Add IDA script for ad-hoc normalizations

2dde45e9 · Andrea Gussoni · be2e4245 · 2dde45e9
Commit 2dde45e9 authored 4 years ago by Andrea Gussoni
--- a/scripting/ida-extraction-scripts/clang-parser/ida-normalizer-pre.sh
+++ b/scripting/ida-extraction-scripts/clang-parser/ida-normalizer-pre.sh
+#!/bin/bash
+# Remove all multiline asm snippets
+perl -0777 -pi -e 's/__asm.[^}]*{.[^}]*}/imperfection_wrapper();/sg' $1
+# Purge references to @<rax>
+sed -i -e 's/@<[a-zA-Z0-9: ]\{2,7\}>//g' $1
+# Purge references to @<rax> for ARM
+sed -i -e 's/<[a-zA-Z0-9, ]\{5,40\}>//g' $1
+# Custom assembly after goto label handling
+sed -i -e 's/__asm { fstp    st }/v21 = v21;/g' $1
+# Purge __asm annotations
+sed -i -e 's/__asm.*//g' $1
+# Purge '' characters
+sed -i -e 's/ '\'''\''/'\'' '\''/g' $1
+# Purge STCL beginning lines
+sed -i -e 's/STCL.*//g' $1
+# Purge STC2 beginning lines
+sed -i -e 's/STC2.*//g' $1
+# Purge #error lines
+sed -i -e 's/#error.*//g' $1
+# Remove default namespace for argc and argv
+sed -i -e 's/::argv/argv/g' $1
+sed -i -e 's/::argc/argc/g' $1
+# Purge ::argc ::argv
+sed -i -e 's/::arg*//g' $1
+# Purge strange touple assignement
+sed -i -e 's/__ptr32 off_41093E/stderr[3]/g' $1
+sed -i -e 's/__ptr32 off_41463E/stderr[3]/g' $1
+sed -i -e 's/__ptr32 off_4148FE/stderr[3]/g' $1
+# Purge strange ARM struct decl
+sed -i -e 's/__attribute__((__org_arrdim(0,1)))//g' $1
+# Purge missing namespace
+sed -i -e 's/memcmp(::s1/memcmp(s1/g' $1
+sed -i -e 's/\&::src/\&src/g' $1
+sed -i -e 's/\&::s/\&s/g' $1
+sed -i -e 's/::s/s/g' $1
+sed -i -e 's/::src/src/g' $1
+sed -i -e 's/::offset/offset/g' $1
+sed -i -e 's/::s1/s1/g' $1
+sed -i -e 's/::nptr/nptr/g' $1
+sed -i -e 's/::ptr/ptr/g' $1
+sed -i -e 's/::nbytes/nbytes/g' $1
+# Remove undefined struct
+sed -i -e 's/timespec v12/int v12/g' $1
+# Purge __asm annotations
+sed -i -e 's/__ptr32//g' $1
+# Add the lib inclusions
+sed -i -e 's/#include <defs.h>/#include "defs.h"\n#include "custom_defs.h"/g' $1
+# Remove the comment from lines declaring nullsub and unk_
+sed -i -e '/\/\/.*_UNKNOWN*; weak/ s/\(\/\/ \|weak\)//g' $1
+sed -i -e '/\/\/.*__fastcall.*; weak/ s/\(\/\/ \|weak\)//g' $1
+sed -i -e '/\/\/.*__usercall.*;/ s/\(\/\/ \)//g' $1
+sed -i -e '/\/\/.*unk_.*; weak/ s/\(\/\/ \|weak\)//g' $1
+sed -i -e '/\/\/.*; idb/ s/\(\/\/ \|idb\)//g' $1
+# Remove the comment from lines which declare functions
+sed -i -e 's/\/\/ unsigned int/unsigned int/g' $1
+# Remove the comment from lines which declare functions
+sed -i -e 's/\/\/ signed __int64/signed __int64/g' $1
