skochinsky · September 5, 2018 17:15
diff --git a/qt5res.py b/qt5res.py
 ## parse and dump Qt resources in current IDB
 from PyQt5  import QtCore
 import os.path
 f = LocByName("?qRegisterResourceData@@YA_NHPBE00@Z")
 for x in XrefsTo(f, idaapi.XREF_ALL):
  if x.type==fl_CN:
    callea = x.frm
    push1 = DecodePreviousInstruction(callea)
    if push1.itype != idaapi.NN_push:
      print "no push at %08X!"% push1.ea
      break
    a1 = push1.Op1.value
    push2 = DecodePreviousInstruction(push1.ea)
    if push2.itype != idaapi.NN_push:
      print "no push at %08X!"% push2.ea
      break
    res = push2.Op1.value    
    push3 = DecodePreviousInstruction(push2.ea)
    if push3.itype != idaapi.NN_push:
      print "no push at %08X!"% push3.ea
      break
    name = push3.Op1.value
    push4 = DecodePreviousInstruction(push3.ea)
    if push4.itype != idaapi.NN_push:
      print "no push at %08X!"% push4.ea
      break
    data = push4.Op1.value
    if isUnknown(GetFlags(res)):
      reslen = FindExplored(res, SEARCH_DOWN)
    else:
      reslen = ItemSize(res)
    nmlen = res - name
    datlen = name - data
    s1= idaapi.get_many_bytes(res, reslen)
    s2= idaapi.get_many_bytes(name, nmlen)
    s3= idaapi.get_many_bytes(data, datlen)
    
    print "found: %08X/%08X %08X/%08X %08X/%08X!"% (res, reslen, name, nmlen, data, datlen)
    #continue
    ok = QtCore.qRegisterResourceData(a1, s1, s2, s3)
    if not ok:
      print "failed for %08X/%08X %08X/%08X %08X/%08X!"% (res, reslen, name, nmlen, data, datlen)
      break
    else:
      i = QtCore.QDirIterator(":", QtCore.QDirIterator.Subdirectories)    
      while i.hasNext(): 
        path= i.next()
        print path 
        diskpath = path[2:].replace("/","\\")
        print " ->", diskpath
        if i.fileInfo().isDir():
          if QtCore.QDir().mkpath(diskpath):
            print "made dir"
          else:
            print "mkpath failed"
        else:          
          QtCore.QFile(path).copy(diskpath)
        
        
      
    ok = QtCore.qUnregisterResourceData(a1, s1, s2, s3)
    print  "done..."
    break
	## parse and dump Qt resources in current IDB
	from PyQt5 import QtCore
	import os.path
	f = LocByName("?qRegisterResourceData@@YA_NHPBE00@Z")
	for x in XrefsTo(f, idaapi.XREF_ALL):
	if x.type==fl_CN:
	callea = x.frm
	push1 = DecodePreviousInstruction(callea)
	if push1.itype != idaapi.NN_push:
	print "no push at %08X!"% push1.ea
	break
	a1 = push1.Op1.value
	push2 = DecodePreviousInstruction(push1.ea)
	if push2.itype != idaapi.NN_push:
	print "no push at %08X!"% push2.ea
	break
	res = push2.Op1.value
	push3 = DecodePreviousInstruction(push2.ea)
	if push3.itype != idaapi.NN_push:
	print "no push at %08X!"% push3.ea
	break
	name = push3.Op1.value
	push4 = DecodePreviousInstruction(push3.ea)
	if push4.itype != idaapi.NN_push:
	print "no push at %08X!"% push4.ea
	break
	data = push4.Op1.value
	if isUnknown(GetFlags(res)):
	reslen = FindExplored(res, SEARCH_DOWN)
	else:
	reslen = ItemSize(res)
	nmlen = res - name
	datlen = name - data
	s1= idaapi.get_many_bytes(res, reslen)
	s2= idaapi.get_many_bytes(name, nmlen)
	s3= idaapi.get_many_bytes(data, datlen)

	print "found: %08X/%08X %08X/%08X %08X/%08X!"% (res, reslen, name, nmlen, data, datlen)
	#continue
	ok = QtCore.qRegisterResourceData(a1, s1, s2, s3)
	if not ok:
	print "failed for %08X/%08X %08X/%08X %08X/%08X!"% (res, reslen, name, nmlen, data, datlen)
	break
	else:
	i = QtCore.QDirIterator(":", QtCore.QDirIterator.Subdirectories)
	while i.hasNext():
	path= i.next()
	print path
	diskpath = path[2:].replace("/","\\")
	print " ->", diskpath
	if i.fileInfo().isDir():
	if QtCore.QDir().mkpath(diskpath):
	print "made dir"
	else:
	print "mkpath failed"
	else:
	QtCore.QFile(path).copy(diskpath)



	ok = QtCore.qUnregisterResourceData(a1, s1, s2, s3)
	print "done..."
	break