Helper plugin for analyzing UEFI firmware

Related tags

Concurrency and Multithreading bn-uefi-helper
Overview

bn-uefi-helper

Description

Helper plugin for analyzing UEFI firmware. This plugin contains the following features:

  • Apply the correct prototype to the entry point function
  • Fix segments so all segments are RWX and have the correct semantics
    • This allows for global function pointers to be rendered correctly
  • Apply types for core UEFI services (from EDK-II)
  • Locate known protocol GUIDs and assign the GUID type and a symbol
  • Locate global assigments in entry and initialization functions and assign types
    • EFI_SYSTEM_TABLE, EFI_RUNTIME_SERVICES, EFI_BOOT_SERVICES, etc...

demo bn-uefi-helper

Minimum Version

Tested on 2.3.2660

License

This plugin is released under a MIT license.

Related Projects

You might also like...
UEFI Application for CPU Voltage/Frquency and Power Management adjustment. Great for undervolting.
UEFI Application for CPU Voltage/Frquency and Power Management adjustment. Great for undervolting.

Reduce CPU Power Waste and Gain Performance. Greener and Meaner! ______ ______ _ (_____ \

null 125 Dec 30, 2022
Getting started with uefi
Getting started with uefi

Hello UEFI 此项目是uefi入门实践指导,因为我也是一路踩坑踩过来,所以想要记录一下。 UEFI开发环境搭建非常的复杂。 linux和windows和其他操作系统上都可以编译,这里主要讲windows。 此项目完成的效果仅仅是使用我们开发的uefi模块,在vmware上测试,并在shell

0000000000 2 Nov 8, 2021
Avocado Bootloader is an Advanced X86 - X86_64 BIOS/UEFI multiprotocol bootloader.

Avocado Bootloader What is avocado? Avocado is a modern, advanced x86/x86_64 BIOS/UEFI multiprotocol bootloader used as the reference implementation f

Weida32 2 Jan 3, 2022
A tiny uefi graphical user interfaces libaray......

TUGUI a tiny uefi graphical user interfaces libaray...... 1.最近动态 1.添加 数学相关基础库 齐次坐标 .... 2.图形学 变换 2D/3D .... 2. 编译运行 2.1 开发环境 编译工具链: g++-mingw-w64-x86-

UnknownBugs 4 Jan 12, 2022
The DirectX Tool Kit (aka DirectXTK) is a collection of helper classes for writing DirectX 11.x code in C++

DirectX Tool Kit for DirectX 11 http://go.microsoft.com/fwlink/?LinkId=248929 Copyright (c) Microsoft Corporation. All rights reserved. January 9, 202

Microsoft 2.2k Jan 3, 2023
A competitive programming helper tool, which packages included libraries into a single file, suitable for online judges.

cpack Cpack is a competitive programming helper tool, which packages the main source file along with included libraries into a single file, suitable f

PetarMihalj 11 Apr 22, 2022
CSGO ESP, Web Radar and Grenade helper using kernel hook for km-um communication
CSGO ESP, Web Radar and Grenade helper using kernel hook for km-um communication

kernel-csgo-esp-webradar Csgo ESP and Web Radar using kernel hook for km-um communication. Manual map your driver using kdmapper uses Nvidia overlay h

null 55 Jun 26, 2022
Helper C++ classes to quickly preintegrate IMU measurements between SLAM keyframes

mola-imu-preintegration Integrator of IMU angular velocity readings. This repository provides: IMUIntegrator and RotationIntegrator: C++ classes to in

The MOLA SLAM framework 12 Nov 21, 2022
Helper to create a SkeletalMeshComponent in UE4 at runtime.

Runtime Skeletal Mesh Generator for UE4 Helper to create a SkeletalMeshComponent in UE4 at runtime. This is a header only library that simplify the pr

Andrea Catania 34 Dec 29, 2022
A wrapper around std::variant with some helper functions

A wrapper around std::variant with some helper functions

Eyal Amir 1 Oct 30, 2021
A repository that includes common helper functions for writing applications in the DPDK. I will be using this for my future projects in the DPDK.

