uefi_retool icon indicating copy to clipboard operation
uefi_retool copied to clipboard

Published 20 hours ago verified publisher icon yeggor

incorrect result

Open Raven19409 opened this issue 5 years ago • 1 comments

ipxe-efi.zip

  1. see .text:000000000001D0D4 - error

  2. use for indirect call not only comment but IDA command: (example)

    op_stroff (0X1D130, 0, GetStrucIdByName("EFI_BOOT_SERVICES"), 0);

.text:0001D127 mov r8, [r13+10h] .text:0001D12B xor edx, edx .text:0001D12D mov rcx, r13 .text:0001D130 call qword ptr [rbp+140h] ; EFI_BOOT_SERVICES->LocateProtocol

changed to

.text:0001D127 mov r8, [r13+10h] ; Interface .text:0001D12B xor edx, edx ; Registration .text:0001D12D mov rcx, r13 ; Protocol .text:0001D130 call [rbp+EFI_BOOT_SERVICES.LocateProtocol] ; EFI_BOOT_SERVICES->LocateProtocol

in this case Ida automatically comment parameters. But previously you need load struct description from Tlib.

Raven19409 avatar Sep 13 '19 12:09 Raven19409

  1. Now I handle cases where the call to "EFI_BOOT_SERVICES" occurs at an offset relative to "EFI_SYSTEM_TABLE", but sometimes it will be necessary to set the types manually. I hope that in time I will fix it.
  2. I added this to the code, very useful, thanks.

yeggor avatar Sep 15 '19 20:09 yeggor