IDC Script Released - PS3Hax Network

Pirate · 12-02-2010

Jack Chen has released a IDC Script tool which allows us to extracts Processes from HV Dumps. This is not for more technical users, to quote:

For those who are new to HV reversing like I am. Here I made a quick IDC script for those interested in tracing the process protection pages to realize the VA and RA address mapping being used by the process.

you must execute the HV_DUMP.IDC from xorloser first, then apply this IDC later because it requires a opd_table to be defined first. and it?s for 3.15 HV only because that?s the only HV dump I have. process 0 is not extractable. there seems some data missing in the process object of process 0.

I am working on a different IDC script to extract the pages to a new file in order to get a file which RA=VA so I can analyze the code more easily.

here is the output for process 6 extraction from the dump I have.

opd_addr = 003214d0 rtoc_addr = 00350470 process_table_addr = 0035e850 process_obj_addr = 00368cf0 process_protection_domain_addr = 0036a960 protection_page_addr = 0036ab00, RA=000f4000, VA=80000000, next page addr = 0036ab30 protection_page_addr = 0036ab30, RA=000f5000, VA=80001000, next page addr = 0036ab60 protection_page_addr = 0036ab60, RA=000f6000, VA=80002000, next page addr = 0036ab90 protection_page_addr = 0036ab90, RA=000f7000, VA=80003000, next page addr = 0036abc0 protection_page_addr = 0036abc0, RA=000f8000, VA=80004000, next page addr = 0036abf0 protection_page_addr = 0036abf0, RA=000f9000, VA=80005000, next page addr = 0036ac20 protection_page_addr = 0036ac20, RA=000fa000, VA=80006000, next page addr = 0036ac50 protection_page_addr = 0036ac50, RA=000fb000, VA=80007000, next page addr = 0036ac80 protection_page_addr = 0036ac80, RA=000fc000, VA=80008000, next page addr = 0036acb0 protection_page_addr = 0036acb0, RA=000fd000, VA=80009000, next page addr = 0036ace0 protection_page_addr = 0036ace0, RA=000fe000, VA=8000a000, next page addr = 0036ad10 protection_page_addr = 0036ad10, RA=000ff000, VA=8000b000, next page addr = 0036ad40 protection_page_addr = 0036ad40, RA=00700000, VA=8000c000, next page addr = 0036ad70 protection_page_addr = 0036ad70, RA=00701000, VA=8000d000, next page addr = 0036ada0 protection_page_addr = 0036ada0, RA=00702000, VA=8000e000, next page addr = 0036add0 protection_page_addr = 0036add0, RA=00703000, VA=8000f000, next page addr = 0036ae00 protection_page_addr = 0036ae00, RA=00704000, VA=80010000, next page addr = 0036ae30 protection_page_addr = 0036ae30, RA=00705000, VA=80011000, next page addr = 0036ae60 protection_page_addr = 0036ae60, RA=00706000, VA=80012000, next page addr = 0036ae90 protection_page_addr = 0036ae90, RA=00707000, VA=80013000, next page addr = 0036aec0 protection_page_addr = 0036aec0, RA=00708000, VA=80014000, next page addr = 0036aef0 protection_page_addr = 0036aef0, RA=00709000, VA=80015000, next page addr = 0036af20 protection_page_addr = 0036af20, RA=0070a000, VA=80016000, next page addr = 0036af50 protection_page_addr = 0036af50, RA=0070b000, VA=80017000, next page addr = 0036af80 protection_page_addr = 0036af80, RA=0070c000, VA=80018000, next page addr = 0036afb0 protection_page_addr = 0036afb0, RA=0070d000, VA=80019000, next page addr = 0036afe0 protection_page_addr = 0036afe0, RA=0070e000, VA=8001a000, next page addr = 0036b010 protection_page_addr = 0036b010, RA=0070f000, VA=8001b000, next page addr = 0036b040 protection_page_addr = 0036b040, RA=00710000, VA=8001c000, next