The DPDK Common (WIP) Description This project includes helpful functions and global variables for developing applications using the DPDK. I am using

Christian Deacon 19 Dec 27, 2022
Helper Class for Deep Learning Inference Frameworks: TensorFlow Lite, TensorRT, OpenCV, ncnn, MNN, SNPE, Arm NN, NNAbla
Helper Class for Deep Learning Inference Frameworks: TensorFlow Lite, TensorRT, OpenCV, ncnn, MNN, SNPE, Arm NN, NNAbla

InferenceHelper This is a helper class for deep learning frameworks especially for inference This class provides an interface to use various deep lear

iwatake 192 Dec 26, 2022
CMake checks cache helper modules – for fast CI CMake builds!

cmake-checks-cache Cross platform CMake projects do platform introspection by the means of "Check" macros. Have a look at CMake's How To Write Platfor

Cristian Adam 65 Dec 6, 2022
The DirectX Tool Kit (aka DirectXTK) is a collection of helper classes for writing DirectX 11.x code in C++

DirectX Tool Kit for DirectX 11 http://go.microsoft.com/fwlink/?LinkId=248929 Copyright (c) Microsoft Corporation. November 8, 2021 This package conta

Microsoft 2.2k Jan 2, 2023
🎩 Command-line itch.io helper

butler butler is the itch.io command-line tools - all by itself. It is used by: Content creators on itch.io to push builds quickly & reliably the itch

itch.io 595 Jan 4, 2023
A tiny little helper utility for Wordle written in C.

Wordlesmith A tiny little helper utility for Wordle written in C. Building make Tested with clang-1300.0.29.3 but ought to work on anything remotely

John Biesnecker 4 Jan 15, 2022
This is a simple CLI interface helper library for C.

LIBCCLI This is a very simple shell like interface for CLI activities. More will be added to this, but for now, this is the basic idea:

Steven Rostedt 40 Sep 24, 2022
YACHT: Yet Another C++ Helper Template

YACHT: Yet Another C++ Helper Template A template for C++ projects. Welcome to your YACHT! Because why build a boat from scratch, when you can enjoy a

Dimitri Belopopsky 11 Apr 2, 2022
Bluetooth helper tools for setting up serial ports for e.g. SSH

SSH Helper program so that you can SSH over bluetooth. This can be a useful second way in in case you have a raspberry pi with broken network or firewall config.

Thomas Habets 9 Dec 8, 2022
Comments
  • Derive protocol var names and types from params for boot services function calls

    Derive protocol var names and types from params for boot services function calls

    Analyze calls to gBS->LocateProtocol (and other APIs) to derive the protocol names and types from GUIDs and assign the protocol name and type to the variable.

    enhancement 
    opened by zznop 0
  • UDK EDK2: EFI_BOOT_SERVICES offset mismatch in EFI_SYSTEM_TABLE struct (__packed attribute not set)

    UDK EDK2: EFI_BOOT_SERVICES offset mismatch in EFI_SYSTEM_TABLE struct (__packed attribute not set)

    First, thanks for this great plugin. It helps a lot.

    While reversing an EFI binary build with UEFI Development Kit I realize there is an offset mismatch of EFI_BOOT_SERVICES in EFI_SYSTEM_TABLE struct. This plugin tells me it should have an offset of 0x70 But in edk2 it is 0x60.

    How to reproduce:

    Build HelloWorld.efi and compare UefiBootServicesTableLibConstructor() in MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.c

    Source code:

    EFI_STATUS
EFIAPI
UefiBootServicesTableLibConstructor (
  IN EFI_HANDLE        ImageHandle,
  IN EFI_SYSTEM_TABLE  *SystemTable
  )
{
  //
  // Cache the Image Handle
  //
  gImageHandle = ImageHandle;
  ASSERT (gImageHandle != NULL);

  //
  // Cache pointer to the EFI System Table
  //
  gST = SystemTable;
  ASSERT (gST != NULL);

  //
  // Cache pointer to the EFI Boot Services Table
  //
  gBS = SystemTable->BootServices;
  ASSERT (gBS != NULL);

  return EFI_SUCCESS;
}

    HLIL:

    000007b9  EFI_STATUS UefiBootServicesTableLibConstructor(EFI_HANDLE ImageHandle, struct EFI_SYSTEM_TABLE* SystemTable)

000007d7      data_46a0 = ImageHandle
000007fa      if (sub_75b() != 0 && data_46a0 == 0)
0000081f          sub_668(0x2d28)  {"/home/sylv/work/…"}
0000082f      data_46a8 = SystemTable
00000852      if (sub_75b() != 0 && data_46a8 == 0)
00000877          sub_668(0x2d28)  {"/home/sylv/work/…"}
0000088b      data_46b0 = SystemTable->StdErr
000008ae      if (sub_75b() != 0 && data_46b0 == 0)
000008d3          sub_668(0x2d28)  {"/home/sylv/work/…"}
000008db      return 0

    LLIL snipped:

      20 @ 00000879  rax = [rbp + 0x18 {arg_10}].q
  21 @ 0000087d  rdx = [rax + 0x60 {EFI_SYSTEM_TABLE::StdErr}].q
  22 @ 00000881  rax = 0x46b0
  23 @ 0000088b  [rax {data_46b0}].q = rdx
  24 @ 0000088e  rax = 0x75b
  25 @ 00000898  call(rax)
  26 @ 0000089c  if (al == 0) then 36 @ 0x8d5 else 40 @ 0x89e

