Last active
January 28, 2024 08:52
-
-
Save Jasemalsadi/53c2482c6c2f51ebbaea917775e253ae to your computer and use it in GitHub Desktop.
Opcode finder; quick and dirty JS script to parse decompiled IDA code to track certain variable and it's alisase usage in the code,doesn't support nested switch statment but will alert you when there is, doesn't accurtely find end of the switch statement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const codeLines = `// Your decompiled C code here | |
| HIWORD(v4) = HIWORD(memcpyDst0); | |
| if (memcpyDst0[3] != 0x1090 && memcpyDst0[3] != 0x903 && memcpyDst0[3] != 0x508) { | |
| ... | |
| }` | |
| trackOpCode(codeLines,'memcpyDst0[3]') | |
| /* output sample | |
| Line 625: *(_DWORD *)(JavaClientInfo + 4 * *(_DWORD *)(JavaClientInfo + 1173160) + 1172360) = memcpyDst0[3]; | |
| Line 683: if ( memcpyDst0[3] != 0x1090 && memcpyDst0[3] != 0x903 && memcpyDst0[3] != 0x508 ) | |
| Line 686: if ( memcpyDst0[3] != 0x1070 && memcpyDst0[3] != 0x514 && memcpyDst0[3] != 0x521 ) | |
| Line 689: if ( memcpyDst0[3] != 0x1104 && memcpyDst0[3] != 0x1000 ) | |
| Line 691: *(_DWORD *)opCode = memcpyDst0[3]; | |
| Line 694: if ( *(_DWORD *)opCode >= 0x2000u ) | |
| Line 700: v548 = FXCLI_szCommandsNumberPerIndex[*(_DWORD *)opCode]; | |
| Line 720: opCode_copy = memcpyDst0[3]; | |
| Line 721: if ( opCode_copy > 4118 ) | |
| Line 723: if ( opCode_copy <= 4690 ) | |
| Line 725: if ( opCode_copy == 4690 ) | |
| Line 730: else if ( opCode_copy > 4386 ) | |
| Line 732: if ( opCode_copy > 4656 ) | |
| Line 734: v10 = opCode_copy - 4672; | |
| Line 735: switch ( opCode_copy ) | |
| Line 735: switch ( opCode_copy ) (switch-case structure) | |
| Line 737: case 4672: (switch-case structure) | |
| Line 741: case 4673: (switch-case structure) | |
| Line 754: case 4674: (switch-case structure) | |
| Line 764: case 4675: (switch-case structure) | |
| Line 769: case 4676: (switch-case structure) | |
| Line 773: case 4677: (switch-case structure) | |
| Line 791: case 4678: (switch-case structure) | |
| Line 802: case 4679: (switch-case structure) | |
| Line 806: case 4680: (switch-case structure) | |
| Line 810: case 4681: (switch-case structure) | |
| Line 814: case 4688: (switch-case structure) | |
| Line 833: case 4689: (switch-case structure) | |
| Line 842: else if ( opCode_copy == 4656 ) | |
| Line 850: v8 = opCode_copy - 4387; | |
| Line 851: v9 = opCode_copy - 4387; | |
| Line 852: switch ( opCode_copy ) | |
| Line 852: switch ( opCode_copy ) (switch-case structure) | |
| Line 854: case 4387: (switch-case structure) | |
| Line 862: case 4400: (switch-case structure) | |
| Line 866: case 4401: (switch-case structure) | |
| Line 873: case 4416: (switch-case structure) | |
| Line 876: case 4432: (switch-case structure) | |
| Line 1004: case 4433: (switch-case structure) | |
| Line 1008: case 4434: (switch-case structure) | |
| Line 1014: case 4448: (switch-case structure) | |
| Line 1031: case 4608: (switch-case structure) | |
| Line 1046: case 4609: (switch-case structure) | |
| Line 1053: case 4610: (switch-case structure) | |
| Line 1057: case 4611: (switch-case structure) | |
| Line 1086: else if ( opCode_copy == 4386 ) | |
| Line 1100: else if ( opCode_copy > 4352 ) | |
| Line 1102: switch ( opCode_copy ) | |
| Line 1102: switch ( opCode_copy ) (switch-case structure) | |
| Line 1104: case 4353: (switch-case structure) | |
| Line 1115: case 4354: (switch-case structure) | |
| Line 1149: case 4355: (switch-case structure) | |
| Line 1153: case 4356: (switch-case structure) | |
| Line 1156: case 4357: (switch-case structure) | |
| Line 1163: case 4358: (switch-case structure) | |
| Line 1166: case 4359: (switch-case structure) | |
| Line 1177: case 4360: (switch-case structure) | |
| Line 1183: case 4361: (switch-case structure) | |
| Line 1190: case 4368: (switch-case structure) | |
| Line 1194: case 4384: (switch-case structure) | |
| Line 1198: case 4385: (switch-case structure) | |
| Line 1208: else if ( opCode_copy == 4352 ) | |
| Line 1222: switch ( opCode_copy ) | |
| Line 1222: switch ( opCode_copy ) (switch-case structure) | |
| Line 1224: case 4119: (switch-case structure) | |
| Line 1229: case 4120: (switch-case structure) | |
| Line 1234: case 4121: (switch-case structure) | |
| Line 1238: case 4176: (switch-case structure) | |
| Line 1241: case 4177: (switch-case structure) | |
| Line 1246: case 4178: (switch-case structure) | |
| Line 1255: case 4179: (switch-case structure) | |
| Line 1259: case 4192: (switch-case structure) | |
| Line 1262: case 4193: (switch-case structure) | |
| Line 1265: case 4208: (switch-case structure) | |
| Line 1269: case 4224: (switch-case structure) | |
| Line 1277: case 4240: (switch-case structure) | |
| Line 1286: if ( opCode_copy <= 4929 ) | |
| Line 1288: if ( opCode_copy == 4929 ) | |
| Line 1297: switch ( opCode_copy ) | |
| Line 1297: switch ( opCode_copy ) (switch-case structure) | |
| Line 1299: case 4691: (switch-case structure) | |
| Line 1351: case 4692: (switch-case structure) | |
| Line 1355: case 4693: (switch-case structure) | |
| Line 1359: case 4694: (switch-case structure) | |
| Line 1406: case 4720: (switch-case structure) | |
| Line 1410: case 4721: (switch-case structure) | |
| Line 1417: case 4722: (switch-case structure) | |
| Line 1421: case 4723: (switch-case structure) | |
| Line 1426: case 4724: (switch-case structure) | |
| Line 1432: case 4752: (switch-case structure) | |
| Line 1444: case 4753: (switch-case structure) | |
| Line 1455: case 4754: (switch-case structure) | |
| Line 1478: case 4755: (switch-case structure) | |
| Line 1482: case 4756: (switch-case structure) | |
| Line 1499: case 4757: (switch-case structure) | |
| Line 1559: case 4758: (switch-case structure) | |
| Line 1609: case 4759: (switch-case structure) | |
| Line 1629: case 4760: (switch-case structure) | |
| Line 1644: case 4761: (switch-case structure) | |
| Line 1648: case 4864: (switch-case structure) | |
| Line 1684: case 4865: (switch-case structure) | |
| Line 1735: case 4896: (switch-case structure) | |
| Line 1744: case 4897: (switch-case structure) | |
| Line 1752: case 4898: (switch-case structure) | |
| Line 1770: case 4928: (switch-case structure) | |
| Line 1782: if ( opCode_copy <= 4994 ) | |
| Line 1784: if ( opCode_copy == 4994 ) | |
| Line 1791: switch ( opCode_copy ) | |
| Line 1791: switch ( opCode_copy ) (switch-case structure) | |
| Line 1793: case 4930: (switch-case structure) | |
| Line 1809: case 4931: (switch-case structure) | |
| Line 1815: case 4944: (switch-case structure) | |
