unaligned strings in ida - General Discussion and Assistance - CHDK Forum supplierdeeply

unaligned strings in ida

  • 0 Replies

Offline reyalp

  • ******
  • 13136
unaligned strings in ida
« on: 30 / January / 2009, 16:21:52 »
Most data in the firmware dumps is 4 byte aligned. The current scan-strings.idc assums that strings are aligned this way. However, there's some fairly large parts of the ROM data that consist of packed strings, which scan-strings sets up incorrectly because it always makes them start on a 4 byte boundary.

The IDC script below is a quick and dirty hack to correct these. The start and end addresses are hard coded, and the start should probably be adjusted to after the end of ROM code before running. This script is more likely to hit false positives (4+ printable chars followed by 0) than the normal scan, so shouldn't be run over the entire ROM range.

This should be run after running the other scripts so it can correct the ones that scan-strings gets wrong.

Code: [Select]
#include <idc.idc>


static findUAStrings(sb, se)
  auto a, c, cnt, str, res;

  cnt = 0;
  for (a=sb; a<se; a=a+1) {
    str = a;

    do {
      c = Byte(str);
      str = str+1;
    } while (str-a<MAX_STRING_LENGTH && (c>=0x20 && c<=0x7F) || c==0x0A);

    if (str-a>MIN_STRING_LENGTH && str-a<=MAX_STRING_LENGTH && c==0) {
        MakeUnkn(a, str-a);
        res = MakeStr(a, str);

//        Message( "Str found: %x-%d (%d)\n", a, str-a, res);

        cnt = cnt+1;
  Message( "Unaligned Strings found %d times\n", cnt);
static main() {

as code because forum is refusing to attach, even as zip :-[
Don't forget what the H stands for.


Related Topics