    Relatet types in binary ninja:

    struct EFI_SYSTEM_TABLE
{
    struct EFI_TABLE_HEADER Hdr;
    CHAR16* FirmwareVendor;
    UINT32 FirmwareRevision;
    EFI_HANDLE ConsoleInHandle;
    struct EFI_SIMPLE_TEXT_INPUT_PROTOCOL* ConIn;
    EFI_HANDLE ConsoleOutHandle;
    struct EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL* ConOut;
    EFI_HANDLE StandardErrorHandle;
    struct EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL* StdErr;
    struct EFI_RUNTIME_SERVICES* RuntimeServices;
    struct EFI_BOOT_SERVICES* BootServices;
    UINTN NumberOfTableEntries;
    struct EFI_CONFIGURATION_TABLE* ConfigurationTable;
};

struct EFI_TABLE_HEADER
{
    UINT64 Signature;
    UINT32 Revision;
    // 4 byte empty
    UINT32 HeaderSize;
    // 4 byte empty
    UINT32 CRC32;
    // 4 byte empty
    UINT32 Reserved;
};

    It is probably related to EFI_TABLE_HEADER size, but I haven't investigated it yet.

    Thanks!

    opened by sylv-io 4
Releases(0.3)

  • 0.3(May 30, 2021)

    • Naming global protocol variables by analyzing gBS->InstallProtocolInterface and other boot service API calls
    • Bug fix causing analysis to be updated unnecessarily
    • Linting and Github actions
    Source code(tar.gz)
    Source code(zip)

  • 0.2(May 2, 2021)

  • 0.1(Apr 25, 2021)

    • Apply the correct prototype to the entry point function
    • Fix segments so all segments are RWX and have the correct semantics
      • This allows for global function pointers to be rendered correctly
    • Apply types for core UEFI services (from EDK-II)
    • Locate known protocol GUIDs and assign the GUID type and a symbol
    • Locate global assignments in entry and initialization functions and assign types
      • EFI_SYSTEM_TABLE, EFI_RUNTIME_SERVICES, EFI_BOOT_SERVICES, etc...
    Source code(tar.gz)
    Source code(zip)
Owner
Brandon Miller
Brandon Miller
GitHub
The simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell.

WPBT Builder This is a simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell. Motivation WPBT is one of the Adv

Satoshi Tanda 70 Nov 23, 2022
Make Epsilon Great again - Project Mu UEFI Firmware for Surface Duo (First Generation) Devices

Project Mu UEFI Implementation for Surface Duo Build Quick notes for building: Use Ubuntu 20.04 x64 Generate ACPI tables with IASL Follow this quick d

WOA Project 99 Dec 22, 2022
A modern C++ library for reading, writing, and analyzing CSV (and similar) files.

Vince's CSV Parser Motivation Documentation Integration C++ Version Single Header CMake Instructions Features & Examples Reading an Arbitrarily Large

Vincent La 648 Jan 7, 2023
Tools for analyzing and browsing Tarmac instruction traces.

Tarmac Trace Utilities Arm Tarmac Trace Utilities is a suite of tools to read, analyze and browse traces of running programs in the 'Tarmac' textual f

Arm Software 37 Jan 3, 2023
BlowBeef is a tool for analyzing WMI data.

Blowbeef BlowBeef is a tool for analyzing WMI data. Usage BlowBeef is a tool for analyzing WMI data.

倾旋 18 Sep 2, 2022
A tool for analyzing x86-64 binaries.

reopt Reopt is a general purpose decompilation and recompilation tool for repurposing application logic. It does this by analyzing machine code to rec

Galois, Inc. 263 Dec 23, 2022
SubLink is a C++ library used for constructing and analyzing merger trees in numerical simulations of galaxy formation

README SubLink is a C++ library used for constructing and analyzing merger trees in numerical simulations of galaxy formation. Brief description SubLi

nelson-group 1 Jan 20, 2022
Tutorials on how the UEFI works

Step by Step Tutorials on how to use the UEFI for OS Development from scratch THIS IS WINDOWS BASED TUTS, BUT CODE SHOULD WORK IN LINUX AND MAC. NOTE

ThatOSDev 7 Dec 28, 2022
⚡ Kernel written for NeticOS (UEFI bootloader)

AirKernel ⚡ Kernel written for NeticOS (UEFI bootloader) Report bug | Request a feature ❗️ Requirements Debian/Debian-based sudo apt install gcc g++ q

null 7 Dec 3, 2022
Very minimalistic UEFI boot menu / Stivale2 bootloader

Tosaithe Tosaithe is a minimalistic UEFI-firmware menu/bootloader. It can chain-load other EFI programs and loaders, including Linux kernels, and has

Davin McCall 12 Dec 8, 2022