| Line 1823: case 4945: (switch-case structure) | |
| Line 1826: case 4960: (switch-case structure) | |
| Line 1836: case 4976: (switch-case structure) | |
| Line 1840: case 4977: (switch-case structure) | |
| Line 1846: case 4978: (switch-case structure) | |
| Line 1853: case 4979: (switch-case structure) | |
| Line 1858: case 4980: (switch-case structure) | |
| Line 1862: case 4992: (switch-case structure) | |
| Line 1866: case 4993: (switch-case structure) | |
| Line 1876: if ( opCode_copy <= 5136 ) | |
| Line 1878: if ( opCode_copy == 5136 ) | |
| Line 1885: switch ( opCode_copy ) | |
| Line 1885: switch ( opCode_copy ) (switch-case structure) | |
| Line 1887: case 4995: (switch-case structure) | |
| Line 1893: case 4996: (switch-case structure) | |
| Line 1897: case 4997: (switch-case structure) | |
| Line 1901: case 5008: (switch-case structure) | |
| Line 1906: case 5120: (switch-case structure) | |
| Line 1915: if ( opCode_copy > 5168 ) | |
| Line 1917: if ( opCode_copy == 6553 ) | |
| Line 1924: if ( opCode_copy != 0x2000 ) | |
| Line 1932: switch ( opCode_copy ) | |
| Line 1932: switch ( opCode_copy ) (switch-case structure) | |
| Line 1934: case 5168: (switch-case structure) | |
| Line 1938: case 5152: (switch-case structure) | |
| Line 1943: case 5153: (switch-case structure) | |
| Line 1956: if ( opCode_copy == 4118 ) | |
| Line 1962: if ( opCode_copy > 1364 ) | |
| Line 1964: if ( opCode_copy > 2308 ) | |
| Line 1966: if ( opCode_copy > 4096 ) | |
| Line 1968: switch ( opCode_copy ) | |
| Line 1968: switch ( opCode_copy ) (switch-case structure) | |
| Line 1970: case 4097: (switch-case structure) | |
| Line 2005: case 4098: (switch-case structure) | |
| Line 2009: case 4099: (switch-case structure) | |
| Line 2013: case 4100: (switch-case structure) | |
| Line 2020: case 4101: (switch-case structure) | |
| Line 2025: case 4102: (switch-case structure) | |
| Line 2030: case 4103: (switch-case structure) | |
| Line 2033: case 4104: (switch-case structure) | |
| Line 2040: case 4105: (switch-case structure) | |
| Line 2044: case 4112: (switch-case structure) | |
| Line 2051: case 4113: (switch-case structure) | |
| Line 2054: case 4114: (switch-case structure) | |
| Line 2061: case 4115: (switch-case structure) | |
| Line 2076: case 4116: (switch-case structure) | |
| Line 2079: case 4117: (switch-case structure) | |
| Line 2087: else if ( opCode_copy == 4096 ) | |
| Line 2097: switch ( opCode_copy ) | |
| Line 2097: switch ( opCode_copy ) (switch-case structure) | |
| Line 2099: case 2309: (switch-case structure) | |
| Line 2118: case 2310: (switch-case structure) | |
| Line 2123: case 2311: (switch-case structure) | |
| Line 2153: case 2312: (switch-case structure) | |
| Line 2156: case 2313: (switch-case structure) | |
| Line 2161: case 2320: (switch-case structure) | |
| Line 2203: case 2321: (switch-case structure) | |
| Line 2218: case 2322: (switch-case structure) | |
| Line 2314: case 2323: (switch-case structure) | |
| Line 2399: if ( opCode_copy == 2308 ) | |
| Line 2405: else if ( opCode_copy > 1796 ) | |
| Line 2407: if ( opCode_copy <= 2051 ) | |
| Line 2409: if ( opCode_copy == 2051 ) | |
| Line 2469: switch ( opCode_copy ) | |
| Line 2469: switch ( opCode_copy ) (switch-case structure) | |