page addr = 0036b070 protection_page_addr = 0036b070, RA=00711000, VA=8001d000, next page addr = 0036b0a0 protection_page_addr = 0036b0a0, RA=00712000, VA=8001e000, next page addr = 0036b0d0 protection_page_addr = 0036b0d0, RA=00713000, VA=8001f000, next page addr = 0036b100 protection_page_addr = 0036b100, RA=00714000, VA=80020000, next page addr = 0036b130 protection_page_addr = 0036b130, RA=00715000, VA=80021000, next page addr = 0036b160 protection_page_addr = 0036b160, RA=00716000, VA=80022000, next page addr = 0036b190 protection_page_addr = 0036b190, RA=00717000, VA=80023000, next page addr = 0036b1c0 protection_page_addr = 0036b1c0, RA=00718000, VA=80024000, next page addr = 0036b1f0 protection_page_addr = 0036b1f0, RA=00719000, VA=80025000, next page addr = 0036b220 protection_page_addr = 0036b220, RA=0071a000, VA=80026000, next page addr = 0036b250 protection_page_addr = 0036b250, RA=0071b000, VA=80027000, next page addr = 0036b280 protection_page_addr = 0036b280, RA=0071c000, VA=80028000, next page addr = 0036b2b0 protection_page_addr = 0036b2b0, RA=0071d000, VA=80029000, next page addr = 0036b2e0 protection_page_addr = 0036b2e0, RA=0071e000, VA=8002a000, next page addr = 0036b310 protection_page_addr = 0036b310, RA=0071f000, VA=8002b000, next page addr = 0036b340 protection_page_addr = 0036b340, RA=00720000, VA=8002c000, next page addr = 0036b370 protection_page_addr = 0036b370, RA=00721000, VA=8002d000, next page addr = 0036b3a0 protection_page_addr = 0036b3a0, RA=00722000, VA=8002e000, next page addr = 0036b3d0 protection_page_addr = 0036b3d0, RA=00723000, VA=8002f000, next page addr = 0036b400 protection_page_addr = 0036b400, RA=00724000, VA=80030000, next page addr = 0036b430 protection_page_addr = 0036b430, RA=00725000, VA=80031000, next page addr = 0036b460 protection_page_addr = 0036b460, RA=00726000, VA=80032000, next page addr = 0036b490 protection_page_addr = 0036b490, RA=00727000, VA=80033000, next page addr = 0036b4c0 protection_page_addr = 0036b4c0, RA=00728000, VA=80034000, next page addr = 0036b4f0 protection_page_addr = 0036b4f0, RA=00729000, VA=80035000, next page addr = 0036b520 protection_page_addr = 0036b520, RA=0072a000, VA=80036000, next page addr = 0036b550 protection_page_addr = 0036b550, RA=0072b000, VA=80037000, next page addr = 0036b580 protection_page_addr = 0036b580, RA=0072c000, VA=80038000, next page addr = 0036b5b0 protection_page_addr = 0036b5b0, RA=0072d000, VA=80039000, next page addr = 0036b5e0 protection_page_addr = 0036b5e0, RA=0072e000, VA=8003a000, next page addr = 0036b610 protection_page_addr = 0036b610, RA=0072f000, VA=8003b000, next page addr = 0036b640 protection_page_addr = 0036b640, RA=00730000, VA=8003c000, next page addr = 0036b670 protection_page_addr = 0036b670, RA=00731000, VA=8003d000, next page addr = 0036b6a0 protection_page_addr = 0036b6a0, RA=00732000, VA=8003e000, next page addr = 0036b6d0 protection_page_addr = 0036b6d0, RA=00733000, VA=8003f000, next page addr = 0036b700 protection_page_addr = 0036b700, RA=00734000, VA=80040000, next page addr = 0036b730 protection_page_addr = 0036b730, RA=00735000, VA=80041000, next page addr = 0036b760 protection_page_addr = 0036b760, RA=00736000, VA=80042000, next page addr = 0036b790 protection_page_addr = 0036b790, RA=00737000, VA=80043000, next page addr = 0036b7c0 protection_page_addr = 0036b7c0, RA=00738000, VA=80044000, next page addr = 0036b7f0 protection_page_addr = 0036b7f0, RA=00739000, VA=80045000, next page addr = 0036b820 protection_page_addr = 0036b820, RA=0073a000, VA=80046000, next page addr = 0036b850 protection_page_addr = 0036b850, RA=0073b000, VA=80047000, next page addr = 0036b880 protection_page_addr = 0036b880, RA=0073c000, VA=80048000, next page addr = 0036b8b0 protection_page_addr = 0036b8b0, RA=0073d000, VA=80049000, next page addr = 0036b8e0 protection_page_addr = 0036b8e0, RA=0073e000, VA=8004a000, next page addr = 0036b910 protection_page_addr = 0036b910, RA=0073f000, VA=8004b000, next page addr = 0036b940 protection_page_addr = 0036b940, RA=00740000, VA=8004c000, next page addr = 0036b970 protection_page_addr = 0036b970, RA=00741000, VA=8004d000, next page addr = 0036b9a0 protection_page_addr = 0036b9a0, RA=00742000, VA=8004e000, next page addr = 0036b9d0 protection_page_addr = 0036b9d0, RA=00743000, VA=8004f000, next page addr = 0036ba00 protection_page_addr = 0036ba00, RA=00744000, VA=80050000, next page addr = 0036ba30 protection_page_addr = 0036ba30, RA=00745000, VA=80051000, next page addr = 0036ba60 protection_page_addr = 0036ba60, RA=00746000, VA=80052000, next page addr = 0036ba90 protection_page_addr = 0036ba90, RA=00747000, VA=80053000, next page addr = 0036bac0 protection_page_addr = 0036bac0, RA=00748000, VA=80054000, next page addr = 0036baf0 protection_page_addr = 0036baf0, RA=00749000, VA=80055000, next page addr = 0036bb20 protection_page_addr = 0036bb20, RA=0074a000, VA=80056000, next page addr = 0036bb50 protection_page_addr = 0036bb50, RA=0074b000, VA=80057000, next page addr = 00127900 protection_page_addr = 00127900, RA=0075d000, VA=a0000000, next page addr = 00369e20 protection_page_addr = 00369e20, RA=0015d000, VA=a0002000, next page addr = 0036bb80 protection_page_addr = 0036bb80, RA=0074c000, VA=c0000000, next page addr = 0036bbd0 protection_page_addr = 0036bbd0, RA=0074d000, VA=c0001000, next page addr = 0036bc00 protection_page_addr = 0036bc00, RA=0074e000, VA=c0002000, next page addr = 0036bc30 protection_page_addr = 0036bc30, RA=0074f000, VA=c0003000, next page addr = 0036bc60 protection_page_addr = 0036bc60, RA=00750000, VA=c0004000, next page addr = 0036bc90 protection_page_addr = 0036bc90, RA=00751000, VA=c0005000, next page addr = 0036bcc0 protection_page_addr = 0036bcc0, RA=00752000, VA=c0006000, next page addr = 0036bcf0 protection_page_addr = 0036bcf0, RA=00753000, VA=c0007000, next page addr = 0036bd20 protection_page_addr = 0036bd20, RA=00754000, VA=c0008000, next page addr = 0036bd50 protection_page_addr = 0036bd50, RA=00755000, VA=c0009000, next page addr = 0036bd80 protection_page_addr = 0036bd80, RA=00756000, VA=c000a000, next page addr = 0036bdb0 protection_page_addr = 0036bdb0, RA=00757000, VA=c000b000, next page addr = 0036bde0 protection_page_addr = 0036bde0, RA=00758000, VA=c000c000, next page addr = 0036be10 protection_page_addr = 0036be10, RA=00759000, VA=c000d000, next page addr = 0036be40 protection_page_addr = 0036be40, RA=0075a000, VA=c000e000, next page addr = 0036be70 protection_page_addr = 0036be70, RA=0075b000, VA=c000f000, next page addr = 0036bea0 protection_page_addr = 0036bea0, RA=0075c000, VA=c0010000, next page addr = 0012fc40 protection_page_addr = 0012fc40, RA=00768000, VA=ffffd000, next page addr = 00169e90 protection_page_addr = 00169e90, RA=00769000, VA=ffffe000, next page addr = 00169ec0 protection_page_addr = 00169ec0, RA=0076a000, VA=fffff000, next page addr = 0036a988 protection_page_addr = 0036a988, RA=ffffffffffffffff, VA=ffffffff, next page addr = 0036ab00

done

[Download IDC Script] [VIA]

12-02-2010	#1
Pirate Join Date: Feb 2007 Posts: 6,989 Likes: 371 Liked 8,050 Times in 1,248 Posts Mentioned: 585 Post(s) Tagged: 0 Thread(s)	IDC Script Released Jack Chen has released a IDC Script tool which allows us to extracts Processes from HV Dumps. This is not for more technical users, to quote: For those who are new to HV reversing like I am. Here I made a quick IDC script for those interested in tracing the process protection pages to realize the VA and RA address mapping being used by the process. you must execute the HV_DUMP.IDC from xorloser first, then apply this IDC later because it requires a opd_table to be defined first. and it?s for 3.15 HV only because that?s the only HV dump I have. process 0 is not extractable. there seems some data missing in the process object of process 0. I am working on a different IDC script to extract the pages to a new file in order to get a file which RA=VA so I can analyze the code more easily. here is the output for process 6 extraction from the dump I have. opd_addr = 003214d0 rtoc_addr = 00350470 process_table_addr = 0035e850 process_obj_addr = 00368cf0 process_protection_domain_addr = 0036a960 protection_page_addr = 0036ab00, RA=000f4000, VA=80000000, next page addr = 0036ab30 protection_page_addr = 0036ab30, RA=000f5000, VA=80001000, next page addr = 0036ab60 protection_page_addr = 0036ab60, RA=000f6000, VA=80002000, next page addr = 0036ab90 protection_page_addr = 0036ab90, RA=000f7000, VA=80003000, next page addr = 0036abc0 protection_page_addr = 0036abc0, RA=000f8000, VA=80004000, next page addr = 0036abf0 protection_page_addr = 0036abf0, RA=000f9000, VA=80005000, next page addr = 0036ac20 protection_page_addr = 0036ac20, RA=000fa000, VA=80006000, next page addr = 0036ac50 protection_page_addr = 0036ac50, RA=000fb000, VA=80007000, next page addr = 0036ac80 protection_page_addr = 0036ac80, RA=000fc000, VA=80008000, next page addr = 0036acb0 protection_page_addr = 0036acb0, RA=000fd000, VA=80009000, next page addr = 0036ace0 protection_page_addr = 0036ace0, RA=000fe000, VA=8000a000, next page addr = 0036ad10 protection_page_addr = 0036ad10, RA=000ff000, VA=8000b000, next page addr = 0036ad40 protection_page_addr = 0036ad40, RA=00700000, VA=8000c000, next page addr = 0036ad70 protection_page_addr = 0036ad70, RA=00701000, VA=8000d000, next page addr = 0036ada0 protection_page_addr = 0036ada0, RA=00702000, VA=8000e000, next page addr = 0036add0 protection_page_addr = 0036add0, RA=00703000, VA=8000f000, next page addr = 0036ae00 protection_page_addr = 0036ae00, RA=00704000, VA=80010000, next page addr = 0036ae30 protection_page_addr = 0036ae30, RA=00705000, VA=80011000, next page addr = 0036ae60 protection_page_addr = 0036ae60, RA=00706000, VA=80012000, next page addr = 0036ae90 protection_page_addr = 0036ae90, RA=00707000, VA=80013000, next page addr = 0036aec0 protection_page_addr = 0036aec0, RA=00708000, VA=80014000, next page addr = 0036aef0 protection_page_addr = 0036aef0, RA=00709000, VA=80015000, next page addr = 0036af20 protection_page_addr = 0036af20, RA=0070a000, VA=80016000, next page addr = 0036af50 protection_page_addr = 0036af50, RA=0070b000, VA=80017000, next page addr = 0036af80 protection_page_addr = 0036af80, RA=0070c000, VA=80018000, next page addr = 0036afb0 protection_page_addr = 0036afb0, RA=0070d000, VA=80019000, next page addr = 0036afe0 protection_page_addr = 0036afe0, RA=0070e000, VA=8001a000, next page addr = 0036b010 protection_page_addr = 0036b010, RA=0070f000, VA=8001b000, next page addr = 0036b040 protection_page_addr = 0036b040, RA=00710000, VA=8001c000, next page addr = 0036b070 protection_page_addr = 0036b070, RA=00711000, VA=8001d000, next page addr = 0036b0a0 protection_page_addr = 0036b0a0, RA=00712000, VA=8001e000, next page addr = 0036b0d0 protection_page_addr = 0036b0d0, RA=00713000, VA=8001f000, next page addr = 0036b100 protection_page_addr = 0036b100, RA=00714000, VA=80020000, next page addr = 0036b130 protection_page_addr = 0036b130, RA=00715000, VA=80021000, next page addr = 0036b160 protection_page_addr = 0036b160, RA=00716000, VA=80022000, next page addr = 0036b190 protection_page_addr = 0036b190, RA=00717000, VA=80023000, next page addr = 0036b1c0 protection_page_addr = 0036b1c0, RA=00718000, VA=80024000, next page addr = 0036b1f0 protection_page_addr = 0036b1f0, RA=00719000, VA=80025000, next page addr = 0036b220 protection_page_addr = 0036b220, RA=0071a000, VA=80026000, next page addr = 0036b250 protection_page_addr = 0036b250, RA=0071b000, VA=80027000, next page addr = 0036b280 protection_page_addr = 0036b280, RA=0071c000, VA=80028000, next page addr = 0036b2b0 protection_page_addr = 0036b2b0, RA=0071d000, VA=80029000, next page addr = 0036b2e0 protection_page_addr = 0036b2e0, RA=0071e000, VA=8002a000, next page addr = 0036b310 protection_page_addr = 0036b310, RA=0071f000, VA=8002b000, next page addr = 0036b340 protection_page_addr = 0036b340, RA=00720000, VA=8002c000, next page addr = 0036b370 protection_page_addr = 0036b370, RA=00721000, VA=8002d000, next page addr = 0036b3a0 protection_page_addr = 0036b3a0, RA=00722000, VA=8002e000, next page addr = 0036b3d0 protection_page_addr = 0036b3d0, RA=00723000, VA=8002f000, next page addr = 0036b400 protection_page_addr = 0036b400, RA=00724000, VA=80030000, next page addr = 0036b430 protection_page_addr = 0036b430, RA=00725000, VA=80031000, next page addr = 0036b460 protection_page_addr = 0036b460, RA=00726000, VA=80032000, next page addr = 0036b490 protection_page_addr = 0036b490, RA=00727000, VA=80033000, next page addr = 0036b4c0 protection_page_addr = 0036b4c0, RA=00728000, VA=80034000, next page addr = 0036b4f0 protection_page_addr = 0036b4f0, RA=00729000, VA=80035000, next page addr = 0036b520 protection_page_addr = 0036b520, RA=0072a000, VA=80036000, next page addr = 0036b550 protection_page_addr = 0036b550, RA=0072b000, VA=80037000, next page addr = 0036b580 protection_page_addr = 0036b580, RA=0072c000, VA=80038000, next page addr = 0036b5b0 protection_page_addr = 0036b5b0, RA=0072d000, VA=80039000, next page addr = 0036b5e0 protection_page_addr = 0036b5e0, RA=0072e000, VA=8003a000, next page addr = 0036b610 protection_page_addr = 0036b610, RA=0072f000, VA=8003b000, next page addr = 0036b640 protection_page_addr = 0036b640, RA=00730000, VA=8003c000, next page addr = 0036b670 protection_page_addr = 0036b670, RA=00731000, VA=8003d000, next page addr = 0036b6a0 protection_page_addr = 0036b6a0, RA=00732000, VA=8003e000, next page addr = 0036b6d0 protection_page_addr = 0036b6d0, RA=00733000, VA=8003f000, next page addr = 0036b700 protection_page_addr = 0036b700, RA=00734000, VA=80040000, next page addr = 0036b730 protection_page_addr = 0036b730, RA=00735000, VA=80041000, next page addr = 0036b760 protection_page_addr = 0036b760, RA=00736000, VA=80042000, next page addr = 0036b790 protection_page_addr = 0036b790, RA=00737000, VA=80043000, next page addr = 0036b7c0 protection_page_addr = 0036b7c0, RA=00738000, VA=80044000, next page addr = 0036b7f0 protection_page_addr = 0036b7f0, RA=00739000, VA=80045000, next page addr = 0036b820 protection_page_addr = 0036b820, RA=0073a000, VA=80046000, next page addr = 0036b850 protection_page_addr = 0036b850, RA=0073b000, VA=80047000, next page addr = 0036b880 protection_page_addr = 0036b880, RA=0073c000, VA=80048000, next page addr = 0036b8b0 protection_page_addr = 0036b8b0, RA=0073d000, VA=80049000, next page addr = 0036b8e0 protection_page_addr = 0036b8e0, RA=0073e000, VA=8004a000, next page addr = 0036b910 protection_page_addr = 0036b910, RA=0073f000, VA=8004b000, next page addr = 0036b940 protection_page_addr = 0036b940, RA=00740000, VA=8004c000, next page addr = 0036b970 protection_page_addr = 0036b970, RA=00741000, VA=8004d000, next page addr = 0036b9a0 protection_page_addr = 0036b9a0, RA=00742000, VA=8004e000, next page addr = 0036b9d0 protection_page_addr = 0036b9d0, RA=00743000, VA=8004f000, next page addr = 0036ba00 protection_page_addr = 0036ba00, RA=00744000, VA=80050000, next page addr = 0036ba30 protection_page_addr = 0036ba30, RA=00745000, VA=80051000, next page addr = 0036ba60 protection_page_addr = 0036ba60, RA=00746000, VA=80052000, next page addr = 0036ba90 protection_page_addr = 0036ba90, RA=00747000, VA=80053000, next page addr = 0036bac0 protection_page_addr = 0036bac0, RA=00748000, VA=80054000, next page addr = 0036baf0 protection_page_addr = 0036baf0, RA=00749000, VA=80055000, next page addr = 0036bb20 protection_page_addr = 0036bb20, RA=0074a000, VA=80056000, next page addr = 0036bb50 protection_page_addr = 0036bb50, RA=0074b000, VA=80057000, next page addr = 00127900 protection_page_addr = 00127900, RA=0075d000, VA=a0000000, next page addr = 00369e20 protection_page_addr = 00369e20, RA=0015d000, VA=a0002000, next page addr = 0036bb80 protection_page_addr = 0036bb80, RA=0074c000, VA=c0000000, next page addr = 0036bbd0 protection_page_addr = 0036bbd0, RA=0074d000, VA=c0001000, next page addr = 0036bc00 protection_page_addr = 0036bc00, RA=0074e000, VA=c0002000, next page addr = 0036bc30 protection_page_addr = 0036bc30, RA=0074f000, VA=c0003000, next page addr = 0036bc60 protection_page_addr = 0036bc60, RA=00750000, VA=c0004000, next page addr = 0036bc90 protection_page_addr = 0036bc90, RA=00751000, VA=c0005000, next page addr = 0036bcc0 protection_page_addr = 0036bcc0, RA=00752000, VA=c0006000, next page addr = 0036bcf0 protection_page_addr = 0036bcf0, RA=00753000, VA=c0007000, next page addr = 0036bd20 protection_page_addr = 0036bd20, RA=00754000, VA=c0008000, next page addr = 0036bd50 protection_page_addr = 0036bd50, RA=00755000, VA=c0009000, next page addr = 0036bd80 protection_page_addr = 0036bd80, RA=00756000, VA=c000a000, next page addr = 0036bdb0 protection_page_addr = 0036bdb0, RA=00757000, VA=c000b000, next page addr = 0036bde0 protection_page_addr = 0036bde0, RA=00758000, VA=c000c000, next page addr = 0036be10 protection_page_addr = 0036be10, RA=00759000, VA=c000d000, next page addr = 0036be40 protection_page_addr = 0036be40, RA=0075a000, VA=c000e000, next page addr = 0036be70 protection_page_addr = 0036be70, RA=0075b000, VA=c000f000, next page addr = 0036bea0 protection_page_addr = 0036bea0, RA=0075c000, VA=c0010000, next page addr = 0012fc40 protection_page_addr = 0012fc40, RA=00768000, VA=ffffd000, next page addr = 00169e90 protection_page_addr = 00169e90, RA=00769000, VA=ffffe000, next page addr = 00169ec0 protection_page_addr = 00169ec0, RA=0076a000, VA=fffff000, next page addr = 0036a988 protection_page_addr = 0036a988, RA=ffffffffffffffff, VA=ffffffff, next page addr = 0036ab00 done [Download IDC Script] [VIA]

		PS3Hax Network - Playstation 3 Hacks and Mods > News > PS3Hax News
IDC Script Released

User Name		Remember Me?
Password