ValentinFunk · February 24, 2021 16:05
diff --git a/battlefield1_ida.py b/battlefield1_ida.py
 # Creates Structures TypeInfo / TypeInfoData
 def initStructures():
    strucId = GetStrucIdByName("TypeInfo")
    if (strucId == BADADDR):
        strucIdInfoData = AddStrucEx(-1, "TypeInfoData", 0)
        AddStrucMember(strucIdInfoData, "m_name", -1, (FF_QWRD|FF_DATA|FF_0CHAR), ASCSTR_C, 8)
        ApplyType(GetMemberId(strucIdInfoData, 0), ParseType("char*", 0))

        strucId = AddStrucEx(-1, "TypeInfo", 0)
        AddStrucMember(strucId, "m_infoData", -1, (FF_QWRD|FF_DATA|FF_0STRO), 0, 8)
        ApplyType(GetMemberId(strucId, 0), ParseType("TypeInfoData*", 0))
        AddStrucMember(strucId, "m_next", -1, (FF_QWRD|FF_DATA|FF_0STRO), 0, 8)
        ApplyType(GetMemberId(strucId, 8), ParseType("TypeInfo*", 0))
        AddStrucMember(strucId, "unknown", -1, (FF_BYTE|FF_DATA), 0, 64)
        

 # ea = Adress of first type info
 # Applies structs and names offsets
 def fillTypeInfoLoop(ea):
    initStructures()

    mNext = ea
    unknowns = 0

    while True:
        MakeStruct(mNext, "TypeInfo")
        ApplyType(mNext, ParseType("TypeInfo", 0))
        mInfoData = Qword(mNext)

        MakeStruct(mInfoData, "TypeInfoData")
        ApplyType(mInfoData, ParseType("TypeInfoData", 0))

        mInfoData__mName = Qword(mInfoData)
        name = GetString(mInfoData__mName)
        if not name:
            MakeStr(mInfoData__mName, BADADDR)
            name = "Unknown_" + str(unknowns)
            unknowns = unknowns + 1 
        else:
            MakeUnknown(mInfoData__mName, len(name), 0)
            MakeStr(mInfoData__mName, mInfoData__mName + len(name))

        MakeNameEx(mNext, "TypeInfo_" + name, (SN_NON_AUTO | SN_NOWARN))
        MakeNameEx(mInfoData, "TypeInfoData_" + name, (SN_NON_AUTO | SN_NOWARN))

        mNext = Qword(mNext + 8)
        if mNext == 0:
            break

 def fillTypeInfo():
    startEa = SegByBase(SegByName("HEADER"))
    firstTypeInfoInstruction = FindBinary(startEa, SEARCH_DOWN, "48 39 C8 74 0D 48 89 C2") - 16 # First Type Info pattern
    firstTypeInfoOffset = Qword(GetOperandValue(firstTypeInfoInstruction, 1)) # Resolve
    fillTypeInfoLoop(firstTypeInfoOffset) # Iterate the LinkedList

 def fixPointer(ea):
    pointsTo = Qword(ea)
    if SegName(pointsTo) == ".srdata":
        # Make the vtable entry an offset
        MakeQword(ea)
        OpOff(ea, 0, 0)
        
        # Reset the stating address if it belongs to something else (or ida misidentified it)
        flags = GetFlags(pointsTo)
        if not isCode(flags):
            MakeUnkn(pointsTo, DOUNK_SIMPLE)

        # Make the address code and analyse as function
        MakeCode(pointsTo)
        MakeFunction(pointsTo, BADADDR)
            
 def fixPointers():
    xtext = SegByBase(SegByName(".xtext"))
    xtext_end = SegEnd(xtext)
    curr = xtext
    while curr < xtext_end:
        fixPointer(curr)
        curr = curr + 8

    # Reanalyze .srdata
    srdata = SegByBase(SegByName(".srdata"))
    srdata_end = SegEnd(srdata)
    AnalyzeArea(srdata, srdata_end)
	# Creates Structures TypeInfo / TypeInfoData
	def initStructures():
	strucId = GetStrucIdByName("TypeInfo")
	if (strucId == BADADDR):
	strucIdInfoData = AddStrucEx(-1, "TypeInfoData", 0)
	AddStrucMember(strucIdInfoData, "m_name", -1, (FF_QWRD\|FF_DATA\|FF_0CHAR), ASCSTR_C, 8)
	ApplyType(GetMemberId(strucIdInfoData, 0), ParseType("char*", 0))

	strucId = AddStrucEx(-1, "TypeInfo", 0)
	AddStrucMember(strucId, "m_infoData", -1, (FF_QWRD\|FF_DATA\|FF_0STRO), 0, 8)
	ApplyType(GetMemberId(strucId, 0), ParseType("TypeInfoData*", 0))
	AddStrucMember(strucId, "m_next", -1, (FF_QWRD\|FF_DATA\|FF_0STRO), 0, 8)
	ApplyType(GetMemberId(strucId, 8), ParseType("TypeInfo*", 0))
	AddStrucMember(strucId, "unknown", -1, (FF_BYTE\|FF_DATA), 0, 64)


	# ea = Adress of first type info
	# Applies structs and names offsets
	def fillTypeInfoLoop(ea):
	initStructures()

	mNext = ea
	unknowns = 0

	while True:
	MakeStruct(mNext, "TypeInfo")
	ApplyType(mNext, ParseType("TypeInfo", 0))
	mInfoData = Qword(mNext)

	MakeStruct(mInfoData, "TypeInfoData")
	ApplyType(mInfoData, ParseType("TypeInfoData", 0))

	mInfoData__mName = Qword(mInfoData)
	name = GetString(mInfoData__mName)
	if not name:
	MakeStr(mInfoData__mName, BADADDR)
	name = "Unknown_" + str(unknowns)
	unknowns = unknowns + 1
	else:
	MakeUnknown(mInfoData__mName, len(name), 0)
	MakeStr(mInfoData__mName, mInfoData__mName + len(name))

	MakeNameEx(mNext, "TypeInfo_" + name, (SN_NON_AUTO \| SN_NOWARN))
	MakeNameEx(mInfoData, "TypeInfoData_" + name, (SN_NON_AUTO \| SN_NOWARN))

	mNext = Qword(mNext + 8)
	if mNext == 0:
	break

	def fillTypeInfo():
	startEa = SegByBase(SegByName("HEADER"))
	firstTypeInfoInstruction = FindBinary(startEa, SEARCH_DOWN, "48 39 C8 74 0D 48 89 C2") - 16 # First Type Info pattern
	firstTypeInfoOffset = Qword(GetOperandValue(firstTypeInfoInstruction, 1)) # Resolve
	fillTypeInfoLoop(firstTypeInfoOffset) # Iterate the LinkedList

	def fixPointer(ea):
	pointsTo = Qword(ea)
	if SegName(pointsTo) == ".srdata":
	# Make the vtable entry an offset
	MakeQword(ea)
	OpOff(ea, 0, 0)

	# Reset the stating address if it belongs to something else (or ida misidentified it)
	flags = GetFlags(pointsTo)
	if not isCode(flags):
	MakeUnkn(pointsTo, DOUNK_SIMPLE)

	# Make the address code and analyse as function
	MakeCode(pointsTo)
	MakeFunction(pointsTo, BADADDR)

	def fixPointers():
	xtext = SegByBase(SegByName(".xtext"))
	xtext_end = SegEnd(xtext)
	curr = xtext
	while curr < xtext_end:
	fixPointer(curr)
	curr = curr + 8

	# Reanalyze .srdata
	srdata = SegByBase(SegByName(".srdata"))
	srdata_end = SegEnd(srdata)
	AnalyzeArea(srdata, srdata_end)