| Line 2471: case 1797: (switch-case structure) | |
| Line 2496: case 1798: (switch-case structure) | |
| Line 2502: case 1799: (switch-case structure) | |
| Line 2508: case 2048: (switch-case structure) | |
| Line 2513: case 2049: (switch-case structure) | |
| Line 2539: case 2050: (switch-case structure) | |
| Line 2550: if ( opCode_copy > 2305 ) | |
| Line 2552: if ( opCode_copy == 2306 ) | |
| Line 2623: if ( opCode_copy != 2305 ) | |
| Line 2625: if ( opCode_copy == 2052 ) | |
| Line 2652: if ( opCode_copy == 2053 ) | |
| Line 2823: else if ( opCode_copy == 1796 ) | |
| Line 2835: if ( opCode_copy <= 1539 ) | |
| Line 2837: if ( opCode_copy == 1539 ) | |
| Line 2847: switch ( opCode_copy ) | |
| Line 2847: switch ( opCode_copy ) (switch-case structure) | |
| Line 2849: case 1365: (switch-case structure) | |
| Line 2859: case 1366: (switch-case structure) | |
| Line 2865: case 1367: (switch-case structure) | |
| Line 2871: case 1536: (switch-case structure) | |
| Line 2877: case 1537: (switch-case structure) | |
| Line 2883: case 1538: (switch-case structure) | |
| Line 2894: if ( opCode_copy > 1793 ) | |
| Line 2896: if ( opCode_copy == 1794 ) | |
| Line 2908: switch ( opCode_copy ) | |
| Line 2908: switch ( opCode_copy ) (switch-case structure) | |
| Line 2910: case 1793: (switch-case structure) | |
| Line 2914: case 1540: (switch-case structure) | |
| Line 2920: case 1792: (switch-case structure) | |
| Line 2936: if ( opCode_copy == 1364 ) | |
| Line 2948: if ( opCode_copy > 1303 ) | |
| Line 2950: v6 = opCode_copy - 1304; | |
| Line 2952: switch ( opCode_copy ) | |
| Line 2952: switch ( opCode_copy ) (switch-case structure) | |
| Line 2954: case 1304: (switch-case structure) | |
| Line 2971: case 1305: (switch-case structure) | |
| Line 2975: case 1312: (switch-case structure) | |
| Line 3003: case 1313: (switch-case structure) | |
| Line 3017: case 1314: (switch-case structure) | |
| Line 3039: case 1315: (switch-case structure) | |
| Line 3051: case 1316: (switch-case structure) | |
| Line 3058: switch ( v362 ) (Nested Switch statment, so be-carefull from cases values) | |
| Line 3060: case 0: (switch-case structure) | |
| Line 3066: case 1: (switch-case structure) | |
| Line 3069: case 2: (switch-case structure) | |
| Line 3093: case 3: (switch-case structure) | |
| Line 3107: case 4: (switch-case structure) | |
| Line 3134: case 5: (switch-case structure) | |
| Line 3137: case 6: (switch-case structure) | |
| Line 3677: if ( opCode_copy == 1303 ) | |
| Line 3698: if ( opCode_copy > 1281 ) | |
| Line 3700: switch ( opCode_copy ) | |
| Line 3700: switch ( opCode_copy ) (switch-case structure) | |
| Line 3702: case 1282: (switch-case structure) | |
| Line 3706: case 1283: (switch-case structure) | |
| Line 3716: case 1284: (switch-case structure) | |
| Line 3730: case 1285: (switch-case structure) | |
| Line 3754: case 1286: (switch-case structure) | |
| Line 3786: case 1287: (switch-case structure) | |
| Line 3803: case 1288: (switch-case structure) | |
| Line 3836: case 1289: (switch-case structure) | |
| Line 3850: case 1296: (switch-case structure) | |
| Line 3882: case 1300: (switch-case structure) | |
| Line 3887: case 1301: (switch-case structure) | |
| Line 3899: case 1302: (switch-case structure) | |
| Line 3943: if ( opCode_copy == 1281 ) | |
| Line 3949: else if ( opCode_copy > 770 ) | |
| Line 3951: if ( opCode_copy > 1026 ) | |
| Line 3953: if ( opCode_copy == 1027 ) | |
| Line 3966: if ( opCode_copy != 1280 ) | |
| Line 3973: switch ( opCode_copy ) | |
| Line 3973: switch ( opCode_copy ) (switch-case structure) | |
| Line 3975: case 1026: (switch-case structure) | |
| Line 3983: case 1024: (switch-case structure) | |
| Line 3994: case 1025: (switch-case structure) | |
| Line 4005: if ( opCode_copy == 770 ) | |
| Line 4018: if ( opCode_copy > 513 ) | |
| Line 4020: if ( opCode_copy == 768 ) | |
| Line 4033: if ( opCode_copy == 769 ) | |
| Line 4053: switch ( opCode_copy ) | |
| Line 4053: switch ( opCode_copy ) (switch-case structure) | |
| Line 4055: case 513: (switch-case structure) | |
| Line 4071: case 256: (switch-case structure) | |
| Line 4076: case 257: (switch-case structure) | |
| Line 4081: case 512: (switch-case structure) | |
| Line 4097: *(_DWORD *)v76 = memcpyDst0[3]; | |
| Line 4098: if ( *(_DWORD *)v76 >= 0x2000u ) | |
| Line 4104: v74 = FXCLI_szCommandsNumberPerIndex[*(_DWORD *)v76]; | |
| Line 4162: FXCLI_IF_Command_Send(memcpyDst0[2], (int)v562, memcpyDst0[3], v560); | |
| */ | |
| function trackOpCode(codeLines1,targetVariable) { // doesn't support nested switch statment but will alert you when there is, doesn't accurtely find end of the switch statement | |
| var results = ""; | |
| var codeLines = codeLines1.split('\n') | |
| const aliases = []; // To keep track of variables that are aliases of the target | |
| is_switch = false; | |
| var nested_switch = 0; | |
| var switchDepth =0; | |
| codeLines.forEach((line, index) => { | |
| // Check if the line contains the target variable or any of its aliases | |
| if (line.includes(targetVariable) || aliases.some(alias => line.includes(alias))) { | |
| print(`Line ${index + 1}: ${line.trim()}`); | |
| // Check for alias assignment | |
| if (line.includes('=') && !line.includes("==")) { | |
| const parts = line.split('='); | |
| if (parts[1].includes(targetVariable)) { | |
| // Add the variable on the left-hand side as an alias | |
| aliases.push(parts[0].trim()); | |
| } | |
| } | |
| } | |
| // Special handling for switch-case structures | |
| if (line.trim().startsWith('switch') && (line.includes(targetVariable) || aliases.some(alias => line.includes(alias)))) { // we don't support nested switch | |
| print(`Line ${index + 1}: ${line.trim()} (switch-case structure)`); | |
| is_switch = 1; | |
| switchDepth++; | |
| }else if (line.trim().startsWith('switch') && is_switch) { // we have nested switch | |
| print(`Line ${index + 1}: ${line.trim()} (Nested Switch statment, so be-carefull from cases values)`); | |
| nested_switch++; | |
| } | |
| if (line.trim().startsWith('case') && is_switch) { // we don't support nested switch | |
| print(`Line ${index + 1}: ${line.trim()} (switch-case structure)`); | |
| } | |
| if (line.trim().startsWith('default') && is_switch) { // we assume each switch has defualt case | |
| if (nested_switch==0){ | |
| is_switch = 0; | |
| }else { | |
| nested_switch--; | |
| } | |
| } | |
| } | |
| ); | |
| function print(data) { | |
| results += data + "\n"; | |
| } | |
| console.log(results) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment