GaryOderNichts · November 8, 2023 22:51
diff --git a/GhidraWiiSyscallUDF.java b/GhidraWiiSyscallUDF.java
 //Find Wii IOS syscalls via undefined instruction
 //@author rw, GaryOderNichts
 //@category ARM
 //@keybinding
 //@menupath
 //@toolbar

 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileReader;
 import java.util.HashMap;
 import java.util.Vector;

 import ghidra.app.script.GhidraScript;
 import ghidra.program.model.address.Address;
 import ghidra.program.model.listing.Function;
 import ghidra.program.model.listing.FunctionIterator;
 import ghidra.program.model.symbol.Symbol;
 import ghidra.program.model.symbol.SymbolIterator;
 import ghidra.program.model.symbol.SymbolTable;
 import ghidra.program.model.mem.Memory;
 import ghidra.program.model.symbol.SourceType;

 public class GhidraWiiSyscallUDF extends GhidraScript {
    private HashMap<Integer, String> Syscalls = new HashMap<Integer, String>();

    @Override
    protected void run() throws Exception {
        File file = askFile("Please specify a syscall definition file", "Select syscalls definition");
        println("Using " + file.getName() + " as syscalls description file");

        BufferedReader br = new BufferedReader(new FileReader(file));
        for (String line = br.readLine(); line != null; line = br.readLine()) {
        	String[] fields = line.split(":");
            Syscalls.put(Integer.decode(fields[0]), fields[1]);
        }
    
    	Memory memory = currentProgram.getMemory();
        SymbolIterator iter = currentProgram.getSymbolTable().getAllSymbols(true);
 		while (iter.hasNext()) {
 			Symbol symbol = iter.next();

 			if (monitor.isCancelled()) {
 				break;
 			}
 			
 			Address instrAddr = symbol.getAddress();

 			try {
 				int instrVal  = memory.getInt(instrAddr, true);
 				int instr = instrVal & 0xffffe01f;
 				if (instr != 0xe6000010) {
 					continue;
 				}

 				int sysnum = (instrVal >>> 5) & 0xff;
 				if (!Syscalls.containsKey(sysnum)) {
 					continue;
 				}
 				
 				String fnname;
 				String sysname = Syscalls.get(sysnum);
 				fnname = "IOS_" + sysname;

 				println("Renaming: " + symbol.getName() + " -> " + fnname);
 				
 				symbol.setName(fnname, SourceType.DEFAULT);

 				// try to also rename thunks for thumb
 				if (symbol.hasReferences()) {
 					Address fnAddress = symbol.getReferences()[0].getFromAddress();
 					Function fn = currentProgram.getFunctionManager().getFunctionAt(fnAddress);
 					if (fn != null) {
 						println("	Renaming: " + fn.getName() + " -> " + fnname);
 						fn.setName(fnname, SourceType.DEFAULT);
 					}
 				}
 			} catch(Exception e) {}
 		}
    }
 }
diff --git a/syscalls_wii.txt b/syscalls_wii.txt
 0x00:CreateThread
 0x01:JoinThread
 0x02:CancelThread
 0x03:GetThreadId
 0x04:GetProcessId
 0x05:StartThread
 0x06:SuspendThread
 0x07:YieldThread
 0x08:GetThreadPriority
 0x09:SetThreadPriority
 0x0A:CreateMessageQueue
 0x0B:DestroyMessageQueue
 0x0C:SendMessage
 0x0D:JamMessage
 0x0E:ReceiveMessage
 0x0F:HandleEvent
 0x10:UnregisterEventHandler
 0x11:CreateTimer
 0x12:RestartTimer
 0x13:StopTimer
 0x14:DestroyTimer
 0x15:time_now
 0x16:CreateHeap
 0x17:DestroyHeap
 0x18:Alloc
 0x19:AllocAligned
 0x1A:Free
 0x1B:RegisterResourceManager
 0x1C:Open
 0x1D:Close
 0x1E:Read
 0x1F:Write
 0x20:Seek
 0x21:Ioctl
 0x22:Ioctlv
 0x23:OpenAsync
 0x24:CloseAsync
 0x25:ReadAsync
 0x26:WriteAsync
 0x27:SeekAsync
 0x28:IoctlAsync
 0x29:IoctlvAsync
 0x2A:ResourceReply
 0x2B:SetUid
 0x2C:GetUid
 0x2D:SetGid
 0x2E:GetGid
 0x2F:ahbMemFlush
 0x30:syscall_ahbMemFlush_wrapper
 0x31:ClearAndEnableIPCIOPIntr
 0x32:ClearAndEnableDIIntr
 0x33:ClearAndEnableSDIntr
 0x34:ClearAndEnableEvent
 0x35:AccessIobPool
 0x36:alloc_iobuf
 0x37:free_iobuf
 0x38:iobuf_log_header_info
 0x39:iobuf_log_buffer_info
 0x3A:extend_iobuf
 0x3B:IOS_PushIob
 0x3C:IOS_PullIob
 0x3D:verify_iobuf
 0x3E:syscall_3e
 0x3F:InvalidateDCache
 0x40:FlushDCache
 0x41:ppc_boot
 0x42:ios_boot
 0x43:boot_new_ios_kernel
 0x44:assert_di_reset
 0x45:deassert_di_reset
 0x46:check_di_reset
 0x47:get_kernel_flavor
 0x48:get_unk_flavor
 0x49:get_boot_vector
 0x4A:GetHollywoodId
 0x4B:kernel_debug_print
 0x4C:SetLoMemOSVersion
 0x4D:GetLoMemOSVersion
 0x4E:SetDiSpinup
 0x4F:VirtualToPhysical
 0x50:SetDvdReadDisable
 0x51:GetDvdReadDisable
 0x52:SetEnableAHBPI2DI
 0x53:GetEnableAHBPI2DI
 0x54:SetPPCACRPerms
 0x55:GetBusSpeed
 0x56:ACRRegWrite
 0x57:DDRRegWrite
 0x58:OutputDebugPort
 0x59:SetIpcAccessRights
 0x5A:LaunchRM
 0x5B:IOSC_CreateObject
 0x5C:IOSC_DeleteObject
 0x5D:IOSC_ImportSecretKey
 0x5E:IOSC_ExportSecretKey
 0x5F:IOSC_ImportPublicKey
 0x60:IOSC_ExportPublicKey
 0x61:IOSC_ComputeSharedKey
 0x62:IOSC_SetData
 0x63:IOSC_GetData
 0x64:IOSC_GetKeySize
 0x65:IOSC_GetSignatureSize
 0x66:IOSC_GenerateHashAsync
 0x67:IOSC_GenerateHash
 0x68:IOSC_EncryptAsync
 0x69:IOSC_Encrypt
 0x6A:IOSC_DecryptAsync
 0x6B:IOSC_Decrypt
 0x6C:IOSC_VerifyPublicKeySign
 0x6D:IOSC_GenerateBlockMAC
 0x6E:IOSC_GenerateBlockMACAsync
 0x6F:IOSC_ImportCertificate
 0x70:IOSC_GetDeviceCertificate
 0x71:IOSC_SetOwnership
 0x72:IOSC_GetOwnership
 0x73:IOSC_GenerateRand
 0x74:IOSC_GenerateKey
 0x75:IOSC_GeneratePublicKeySign
 0x76:IOSC_GenerateCertificate
 0x77:IOSC_CheckDiHashes
 0x78:syscall_78_set
 0x79:syscall_79_get
 0x7A:syscall_7a
 0x7B:syscall_7b
 0x7C:syscall_7c
	//Find Wii IOS syscalls via undefined instruction
	//@author rw, GaryOderNichts
	//@category ARM
	//@keybinding
	//@menupath
	//@toolbar

	import java.io.BufferedReader;
	import java.io.File;
	import java.io.FileReader;
	import java.util.HashMap;
	import java.util.Vector;

	import ghidra.app.script.GhidraScript;
	import ghidra.program.model.address.Address;
	import ghidra.program.model.listing.Function;
	import ghidra.program.model.listing.FunctionIterator;
	import ghidra.program.model.symbol.Symbol;
	import ghidra.program.model.symbol.SymbolIterator;
	import ghidra.program.model.symbol.SymbolTable;
	import ghidra.program.model.mem.Memory;
	import ghidra.program.model.symbol.SourceType;

	public class GhidraWiiSyscallUDF extends GhidraScript {
	private HashMap<Integer, String> Syscalls = new HashMap<Integer, String>();

	@Override
	protected void run() throws Exception {
	File file = askFile("Please specify a syscall definition file", "Select syscalls definition");
	println("Using " + file.getName() + " as syscalls description file");

	BufferedReader br = new BufferedReader(new FileReader(file));
	for (String line = br.readLine(); line != null; line = br.readLine()) {
	String[] fields = line.split(":");
	Syscalls.put(Integer.decode(fields[0]), fields[1]);
	}

	Memory memory = currentProgram.getMemory();
	SymbolIterator iter = currentProgram.getSymbolTable().getAllSymbols(true);
	while (iter.hasNext()) {
	Symbol symbol = iter.next();

	if (monitor.isCancelled()) {
	break;
	}

	Address instrAddr = symbol.getAddress();

	try {
	int instrVal = memory.getInt(instrAddr, true);
	int instr = instrVal & 0xffffe01f;
	if (instr != 0xe6000010) {
	continue;
	}

	int sysnum = (instrVal >>> 5) & 0xff;
	if (!Syscalls.containsKey(sysnum)) {
	continue;
	}

	String fnname;
	String sysname = Syscalls.get(sysnum);
	fnname = "IOS_" + sysname;

	println("Renaming: " + symbol.getName() + " -> " + fnname);

	symbol.setName(fnname, SourceType.DEFAULT);

	// try to also rename thunks for thumb
	if (symbol.hasReferences()) {
	Address fnAddress = symbol.getReferences()[0].getFromAddress();
	Function fn = currentProgram.getFunctionManager().getFunctionAt(fnAddress);
	if (fn != null) {
	println(" Renaming: " + fn.getName() + " -> " + fnname);
	fn.setName(fnname, SourceType.DEFAULT);
	}
	}
	} catch(Exception e) {}
	}
	}
	}
	0x00:CreateThread
	0x01:JoinThread
	0x02:CancelThread
	0x03:GetThreadId
	0x04:GetProcessId
	0x05:StartThread
	0x06:SuspendThread
	0x07:YieldThread
	0x08:GetThreadPriority
	0x09:SetThreadPriority
	0x0A:CreateMessageQueue
	0x0B:DestroyMessageQueue
	0x0C:SendMessage
	0x0D:JamMessage
	0x0E:ReceiveMessage
	0x0F:HandleEvent
	0x10:UnregisterEventHandler
	0x11:CreateTimer
	0x12:RestartTimer
	0x13:StopTimer
	0x14:DestroyTimer
	0x15:time_now
	0x16:CreateHeap
	0x17:DestroyHeap
	0x18:Alloc
	0x19:AllocAligned
	0x1A:Free
	0x1B:RegisterResourceManager
	0x1C:Open
	0x1D:Close
	0x1E:Read
	0x1F:Write
	0x20:Seek
	0x21:Ioctl
	0x22:Ioctlv
	0x23:OpenAsync
	0x24:CloseAsync
	0x25:ReadAsync
	0x26:WriteAsync
	0x27:SeekAsync
	0x28:IoctlAsync
	0x29:IoctlvAsync
	0x2A:ResourceReply
	0x2B:SetUid
	0x2C:GetUid
	0x2D:SetGid
	0x2E:GetGid
	0x2F:ahbMemFlush
	0x30:syscall_ahbMemFlush_wrapper
	0x31:ClearAndEnableIPCIOPIntr
	0x32:ClearAndEnableDIIntr
	0x33:ClearAndEnableSDIntr
	0x34:ClearAndEnableEvent
	0x35:AccessIobPool
	0x36:alloc_iobuf
	0x37:free_iobuf
	0x38:iobuf_log_header_info
	0x39:iobuf_log_buffer_info
	0x3A:extend_iobuf
	0x3B:IOS_PushIob
	0x3C:IOS_PullIob
	0x3D:verify_iobuf
	0x3E:syscall_3e
	0x3F:InvalidateDCache
	0x40:FlushDCache
	0x41:ppc_boot
	0x42:ios_boot
	0x43:boot_new_ios_kernel
	0x44:assert_di_reset
	0x45:deassert_di_reset
	0x46:check_di_reset
	0x47:get_kernel_flavor
	0x48:get_unk_flavor
	0x49:get_boot_vector
	0x4A:GetHollywoodId
	0x4B:kernel_debug_print
	0x4C:SetLoMemOSVersion
	0x4D:GetLoMemOSVersion
	0x4E:SetDiSpinup
	0x4F:VirtualToPhysical
	0x50:SetDvdReadDisable
	0x51:GetDvdReadDisable
	0x52:SetEnableAHBPI2DI
	0x53:GetEnableAHBPI2DI
	0x54:SetPPCACRPerms
	0x55:GetBusSpeed
	0x56:ACRRegWrite
	0x57:DDRRegWrite
	0x58:OutputDebugPort
	0x59:SetIpcAccessRights
	0x5A:LaunchRM
	0x5B:IOSC_CreateObject
	0x5C:IOSC_DeleteObject
	0x5D:IOSC_ImportSecretKey
	0x5E:IOSC_ExportSecretKey
	0x5F:IOSC_ImportPublicKey
	0x60:IOSC_ExportPublicKey
	0x61:IOSC_ComputeSharedKey
	0x62:IOSC_SetData
	0x63:IOSC_GetData
	0x64:IOSC_GetKeySize
	0x65:IOSC_GetSignatureSize
	0x66:IOSC_GenerateHashAsync
	0x67:IOSC_GenerateHash
	0x68:IOSC_EncryptAsync
	0x69:IOSC_Encrypt
	0x6A:IOSC_DecryptAsync
	0x6B:IOSC_Decrypt
	0x6C:IOSC_VerifyPublicKeySign
	0x6D:IOSC_GenerateBlockMAC
	0x6E:IOSC_GenerateBlockMACAsync
	0x6F:IOSC_ImportCertificate
	0x70:IOSC_GetDeviceCertificate
	0x71:IOSC_SetOwnership
	0x72:IOSC_GetOwnership
	0x73:IOSC_GenerateRand
	0x74:IOSC_GenerateKey
	0x75:IOSC_GeneratePublicKeySign
	0x76:IOSC_GenerateCertificate
	0x77:IOSC_CheckDiHashes
	0x78:syscall_78_set
	0x79:syscall_79_get
	0x7A:syscall_7a
	0x7B:syscall_7b
	0x7C:syscall_7c