It is an IDA plugin for extending UEFI reverse engineering capabilities. Based on ida-efitools with a bunch of fixes and new features.
Works with both Python 2 and Python 3. Supports outdated versions of IDA Pro 7.x with no guarantees.
- GUIDs defining
- Structures propagating (registers, xrefs, stack vars)
- Protocols & interfaces identification
- Unknown protocols initialization
- It can be used as a plugin and as a script.
- Automatically imports custom C declarations (structs, enums, unions, typedefs) from
efitools2/types
directory - Sets permissions of code segment to RWE (to fix incorrect dead code elimination in decompiler view)
- Provides ability to sync external types
- Prints and copies to clipboard selected EFI_GUID from disassembler view
- Extracts EFI_GUID from local variable assignments
- behemoth.til is rejected in favor of IDA's uefi.til and uefi64.til
- Do not use uefi(64).til from IDA 7.3 because it has errors
Just run efitools2/efitools.py
from IDA.
Hotkeys:
- Ctrl-Alt-E - does all the magic
- Ctrl-Alt-G (on data) - print and copy EFI_GUID at current cursor location
- Ctrl-Alt-G (on code) - extract and copy EFI_GUID from local variable assignment (set cursor at
EFI_GUID.data1
assignment) - F5 (on Local Types window) - synchronize local types from
types
folder
- Hotkeys can be configured in
ida-efitool2.py
file. - A few preferences can be found in
efitools2/efitools.py
file. - Custom GUIDs should be placed within
efitools2/guids/custom.ini
file. - Custom protocols should be placed inside
efitools2/types
folder. See available examples.
It's IDA's built-in feature. Just open the context menu for the type in Local Types window and select 'Export to header file' action.
pip install future
- For Python 2 only.pip install clipboard
- If you want to automatically copy EFI_GUID contents to the clipboard.
Just copy ida-efitools2.py
file and efitools2
folder to IDA's plugins directory.
@snare for original code base of ida-efiutils.
@danse-macabre for rewritten from scratch ida-efitools.
@djpohly, @al3xtjames, @vutung2311 for contributions (forks).
@p-state (me) for breathing a new life into
this.