+# Remove the comment from lines which declare functions
+sed -i -e 's/\/\/ unsigned __int64/unsigned __int64/g' $1
+# Fix specific recursive call with wrong number of arguments
+sed -i -e 's/rpl_fcntl(a1)/rpl_fcntl(a1, a2)/g' $1
+sed -i -e 's/strftime_internal(0LL, -1)/strftime_internal(0LL, -1, a3, a4, a5, a6, a7, a8)/g' $1
+sed -i -e 's/strftime_internal(v74, v70)/strftime_internal(v74, v70, a3, a4, a5, a6, a7, a8)/g' $1
+sed -i -e 's/strftime_internal(0)/strftime_internal(0, a2, a3, a4, a5, a6, a7)/g' $1
+sed -i -e 's/strftime_internal(v16)/strftime_internal(v16, a2, a3, a4, a5, a6, a7)/g' $1
+sed -i -e 's/_strftime_internal_0(0LL, -1)/strftime_internal_0(0LL, -1, a3, a4, a5, a6, a7)/g' $1
+sed -i -e 's/_strftime_internal_0(v70, v66)/_strftime_internal_0(v70, v66, a3, a4, a5, a6, a7)/g' $1
+sed -i -e 's/_strftime_internal_0(v70, v66, a3, a4, a5, a6, a7);/_strftime_internal_0(v70, v66, a3, a4, a5, a6, a7, a8);/g' $1
+sed -i -e 's/calc_eclosure_iter(\&v24, v4)/calc_eclosure_iter(\&v24, a2, a3, v4)/g' $1
+sed -i -e 's/quotearg_buffer_restyled(v45, v44, v73)/quotearg_buffer_restyled(v45, v44, v73, a4, a5, a6, a7, a8, a9, a10, a11)/g' $1
+sed -i -e 's/quotearg_buffer_restyled((__int64)v17, v79, v73)/quotearg_buffer_restyled((__int64)v17, v79, v73, a4, a5, a6, a7, a8, a9, a10, a11)/g' $1
+sed -i -e 's/quotearg_buffer_restyled(v45, v44, v71)/quotearg_buffer_restyled((__int64)v45, v44, v71, a4, a5, a6, a7, a8, a9, a10, a11)/g' $1
+sed -i -e 's/quotearg_buffer_restyled((__int64)v18, v77, v71)/quotearg_buffer_restyled((__int64)v18, v77, v71, a4, a5, a6, a7, a8, a9, a10, a11)/g' $1
+sed -i -e 's/quotearg_buffer_restyled(v45, v44, v72)/quotearg_buffer_restyled(v45, v44, v72, a4, a5, a6, a7, a8, a9, a10, a11)/g' $1
+sed -i -e 's/quotearg_buffer_restyled((__int64)v17, v78, v72)/quotearg_buffer_restyled((__int64)v17, v78, v72, a4, a5, a6, a7, a8, a9, a10, a11)/g' $1
+sed -i -e 's/return quotearg_buffer_restyled(v46, v45, v72);/return quotearg_buffer_restyled(v46, v45, v72, a4, a5, a6, a7, a8, a9, a10, a11, a12);/g' $1
+sed -i -e 's/return quotearg_buffer_restyled((__int64)v19, v78, v72);/return quotearg_buffer_restyled((__int64)v19, v78, v72, a4, a5, a6, a7, a8, a9, a10, a11, a12);/g' $1
+sed -i -e 's/parse_integer(\*(_QWORD \*)v11 + 1LL, a2, v2)/parse_integer(\*(_QWORD \*)v11 + 1LL, a2)/g' $1
+sed -i -e 's/print_uintmaxes(v7, v5, v7, v6, v8);/print_uintmaxes(v7, v5);/g' $1
+sed -i -e 's/return factor_using_pollard_rho2(v4, v5, v54 + 1, v60, v36);/return factor_using_pollard_rho2(v4, v5, v54 + 1, v60);/g' $1
+sed -i -e 's/factor_using_pollard_rho2(v64, v55, v54 + 1, v60, v55);/factor_using_pollard_rho2(v64, v55, v54 + 1, v60);/g' $1
+sed -i -e 's/v5 = parse_integer(\*(_QWORD \*)v11 + 1LL, a2, v2);/v5 = parse_integer(\*(_QWORD \*)v11 + 1LL, a2);/g' $1
+sed -i -e 's/return write_output();/write_output();/g' $1
+sed -i -e 's/sequential_sort(\&a1\[-4 * (a2 >> 1)\]);/sequential_sort(\&a1\[-4 * (a2 >> 1)\], a2, a3, a4);/g' $1
+sed -i -e 's/sortlines((__int64)\&a1\[-4 \* (_QWORD)v8\[5\]\]);/sortlines((__int64)\&a1\[-4 \* (_QWORD)v8\[5\]\], a2, a3, a4, a5, a6, a7);/g' $1
+sed -i -e 's/sequential_sort(\&a1\[-4 \* (a2 >> 1)\]);/sequential_sort(\&a1\[-4 \* (a2 >> 1)\], a2, a3, a4);/g' $1
+sed -i -e 's/sequential_sort(a1);/sequential_sort(a1, a2, a3, a4);/g' $1
+sed -i -e 's/return sub_40B8D5(v19, v18, v17);/return 0;/g' $1
+sed -i -e 's/return sub_[a-zA-Z0-9]\{6\}(v19, v18, v17);/return 0;/g' $1
+sed -i -e 's/return sub_404D90();/return 0;/g' $1
+# Add specific local variable which is not declared
+sed -i -e 's/_FST7 = a7;/int _FST7 = a7;/g' $1
+# Specific variable declaration
+sed -i -e 's/__int64 (\*outlist_end)\[2\] = \&outlist_head; \/\/ weak/__int64 outlist_head;\n__int64 (\*outlist_end)\[2\] = \&outlist_head; \/\/ weak/g' $1
+sed -i -e 's/__int64 \*temptail = \&temphead; \/\/ weak/__int64 temphead;\n__int64 \*temptail = \&temphead; \/\/ weak/g' $1
+# Fix pointer taken before variable definition
+sed -i -e 's/\/\/ Data declarations/\/\/ Data declarations\nextern __int64 slotvec0;\nextern __int64 slot0[32];\nextern __int64 tm_zero_buffer[7];/g' $1
+# Change the custom gcc_va_list to simply va_list
+sed -i -e 's/gcc_va_list/va_list/g' $1
+sed -i -e 's/typedef __va_list_tag va_list\[1\];/typedef struct __va_list_tag va_list\[1\];/g' $1
+# Specific variable type correction
+sed -i -e 's/const char \*v9; \/\/ r13/_BYTE \*v9; \/\/ r13/g' $1
+sed -i -e 's/char \*v2; \/\/ r12/_BYTE \*v2; \/\/ r12/g' $1
+sed -i -e 's/char \*v3; \/\/ rbx/_BYTE \*v3; \/\/ rbx/g' $1
+sed -i -e 's/_QWORD \*v3; \/\/ r15/__int64 \*v3; \/\/ r15/g' $1
+# Remove `Elf64_Dyn DYNAMIC = { 1uLL, 1uLL };` lines
+sed -i -e 's/Elf64_Dyn DYNAMIC = { 1uLL, 1uLL }; \/\/ weak//g' $1
+sed -i -e 's/Elf64_Dyn stru_620028 = {1uLL, 1uLL};*//g' $1
+sed -i -e 's/Elf64_Dyn stru_[a-zA-Z0-9]\{6\} = {1uLL, 1uLL};*//g' $1
+# Standardize type of `postorder` variable
+sed -i -e 's/$003F63A829E52477BDB4080710A1139D postorder = 2303284289;/__int64 postorder = 2303284289;/g' $1
+# Add the union tag for the __m128i type
+sed -i -e 's/__m128 /union __m128 /g' $1
+sed -i -e 's/__m128)/union __m128)/g' $1
+sed -i -e 's/__m128i/union __m128i/g' $1
+sed -i -e 's/__m128d/struct __m128d/g' $1
+# Remove subtractions with errroneous operand types
+sed -i -e 's/v10 = v7 - v5;/\/\/v10 = v7 - v5;/g' $1
+sed -i -e 's/v10 = v9 - v8;/\/\/v10 = v9 - v8;/g' $1
+sed -i -e 's/v9 = v6 - v4;/\/\/v9 = v6 - v4;/g' $1
+sed -i -e 's/if ( v8 - v4 == 1 )/if ( v8 == 1 )/g' $1
+sed -i -e 's/if ( v8 - v4 == 2 \&\& \*v4 == 46 \&\& v4\[1\] == 46 )/if ( v8 == 2 \&\& \*v4 == 46 \&\& v4\[1\] == 46 )/g' $1
+sed -i -e 's/v8 - v3 > 4095;/v8 > 4095;/g' $1
+sed -i -e 's/v4 = (char \*)((char \*)&v7 - v2 + 20);/\/\/v4 = (char \*)((char \*)&v7 - v2 + 20);/g' $1
+sed -i -e 's/v3 = qword_6157D8 - ((char \*)&v7 - v2) + a2 - 20;/\/\/v3 = qword_6157D8 - ((char \*)&v7 - v2) + a2 - 20;/g' $1
+sed -i -e 's/result = nullsub_12(v3, v2, (char \*)&v7 - v2 + 20);/\/\/result = nullsub_12(v3, v2, (char \*)&v7 - v2 + 20);/g' $1
+# Remove unhandled assignements
+sed -i -e 's/v8\[3\] = _mm_loadu_si128(a5);/\/\/v8\[3\] = _mm_loadu_si128(a5);/g' $1
+sed -i -e 's/v109 = _mm_loadu_si128(v50 + 1);/\/\/v109 = _mm_loadu_si128(v50 + 1);/g' $1
+sed -i -e 's/DWORD2(v41) = v27;/\/\/DWORD2(v41) = v27;/g' $1
+sed -i -e 's/v23 = rpl_memchr(v3 + 3, 0x2Fu, v8 - (v3 + 3));/\/\/v23 = rpl_memchr(v3 + 3, 0x2Fu, v8 - (v3 + 3));/g' $1
+sed -i -e 's/v4 = (char \*)((char \*)&v7 - v2 + 20);/\/\/v4 = (char \*)((char \*)&v7 - v2 + 20);/g' $1
+sed -i -e 's/v3 = qword_6157D8 - ((char \*)&v7 - v2) + a2 - 20;/\/\/v3 = qword_6157D8 - ((char \*)&v7 - v2) + a2 - 20;/g' $1
+sed -i -e 's/v66 = rpl_memchr(v64, v62, (char \*)v58 + v61 - v64);/\/\/v66 = rpl_memchr(v64, v62, (char \*)v58 + v61 - v64);/g' $1
+sed -i -e 's/v57 = (__int64 \*)rpl_memchr(v54, v55, (char \*)v56 - v54 + 1);/\/\/v57 = (__int64 \*)rpl_memchr(v54, v55, (char \*)v56 - v54 + 1);/g' $1
+sed -i -e 's/return mktime_internal(a1, (__int64 (__fastcall \*)(__int64 \*, __int64))\&nullsub_24, \&gmtime_offset_1931);/\/\/return mktime_internal(a1, (__int64 (__fastcall \*)(__int64 \*, __int64))\&nullsub_24, \&gmtime_offset_1931);/g' $1
+# Fix declaration not in order
+sed -i -e 's/__int64 (\*off_6204B8)\[32\] = \&qword_620680;/__int64 qword_620680\[32\];\n__int64 (\*off_6204B8)\[32\] = \&qword_620680;/g' $1
+sed -i -e 's/__int64 (\*off_\([a-zA-Z0-9]\{6\}\))\[\(.*\)\] = \&qword_\([a-zA-Z0-9]\{6\}\);/__int64 qword_\3\[\2\];\n__int64 (\*off_\1)\[\2\] = \&qword_\3;/g' $1
+sed -i -e 's/__int64 \*off_\([a-zA-Z0-9]\{6\}\) = \&qword_\([a-zA-Z0-9]\{6\}\);/__int64 qword_\2;\n__int64 (\*off_\1) = \&qword_\2;/g' $1
+# Assignement
+sed -i -e 's/v5 = \*(_DWORD \*)nullsub_57(a1, a2);/v5 = v5;/g' $1