Last active
December 6, 2019 21:08
-
-
Save worawit/c8788723a667f990ba9aebe9d69f2fc4 to your computer and use it in GitHub Desktop.
ghidra script for read script.py from Il2CppDumper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import ghidra.program.model.symbol.SourceType | |
| import re | |
| functionManager = currentProgram.getFunctionManager() | |
| #minAddress = currentProgram.getMinAddress() | |
| baseAddress = currentProgram.getImageBase() | |
| USER_DEFINED = ghidra.program.model.symbol.SourceType.USER_DEFINED | |
| index = 1 | |
| def _convert_arg_addr(arg): | |
| return baseAddress.add(int(arg, 0)) | |
| def _convert_arg_string(arg): | |
| if arg.startswith('r'): | |
| return arg[2:-1] # remove prefix 'r' and quote | |
| return arg[1:-1] # remove quote | |
| def do_SetName(arg1, arg2): | |
| addr = _convert_arg_addr(arg1) | |
| name = _convert_arg_string(arg2) | |
| createLabel(addr, name, True, USER_DEFINED) | |
| def do_idc_MakeComm(arg1, arg2): | |
| addr = _convert_arg_addr(arg1) | |
| text = _convert_arg_string(arg2) | |
| setEOLComment(addr, text) | |
| def do_SetString(arg1, arg2): | |
| addr = _convert_arg_addr(arg1) | |
| text = _convert_arg_string(arg2) | |
| global index | |
| name = "StringLiteral_" + str(index); | |
| createLabel(addr, name, True, USER_DEFINED) | |
| setEOLComment(addr, text) | |
| index += 1 | |
| def do_MakeFunction(arg1, arg2): | |
| addr = _convert_arg_addr(arg1) | |
| addr2 = _convert_arg_addr(arg2) | |
| body = createAddressSet() | |
| body.addRange(addr, addr2.subtract(1)) | |
| func = functionManager.getFunctionAt(addr) | |
| if func is None: | |
| try: | |
| #func = functionManager.createFunction(None, addr, body, USER_DEFINED) | |
| # many of MakeFunction body range is wrong. just use function entry point and let ghidra find the boundary | |
| func = createFunction(addr, None) | |
| except: | |
| pass | |
| else: | |
| oldBody = func.getBody() | |
| if not oldBody.hasSameAddresses(body): | |
| # no update body range info. info from dump script.py might be wrong | |
| #print('Function {} has different body address range'.format(func.getName(True))) | |
| pass | |
| f = askFile("script.py from Il2cppdumper", "Open") | |
| for line in file(f.absolutePath): | |
| match = re.search(r"^([\w+\.]+)\((\w+),\s*(.*)\)$", line) | |
| if match: | |
| name, arg1, arg2 = match.groups() | |
| res = globals()['do_'+name.replace('.', '_')](arg1, arg2) |
I've managed to do it different way.
added
def do_idc_set_cmt(arg1, arg2):
return
https://gist.github.com/masagrator/f21a0bb7b882b509c34beba7d2258b5d
it's working with 5.0.4
SetName and idc.set_cmt are almost the same thing, just idc.set_cmt has sometimes additional line for I don't know what. :P
Two examples
SetName(0x3ECACE0, 'Class$List<MAUUIAnimation>')
idc.set_cmt(0x3ECACE0, r'List<MAUUIAnimation>', 1)
doing the same thing
SetName(0x3ED4B78, 'Method$ContextAttribute.IsContextOK()')
idc.set_cmt(0x3ED4B78, 'Method$ContextAttribute.IsContextOK()', 1)
idc.set_cmt(0x3ED4B78, '0xB7D9A0', 0)
first two are doing the same thing, third line is doing something extra
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I did it and now I got error: