1. #include <ida.idc>
  3. /************************************************************************
  4. Desc: Label all lua functions with proper name
  5. Author: TOM_RUS
  6. Credit: bobbysing for RenameFunc
  7. *************************************************************************/
  9. // 1 = Success, 0 = Failure
  10. static RenameFunc(dwAddress, sFunction)
  11. {
  12. auto dwRet;
  14. //return 1;
  15. dwRet = MakeNameEx(dwAddress, sFunction, SN_NOWARN);
  17. if(dwRet == 0)
  18. {
  19. auto sTemp, i;
  20. for(i = 0; i < 32; ++i)
  21. {
  22. sTemp = form("%s_%i", sFunction, i);
  24. if((dwRet = MakeNameEx(dwAddress, sTemp, SN_NOWARN)) != 0)
  25. {
  26. Message("Info: Renamed to %s instead of %s\n", sTemp, sFunction);
  27. break;
  28. }
  29. }
  30. }
  31. return dwRet;
  32. }
  34. static main()
  35. {
  36. auto counter, x, y, count, i, luaName, luaFunc, luaGlobal;
  37. // Live client 3.2.0.10314
  38. x = FindBinary(0, SEARCH_DOWN, "55 8B EC 8B 45 0C 56 8B 35 ? ? ? ? 6A 00 50 56 E8 ? ? ? ? 8B 4D 08 51 56 E8 ? ? ? ?");
  39. // PTR client 0.2.2.10433
  40. //x = FindBinary(0, SEARCH_DOWN, "55 8B EC 56 8B 35 ? ? ? ? 85 F6 75 22 6A 01 56 68 ? ? ? ? 68 9E 06 00 00 68 ? ? ? ?");
  42. if(x == BADADDR)
  43. {
  44. Message("Can't find FrameScript::RegisterFunction, aborting...\n");
  45. return -1;
  46. }
  48. Message("FrameScript::RegisterFunction found at: %X\n", x);
  50. for(y = RfirstB(x); y != BADADDR; y = RnextB(x, y))
  51. {
  52. auto dwRet, nameOffset, luaOffset, op1, op2, op3;
  54. //Message("Reference at: %X\n", y);
  56. nameOffset = y - 8;
  57. luaOffset = y - 14; // -13 if no loop
  59. //Message("%X %X\n", nameOffset, luaOffset);
  60. //Message("%X %X\n", GetOperandValue(nameOffset, 1), GetOperandValue(luaOffset, 1));
  62. op1 = GetOperandValue(y + 0x05, 1);
  63. op2 = GetOperandValue(y + 0x08, 1);
  64. op3 = GetOperandValue(y + 0x0B, 1);
  66. //Message("op1 %i\n", op1);
  67. //Message("op2 %i\n", op2);
  68. //Message("op3 %i\n", op3);
  70. if(op2 == BADADDR) // all this shit only because of Lua_PlayDance...
  71. {
  72. luaOffset++;
  73. luaName = GetString(Dword(GetOperandValue(nameOffset, 1)), -1, ASCSTR_C);
  74. luaFunc = GetOperandValue(luaOffset, 1);
  75. //Message("%s %X %X\n", luaName, luaFunc, Dword(luaFunc));
  77. if((dwRet = RenameFunc(Dword(luaFunc), form( "Script_%s", luaName))) == 0)
  78. Message("Failed to rename 0x%08X to %s\n", Dword(luaFunc), luaName);
  79. else
  80. counter++;
  81. }
  82. else
  83. {
  84. count = op3 / op2;
  85. //Message("count %i\n", count);
  87. for(i = 0; i < count; ++i)
  88. {
  89. luaName = GetString(Dword(GetOperandValue(nameOffset, 1) + (i * 8)), -1, ASCSTR_C);
  90. luaFunc = GetOperandValue(luaOffset, 1) + (i * 8);
  91. //Message("%s %X %X\n", luaName, luaFunc, Dword(luaFunc));
  93. if((dwRet = RenameFunc(Dword(luaFunc), form("Script_%s", luaName))) == 0)
  94. Message("Failed to rename 0x%08X to %s\n", Dword(luaFunc), luaName);
  95. else
  96. counter++;
  97. }
  98. }
  99. }
  101. // Live client 4.0.1.13164, seems work with PTR too
  102. x = FindBinary(0, SEARCH_DOWN, "55 8B EC 56 33 F6 39 75 10 7E ? 53 8B 5D 0C 57 8B 7D 08 8B 04 F3 50 57 E8 ? ? ? ? 8B 4C F3");
  104. if(x == BADADDR)
  105. {
  106. Message("Can't find FrameScript::FillScriptMethodTable, aborting...\n");
  107. return -1;
  108. }
  110. Message("FrameScript::FillScriptMethodTable found at: %X\n", x);
  112. for(y = RfirstB(x); y != BADADDR; y = RnextB(x, y))
  113. {
  114. auto offset, classCount;
  116. offset = GetOperandValue(y - 6, 0);
  117. count = GetOperandValue(y - 8, 0);
  118. //Message("%X %X %i\n", y, offset, count);
  120. for(i = 0; i < count; ++i)
  121. {
  122. luaName = GetString(Dword(offset + (i * 8)), -1, ASCSTR_C);
  123. luaFunc = Dword(offset + (i * 8) + 4);
  124. //Message("%s %X\n", luaName, luaFunc);
  126. // those functions belong to some FrameScript object class, but we don't know which one...
  127. if((dwRet = RenameFunc(luaFunc, form("Script_%s_class%i", luaName, classCount))) == 0)
  128. Message("Failed to rename 0x%08X to %s\n", luaFunc, luaName);
  129. else
  130. counter++;
  131. }
  133. classCount++;
  134. }
  136. // Live client 3.2.2.10505
  137. x = FindBinary(0, SEARCH_DOWN, "55 8B EC 8B 45 10 8B 4D 0C 8B 55 08 6A 00 50 51 52 E8 ? ? ? ? 83 C4 10 5D C3 ? ? ? ? ?");
  139. if(x == BADADDR)
  140. {
  141. Message("Can't find RegisterLuaApi, aborting...\n");
  142. return -1;
  143. }
  145. Message("RegisterLuaApi found at: %X\n", x);
  147. for(y = RfirstB(x); y != BADADDR; y = RnextB(x, y))
  148. {
  149. offset = ReadPushOperand(y - 11, "offset");
  150. luaGlobal = GetString(ReadPushOperand(y - 1, "offset"), -1, ASCSTR_C);
  151. Message("%X %X %s\n", y, offset, luaGlobal);
  152. i = 0;
  153. while((luaFunc = Dword(offset + (i * 8) + 4)) != 0 && (luaName = GetString(Dword(offset + (i * 8)), -1, ASCSTR_C)) != "")
  154. {
  155. Message("%s %X\n", luaName, luaFunc);
  157. if((dwRet = RenameFunc(luaFunc, form("LuaApi_%s::%s", luaGlobal, luaName))) == 0)
  158. Message("Failed to rename 0x%08X to %s\n", luaFunc, luaName);
  159. else
  160. counter++;
  162. i++;
  163. }
  164. }
  166. Message("Successfully renamed %i lua functions!\n", counter);
  167. return 0;
  168. }
  170. static ReadPushOperand( xref, filter )
  171. {
  172. do
  173. {
  174. auto disasm;
  175. disasm = GetDisasm( xref );
  177. if ( strstr( disasm, "push" ) > -1 && strstr( disasm, filter ) > -1 )
  178. break;
  180. xref = PrevHead( xref, PrevFunction( xref ) );
  181. } while ( 1 );
  183. return GetOperandValue( xref, 0 );
  184. }