Most data in the firmware dumps is 4 byte aligned. The current scan-strings.idc assums that strings are aligned this way. However, there's some fairly large parts of the ROM data that consist of packed strings, which scan-strings sets up incorrectly because it always makes them start on a 4 byte boundary.
The IDC script below is a quick and dirty hack to correct these. The start and end addresses are hard coded, and the start should probably be adjusted to after the end of ROM code before running. This script is more likely to hit false positives (4+ printable chars followed by 0) than the normal scan, so shouldn't be run over the entire ROM range.
This should be run after running the other scripts so it can correct the ones that scan-strings gets wrong.
#include <idc.idc>
#define MIN_STRING_LENGTH 4
#define MAX_STRING_LENGTH 100
static findUAStrings(sb, se)
{
auto a, c, cnt, str, res;
cnt = 0;
for (a=sb; a<se; a=a+1) {
str = a;
do {
c = Byte(str);
str = str+1;
} while (str-a<MAX_STRING_LENGTH && (c>=0x20 && c<=0x7F) || c==0x0A);
if (str-a>MIN_STRING_LENGTH && str-a<=MAX_STRING_LENGTH && c==0) {
MakeUnkn(a, str-a);
res = MakeStr(a, str);
// Message( "Str found: %x-%d (%d)\n", a, str-a, res);
cnt = cnt+1;
a=str-1;
}
}
Message( "Unaligned Strings found %d times\n", cnt);
}
static main() {
findUAStrings(0xFFAE26C0,0xFFFF0000);
}
as code because forum is refusing to attach, even as zip
