-
-
Save NEExploiT/635d6dae61c123be5e617076adb3be0e to your computer and use it in GitHub Desktop.
dump.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# お約束 | |
require 'ProcessMemory' | |
include ProcessMemory | |
# 省略記法を許すためのお約束 | |
include ProcessMemoryUtil | |
# プロセス指定 | |
mem = memoryutil_startup | |
using Module.new{ | |
# ProcessMemoryEx本体次期リリース時に入れるかも | |
refine ProcessMemoryEx do | |
def strcpy(addr, initial_size = 32, atomic_size: 1, encoding: nil, encode: Encoding::UTF_8) | |
size = initial_size * atomic_size | |
fmt = ['C*', 'S*', nil, 'V*'][atomic_size - 1] | |
buf = nil | |
encoding ||= [Encoding::UTF_8, Encoding::UTF_16, nil, Encoding::UTF_32][atomic_size - 1] | |
raise 'unknown atomic_size.' unless fmt | |
loop{ | |
buf = ptr_fmt(addr, size, fmt).take_while{|atom| atom != 0 } | |
break unless buf.size == size | |
size *= 2 | |
} | |
if encoding == encode | |
buf.pack(fmt).force_encoding(encoding) | |
else | |
buf.pack(fmt).encode(encode, encoding) | |
end | |
end | |
end | |
} | |
rgss_addr, rgss = mem.modules.detect{|(_, name)| /^RGSS\d+[EJ]?\.dll$/ =~ name } | |
vx_ace = false | |
sym_addr = case rgss | |
when /RGSS10\dJ\.dll/ then 0x1836BC + rgss_addr | |
when /RGSS20\dJ\.dll/ then 0x18A23C + rgss_addr | |
when /RGSS30\d\.dll/ | |
vx_ace = true | |
0x25a2ac + rgss_addr | |
when nil | |
raise 'Target is not RGSS' | |
else | |
raise "#{rgss} isn't match" | |
end | |
sym_tbl = ptr(sym_addr) | |
h = {} | |
raise 'sry packed entry is not supported' if vx_ace && ptr(sym_tbl + 8).odd? | |
num_bins = mem.ptr(sym_tbl + 4) | |
puts format("#{rgss}: 0x%08X", rgss_addr) | |
puts format('[%08X] == %08X', sym_addr, sym_tbl), "BINS: #{num_bins}", '-' * 64 | |
bins = mem.ptr_fmt(mem.ptr(sym_tbl + 12), num_bins * 4, 'V*') | |
bins.each do |entry| | |
it = entry | |
while it != 0 | |
key = mem.ptr(it + 4) | |
key_str = if vx_ace | |
flg = mem.ptr(key) | |
noembed = flg & 1 << 13 | |
if noembed != 0 | |
mem.strcpy(mem.ptr(key + 12)) | |
else | |
mem.strcpy(key + 8) | |
end | |
else | |
mem.strcpy(key) | |
end | |
record = mem.ptr(it + 8) | |
h[key_str] = record | |
it = mem.ptr(it + 12) | |
end | |
end | |
h.keys.sort.each{|k| | |
puts format('%s => 0x%04X', k, h[k]) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment