Skip to content

Instantly share code, notes, and snippets.

@Konctantin

Konctantin/wow_64_lua_func_rename.py

Last active May 23, 2019 12:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Konctantin/32975edb3d886d157918 to your computer and use it in GitHub Desktop.
Save Konctantin/32975edb3d886d157918 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
wow_64_lua_func_rename.py
luaFuncs = []
regFuncs = []
def DumpFunctionArray(ref, arrPtr, size, nameSpace):
if size > 0 and arrPtr > 1000:
for i in xrange(0, size):
ptr = arrPtr+(i*16)
name = GetString(Qword(ptr), -1, ASCSTR_C)
addr = Qword(ptr+8)
if name != None:
if nameSpace != None:
name = nameSpace+"."+name
#print("0x%016X 0x%016X %s" % (ptr, addr, name))
luaFuncs.append(["Script_"+name, addr])
else:
print("# Bad str ref at 0x%X and addr 0x%X" % (ref, ptr))
else:
print("# >> Bad parse at ref: 0x%X (Ptr: 0x%X, Size %i)" % (ref, arrPtr, size))
def DumpGlobalFuncs():
searchPatern = "48 89 5C 24 08 57 48 83 EC 20 48 8B ? ? ? ? ? 48 8B D9 45 33 C0"
regFunc = FindBinary(0, SEARCH_DOWN, searchPatern)
print("# !!! FrameScript::RegisterFunction = 0x%016X" % regFunc)
MakeNameEx(regFunc, "FrameScript_RegisterFunction", SN_NOWARN)
reference = RnextB(regFunc, 0)
while reference != BADADDR:
prev = PrevHead(reference)
opType = GetOpType(prev, 1)
opVal = GetOperandValue(prev, 0)
if opType == 2: #Memory Reference
# array has 1 function
arrPtr = GetOperandValue(prev, 1)
DumpFunctionArray(reference, arrPtr, 1, None)
elif opType == 3: #Base + Index
while (GetMnem(prev) != "lea"):
prev = PrevHead(prev)
arrPtr = GetOperandValue(prev, 1) # lea rbx, arr_adr
size = GetOperandValue(NextHead(prev), 1) # mov rdi, arr_size
DumpFunctionArray(reference, arrPtr, size, None)
else:
print("# >> ERR: Unhandled operand type at 0x%X: %u" % (reference, opType))
reference = RnextB(regFunc, reference)
def DumpNamespaceFunc():
searchPatern = "48 89 5C 24 08 48 89 6C 24 10 48 89 74 24 18 57 48 83 EC 20 48 8B 1D ? ? ? ? 8B F2"
regFunc = FindBinary(0, SEARCH_DOWN, searchPatern)
print("# !!! FrameScript::RegisterFunctionNamespaceWithCount = 0x%016X" % regFunc)
MakeNameEx(regFunc, "FrameScript_RegisterFunctionNamespaceWithCount", SN_NOWARN)
reference = RnextB(regFunc, 0)
while reference != BADADDR:
# find first lea r8, namespace_ptr
lea_r8 = PrevHead(reference)
while (GetMnem(lea_r8) != "lea" or GetOperandValue(lea_r8, 0) != 8 or GetOpType(lea_r8, 0) != 1):
lea_r8 = PrevHead(lea_r8)
# find first lea rcx, table_ptr
lea_rcx = PrevHead(reference)
while (GetMnem(lea_rcx) != "lea" or GetOperandValue(lea_rcx, 0) != 1 or GetOpType(lea_rcx, 0) != 1):
lea_rcx = PrevHead(lea_rcx)
#find first mov edx, rec_count
mov_edx = PrevHead(reference)
while (GetMnem(mov_edx) != "mov" or GetOperandValue(mov_edx, 0) != 2 or GetOpType(mov_edx, 0) != 1):
mov_edx = PrevHead(mov_edx)
#print("lea_r8 = %X, lea_rcx = %X, mov_edx = %X" % (lea_r8,lea_rcx,mov_edx))
size = GetOperandValue(mov_edx, 1)
table = GetOperandValue(lea_rcx, 1)
ns = GetOperandValue(lea_r8, 1)
namesp= GetString(ns, -1, ASCSTR_C)
DumpFunctionArray(reference, table, size, namesp)
# todo: add handler:
funcOffset = FirstFuncFchunk(reference)
if funcOffset != BADADDR and namesp != None and namesp[0:2] == "C_":
regFuncs.append([funcOffset, "C"+namesp[2:]+"_RegisterScriptFunctions"])
reference = RnextB(regFunc, reference)
DumpNamespaceFunc();
DumpGlobalFuncs();
luaFuncs.sort()
regFuncs.sort();
print("\n# register functions")
for i in xrange(0, len(regFuncs)):
print("MakeNameEx(0x%X, \"%s\", SN_NOWARN)" % (regFuncs[i][0], regFuncs[i][1]))
MakeNameEx(regFuncs[i][0], regFuncs[i][1], SN_NOWARN)
print("\n# lua functions")
for i in xrange(0, len(luaFuncs)):
print("MakeNameEx(0x%X, \"%s\", SN_NOWARN)" % (luaFuncs[i][1], luaFuncs[i][0]))
MakeNameEx(luaFuncs[i][1], luaFuncs[i][0], SN_NOWARN)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment