName() + " -> " + fnname);
fn.setName(fnname, SourceType.DEFAULT);
}
}
} catch(Exception e) {}
}
}
}
Raw
syscalls_wii.txt
0x00:CreateThread
0x01:JoinThread
0x02:CancelThread
0x03:GetThreadId
0x04:GetProcessId
0x05:StartThread
0x06:SuspendThread
0x07:YieldThread
0x08:GetThreadPriority
0x09:SetThreadPriority
0x0A:CreateMessageQueue
0x0B:DestroyMessageQueue
0x0C:SendMessage
0x0D:JamMessage
0x0E:ReceiveMessage
0x0F:HandleEvent
0x10:UnregisterEventHandler
0x11:CreateTimer
0x12:RestartTimer
0x13:StopTimer
0x14:DestroyTimer
0x15:time_now
0x16:CreateHeap
0x17:DestroyHeap
0x18:Alloc
0x19:AllocAligned
0x1A:Free
0x1B:RegisterResourceManager
0x1C:Open
0x1D:Close
0x1E:Read
0x1F:Write
0x20:Seek
0x21:Ioctl
0x22:Ioctlv
0x23:OpenAsync
0x24:CloseAsync
0x25:ReadAsync
0x26:WriteAsync
0x27:SeekAsync
0x28:IoctlAsync
0x29:IoctlvAsync
0x2A:ResourceReply
0x2B:SetUid
0x2C:GetUid
0x2D:SetGid
0x2E:GetGid
0x2F:ahbMemFlush
0x30:syscall_ahbMemFlush_wrapper
0x31:ClearAndEnableIPCIOPIntr
0x32:ClearAndEnableDIIntr
0x33:ClearAndEnableSDIntr
0x34:ClearAndEnableEvent
0x35:AccessIobPool
0x36:alloc_iobuf
0x37:free_iobuf
0x38:iobuf_log_header_info
0x39:iobuf_log_buffer_info
0x3A:extend_iobuf
0x3B:IOS_PushIob
0x3C:IOS_PullIob
0x3D:verify_iobuf
0x3E:syscall_3e
0x3F:InvalidateDCache
0x40:FlushDCache
0x41:ppc_boot
0x42:ios_boot
0x43:boot_new_ios_kernel
0x44:assert_di_reset
0x45:deassert_di_reset
0x46:check_di_reset
0x47:get_kernel_flavor
0x48:get_unk_flavor
0x49:get_boot_vector
0x4A:GetHollywoodId
0x4B:kernel_debug_print
0x4C:SetLoMemOSVersion
0x4D:GetLoMemOSVersion
0x4E:SetDiSpinup
0x4F:VirtualToPhysical
0x50:SetDvdReadDisable
0x51:GetDvdReadDisable
0x52:SetEnableAHBPI2DI
0x53:GetEnableAHBPI2DI
0x54:SetPPCACRPerms
0x55:GetBusSpeed
0x56:ACRRegWrite
0x57:DDRRegWrite
0x58:OutputDebugPort
0x59:SetIpcAccessRights
0x5A:LaunchRM
0x5B:IOSC_CreateObject
0x5C:IOSC_DeleteObject
0x5D:IOSC_ImportSecretKey
0x5E:IOSC_ExportSecretKey
0x5F:IOSC_ImportPublicKey
0x60:IOSC_ExportPublicKey
0x61:IOSC_ComputeSharedKey
0x62:IOSC_SetData
0x63:IOSC_GetData
0x64:IOSC_GetKeySize
0x65:IOSC_GetSignatureSize
0x66:IOSC_GenerateHashAsync
0x67:IOSC_GenerateHash
0x68:IOSC_EncryptAsync
0x69:IOSC_Encrypt
0x6A:IOSC_DecryptAsync
0x6B:IOSC_Decrypt
0x6C:IOSC_VerifyPublicKeySign
0x6D:IOSC_GenerateBlockMAC
0x6E:IOSC_GenerateBlockMACAsync
0x6F:IOSC_ImportCertificate
0x70:IOSC_GetDeviceCertificate
0x71:IOSC_SetOwnership
0x72:IOSC_GetOwnership
0x73:IOSC_GenerateRand
0x74:IOSC_GenerateKey
0x75:IOSC_GeneratePublicKeySign
0x76:IOSC_GenerateCertificate
0x77:IOSC_CheckDiHashes
0x78:syscall_78_set
0x79:syscall_79_get
0x7A:syscall_7a
0x7B:syscall_7b
0x7C:syscall_7c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment