RedMetaClassAnalyzer/Z_createCgsCallbackVtable.py at main · NyanCatTW1/RedMetaClassAnalyzer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# A helper script to populate vtable in CosCgs of Cos
# @author Nyan Cat
# @category A_Red
# @keybinding
# @menupath
# @toolbar

# pyright: reportMissingImports=false
# pyright: reportUndefinedVariable=false

from java.util import ArrayList

from ghidra.program.model.data import CategoryPath, FunctionDefinitionDataType, PointerDataType
from ghidra.program.model.data import DataTypeConflictHandler


def getDataType(typeName, typeManager):
    matches = ArrayList()
    typeManager.findDataTypes(typeName, matches)

    if len(matches) > 1:
        print("Warning: Using the first " + typeName)
    elif len(matches) == 0:
        return None

    return matches[0]


funcManager = currentProgram.getFunctionManager()
typeManager = currentProgram.getDataTypeManager()

funcNames = ['_allocate_gpu_memory', None, '_release_gpu_memory', '_map_virtual_to_gart_space', '_unmap_virtual_from_gart_space', '_write_register', '_read_register', '_register_interrupt', '_unregister_interrupt', '_RequestMinClock', '_RequestPower', '_RequestActualClock', '_reserve_fb_mem', '_gpu_memory_copy', '_query_palladium_golden_settings', '_query_hwip_golden_settings', '_release_fb_access', '_acquire_fb_access', '_WriteFrameBuffer', '_ReadFrameBuffer', '_WriteIndirectRegister', '_ReadIndirectRegister', '_ReadVbiosDataTable', '_query_fw_load_status', '_DisableFbAccess', '_MapMultiVirtualToGartSpace', '_UnmapMultiVirtualFromGartSpace', '_ExecuteVbiosCmdTable', '_BlockReset', '_WriteRegisterExt', '_UpdateSram', '_write_register_byte']
done = [False] * len(funcNames)
ptrs = [None] * len(funcNames)

for func in funcManager.getFunctions(True):
    fullName = str(func)
    funcName = fullName.split("::")[-1]
    if funcName not in funcNames:
        continue

    funcSign = func.getSignature(False)

    funcType = FunctionDefinitionDataType(CategoryPath("/AMDGen/FuncSigns"), funcName + "_sign", funcSign)
    funcType = typeManager.addDataType(funcType, DataTypeConflictHandler.REPLACE_HANDLER)
    ptrType = PointerDataType(funcType, typeManager)
    ptrType = typeManager.addDataType(ptrType, DataTypeConflictHandler.REPLACE_HANDLER)

    for i in range(len(funcNames)):
        if funcNames[i] == funcName:
            assert not done[i]
            done[i] = True
            ptrs[i] = ptrType
            funcNames[i] = fullName

assert all(done[i] or funcNames[i] is None for i in range(len(funcNames)))

serviceCallback = getDataType("CosCgs", typeManager)
for i in range(len(funcNames)):
    if funcNames[i] is None:
        continue
    serviceCallback.replaceAtOffset(8 * (i + 2), ptrs[i], 8, funcNames[i], "Generated by Z_createCgsCallbackVtable.py")