NEExploiT/dump.rb Secret

## dump.rb
# お約束
require 'ProcessMemory'
include ProcessMemory
# 省略記法を許すためのお約束
include ProcessMemoryUtil
# プロセス指定
mem = memoryutil_startup

using Module.new{
  # ProcessMemoryEx本体次期リリース時に入れるかも
  refine ProcessMemoryEx do
    def strcpy(addr, initial_size = 32, atomic_size: 1, encoding: nil, encode: Encoding::UTF_8)
      size = initial_size * atomic_size
      fmt = ['C*', 'S*', nil, 'V*'][atomic_size - 1]
      buf = nil
      encoding ||= [Encoding::UTF_8, Encoding::UTF_16, nil, Encoding::UTF_32][atomic_size - 1]
      raise 'unknown atomic_size.' unless fmt
      loop{
        buf = ptr_fmt(addr, size, fmt).take_while{|atom| atom != 0 }
        break unless buf.size == size
        size *= 2
      }
      if encoding == encode
        buf.pack(fmt).force_encoding(encoding)
      else
        buf.pack(fmt).encode(encode, encoding)
      end
    end
  end
}

rgss_addr, rgss = mem.modules.detect{|(_, name)| /^RGSS\d+[EJ]?\.dll$/ =~ name }
vx_ace = false
sym_addr =  case rgss
            when /RGSS10\dJ\.dll/ then 0x1836BC + rgss_addr
            when /RGSS20\dJ\.dll/ then 0x18A23C + rgss_addr
            when /RGSS30\d\.dll/
              vx_ace = true
              0x25a2ac + rgss_addr
            when nil
              raise 'Target is not RGSS'
            else
              raise "#{rgss} isn't match"
            end

sym_tbl = ptr(sym_addr)
h = {}
raise 'sry packed entry is not supported' if vx_ace && ptr(sym_tbl + 8).odd?

num_bins = mem.ptr(sym_tbl + 4)

puts format("#{rgss}: 0x%08X", rgss_addr)
puts format('[%08X] == %08X', sym_addr, sym_tbl), "BINS: #{num_bins}", '-' * 64

bins = mem.ptr_fmt(mem.ptr(sym_tbl + 12), num_bins * 4, 'V*')
bins.each do |entry|
  it = entry
  while it != 0
    key = mem.ptr(it + 4)
    key_str = if vx_ace
                flg = mem.ptr(key)
                noembed = flg & 1 << 13
                if noembed != 0
                  mem.strcpy(mem.ptr(key + 12))
                else
                  mem.strcpy(key + 8)
                end
              else
                mem.strcpy(key)
              end

    record = mem.ptr(it + 8)
    h[key_str] = record
    it = mem.ptr(it + 12)
  end
end

h.keys.sort.each{|k|
  puts format('%s => 0x%04X', k, h[k])
}
	# お約束
	require 'ProcessMemory'
	include ProcessMemory
	# 省略記法を許すためのお約束
	include ProcessMemoryUtil
	# プロセス指定
	mem = memoryutil_startup

	using Module.new{
	# ProcessMemoryEx本体次期リリース時に入れるかも
	refine ProcessMemoryEx do
	def strcpy(addr, initial_size = 32, atomic_size: 1, encoding: nil, encode: Encoding::UTF_8)
	size = initial_size * atomic_size
	fmt = ['C', 'S', nil, 'V*'][atomic_size - 1]
	buf = nil
	encoding \|\|= [Encoding::UTF_8, Encoding::UTF_16, nil, Encoding::UTF_32][atomic_size - 1]
	raise 'unknown atomic_size.' unless fmt
	loop{
	buf = ptr_fmt(addr, size, fmt).take_while{\|atom\| atom != 0 }
	break unless buf.size == size
	size *= 2
	}
	if encoding == encode
	buf.pack(fmt).force_encoding(encoding)
	else
	buf.pack(fmt).encode(encode, encoding)
	end
	end
	end
	}

	rgss_addr, rgss = mem.modules.detect{\|(_, name)\| /^RGSS\d+[EJ]?\.dll$/ =~ name }
	vx_ace = false
	sym_addr = case rgss
	when /RGSS10\dJ\.dll/ then 0x1836BC + rgss_addr
	when /RGSS20\dJ\.dll/ then 0x18A23C + rgss_addr
	when /RGSS30\d\.dll/
	vx_ace = true
	0x25a2ac + rgss_addr
	when nil
	raise 'Target is not RGSS'
	else
	raise "#{rgss} isn't match"
	end

	sym_tbl = ptr(sym_addr)
	h = {}
	raise 'sry packed entry is not supported' if vx_ace && ptr(sym_tbl + 8).odd?

	num_bins = mem.ptr(sym_tbl + 4)

	puts format("#{rgss}: 0x%08X", rgss_addr)
	puts format('[%08X] == %08X', sym_addr, sym_tbl), "BINS: #{num_bins}", '-' * 64

	bins = mem.ptr_fmt(mem.ptr(sym_tbl + 12), num_bins * 4, 'V*')
	bins.each do \|entry\|
	it = entry
	while it != 0
	key = mem.ptr(it + 4)
	key_str = if vx_ace
	flg = mem.ptr(key)
	noembed = flg & 1 << 13
	if noembed != 0
	mem.strcpy(mem.ptr(key + 12))
	else
	mem.strcpy(key + 8)
	end
	else
	mem.strcpy(key)
	end

	record = mem.ptr(it + 8)
	h[key_str] = record
	it = mem.ptr(it + 12)
	end
	end

	h.keys.sort.each{\|k\|
	puts format('%s => 0x%04X', k, h[k])
	}