alastorid · May 19, 2018 11:33
diff --git a/gistfile1.txt b/gistfile1.txt
 #!/usr/bin/python
 import re
 import idautils
 import idc
 import idaapi
 import ida_nalt

 pfMmGetSystemRoutineAddress=LocByName("MmGetSystemRoutineAddress")
 def PrevMnem(ea, mnem, count):
    mcount=0;
    while BADADDR != ea:
        ea=PrevHead(ea)
        if mnem == GetMnem(ea):
            mcount=mcount+1;
            if mcount == count:
                return ea
    return BADADDR
 def NextMnem(ea, mnem, count):
    mcount=0;
    while BADADDR != ea:
        ea=NextHead(ea)
        if mnem == GetMnem(ea):
            mcount=mcount+1;
            if mcount == count:
                return ea
    return BADADDR
 def GetNewName(n):
    num=0
    name="%s_%d"%(n,num)
    while BADADDR != LocByName(name):
        num=num+1
        name="%s_%d"%(n,num)
    return name

 occ = RfirstB (pfMmGetSystemRoutineAddress);
 while occ != BADADDR:
    prelea3=PrevMnem(occ, 'lea', 3);    
    nextmov1=NextMnem(occ, 'mov', 1);
    while 'rax' != GetOpnd(nextmov1, 1):
        nextmov1=NextMnem(nextmov1, 'mov', 1);

    if 'lea' == GetMnem(prelea3) and 'mov' == GetMnem(nextmov1):
        ps=GetOperandValue(prelea3, 1)        
        pfnAddr=GetOperandValue(nextmov1,0)        
        s = GetString (ps, -1, ASCSTR_UNICODE)
        name = GetNewName("pfn" + s)
        print "rename %s to %s "%(GetTrueName(pfnAddr), name)
        MakeNameEx(pfnAddr, name, SN_NOWARN)
    else:
        print "Exception %x "%(occ)
    occ = RnextB (pfMmGetSystemRoutineAddress, occ)
	#!/usr/bin/python
	import re
	import idautils
	import idc
	import idaapi
	import ida_nalt

	pfMmGetSystemRoutineAddress=LocByName("MmGetSystemRoutineAddress")
	def PrevMnem(ea, mnem, count):
	mcount=0;
	while BADADDR != ea:
	ea=PrevHead(ea)
	if mnem == GetMnem(ea):
	mcount=mcount+1;
	if mcount == count:
	return ea
	return BADADDR
	def NextMnem(ea, mnem, count):
	mcount=0;
	while BADADDR != ea:
	ea=NextHead(ea)
	if mnem == GetMnem(ea):
	mcount=mcount+1;
	if mcount == count:
	return ea
	return BADADDR
	def GetNewName(n):
	num=0
	name="%s_%d"%(n,num)
	while BADADDR != LocByName(name):
	num=num+1
	name="%s_%d"%(n,num)
	return name

	occ = RfirstB (pfMmGetSystemRoutineAddress);
	while occ != BADADDR:
	prelea3=PrevMnem(occ, 'lea', 3);
	nextmov1=NextMnem(occ, 'mov', 1);
	while 'rax' != GetOpnd(nextmov1, 1):
	nextmov1=NextMnem(nextmov1, 'mov', 1);

	if 'lea' == GetMnem(prelea3) and 'mov' == GetMnem(nextmov1):
	ps=GetOperandValue(prelea3, 1)
	pfnAddr=GetOperandValue(nextmov1,0)
	s = GetString (ps, -1, ASCSTR_UNICODE)
	name = GetNewName("pfn" + s)
	print "rename %s to %s "%(GetTrueName(pfnAddr), name)
	MakeNameEx(pfnAddr, name, SN_NOWARN)
	else:
	print "Exception %x "%(occ)
	occ = RnextB (pfMmGetSystemRoutineAddress, occ)