forked from phracker/HopperScripts
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request phracker#1 from hackedd/master
Merge in hackedd's additions
- Loading branch information
Showing
6 changed files
with
986 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,104 @@ | ||
| import os | ||
| import re | ||
| import traceback | ||
|
|
||
| def get_hopper_script_dir(): | ||
| """Detect the Hopper script directory and return it if found""" | ||
|
|
||
| dirs = [os.path.expanduser("~/.local/share/data/Hopper/scripts"), | ||
| os.path.expandvars("%LOCALAPPDATA%/Hopper/scripts"), | ||
| os.path.expanduser("~/Library/Application Support/Hopper/Scripts/HopperScripts")] | ||
| for directory in dirs: | ||
| if os.path.exists(directory): | ||
| return directory | ||
| return None | ||
|
|
||
| def find_import_before(doc, start_address, max_bytes=200): | ||
| """Find the last import comment before an address, return the library name if found.""" | ||
| for adr in range(start_address, start_address - max_bytes, -1): | ||
| lib = get_import_at(doc, adr) | ||
| if lib: | ||
| return lib | ||
| return None | ||
|
|
||
| def get_import_at(doc, address): | ||
| """Check the comment at address for a import library name and return it if found.""" | ||
| segment = doc.getSegmentAtAddress(address) | ||
| if segment is not None: | ||
| comment = segment.getCommentAtAddress(address) | ||
| if comment.startswith("Imports from"): | ||
| return comment[13:] | ||
| return None | ||
|
|
||
| # Regular expression to match lines in our symbol files. | ||
| symbol_line = re.compile(r"^\s*(?:(\w+)\s+(\w+))?\s*([;#].*)?$") | ||
|
|
||
| def get_symbols(doc, lib): | ||
| """Load symbols from library.txt and return them as a dictionary.""" | ||
|
|
||
| basename = lib.replace(".dll", "").lower() | ||
| filename = os.path.join(get_hopper_script_dir(), basename + ".txt") | ||
| if not os.path.exists(filename): | ||
| doc.log("Symbol file not found: %s" % filename) | ||
| return None | ||
|
|
||
| symbols = {} | ||
| with open(filename, "r") as fp: | ||
| for i, line in enumerate(fp, 1): | ||
| match = symbol_line.match(line) | ||
| if not match: | ||
| doc.log("Skipping line %d: Malformed" % i) | ||
| continue | ||
|
|
||
| ordinal, name = match.group(1), match.group(2) | ||
| if ordinal and name: | ||
| symbols[ordinal] = name | ||
|
|
||
| return symbols | ||
|
|
||
| def main(doc): | ||
| lower, upper = doc.getSelectionAddressRange() | ||
| doc.log("Selection: %x - %x" % (lower, upper)) | ||
|
|
||
| # Hopper renames duplicate imports with their address, this regex matches those. | ||
| imp_address = re.compile(r"(imp_ordinal_\d+)_[0-9a-f]+") | ||
|
|
||
| # Find the last library name before the selection and load it's symbols. | ||
| current_lib = find_import_before(doc, lower) | ||
| if current_lib: | ||
| doc.log("Loading symbols for %s" % current_lib) | ||
| symbols = get_symbols(doc, current_lib) | ||
| else: | ||
| symbols = None | ||
|
|
||
| for adr in range(lower, upper, 4): | ||
| # See if this address has a comment indicating a library name. | ||
| lib = get_import_at(doc, adr) | ||
| if lib is not None and lib != current_lib: | ||
| current_lib = lib | ||
| doc.log("Loading symbols for %s" % current_lib) | ||
| symbols = get_symbols(doc, current_lib) | ||
|
|
||
| # If the current address indicates a name, and we have symbols, | ||
| # see if we can replace it with a name from the symbol file. | ||
| name = doc.getNameAtAddress(adr) | ||
| if symbols and name is not None: | ||
| # If the name ends with an address, strip that off. | ||
| match = imp_address.match(name) | ||
| if match: name = match.group(1) | ||
|
|
||
| if name in symbols: | ||
| doc.log("Renaming %s to %s" % (name, symbols[name])) | ||
| doc.setNameAtAddress(adr, symbols[name]) | ||
|
|
||
| doc.log("Done") | ||
| doc.refreshView() | ||
|
|
||
| doc = Document.getCurrentDocument() | ||
| try: | ||
| main(doc) | ||
| except: | ||
| # Exceptions seem to get lost in Hopper somewhere, so make sure we log a | ||
| # traceback if anything goes wrong. | ||
| doc.log("Unhandled Exception in Ordinals to Names") | ||
| doc.log(traceback.format_exc()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,182 @@ | ||
| # comctl32.dll exports for 'Ordinals to Names' Hopper Script | ||
| # Ordinal Name | ||
| imp_ordinal_2 imp_MenuHelp | ||
| imp_ordinal_3 imp_ShowHideMenuCtl | ||
| imp_ordinal_4 imp_GetEffectiveClientRect | ||
| imp_ordinal_5 imp_DrawStatusTextA | ||
| imp_ordinal_6 imp_CreateStatusWindowA | ||
| imp_ordinal_7 imp_CreateToolbar | ||
| imp_ordinal_8 imp_CreateMappedBitmap | ||
| imp_ordinal_9 imp_DPA_LoadStream | ||
| imp_ordinal_10 imp_DPA_SaveStream | ||
| imp_ordinal_11 imp_DPA_Merge | ||
| imp_ordinal_12 imp_CreatePropertySheetPage | ||
| imp_ordinal_13 imp_MakeDragList | ||
| imp_ordinal_14 imp_LBItemFromPt | ||
| imp_ordinal_15 imp_DrawInsert | ||
| imp_ordinal_16 imp_CreateUpDownControl | ||
| imp_ordinal_17 imp_InitCommonControls | ||
| imp_ordinal_18 imp_CreatePropertySheetPageA | ||
| imp_ordinal_19 imp_CreatePropertySheetPageW | ||
| imp_ordinal_20 imp_CreateStatusWindow | ||
| imp_ordinal_21 imp_CreateStatusWindowW | ||
| imp_ordinal_22 imp_CreateToolbarEx | ||
| imp_ordinal_23 imp_DestroyPropertySheetPage | ||
| imp_ordinal_24 imp_DllGetVersion | ||
| imp_ordinal_25 imp_DrawStatusText | ||
| imp_ordinal_26 imp_DrawStatusTextW | ||
| imp_ordinal_27 imp_FlatSB_EnableScrollBar | ||
| imp_ordinal_28 imp_FlatSB_GetScrollInfo | ||
| imp_ordinal_29 imp_FlatSB_GetScrollPos | ||
| imp_ordinal_30 imp_FlatSB_GetScrollProp | ||
| imp_ordinal_31 imp_FlatSB_GetScrollPropPtr | ||
| imp_ordinal_32 imp_FlatSB_GetScrollRange | ||
| imp_ordinal_33 imp_FlatSB_SetScrollInfo | ||
| imp_ordinal_34 imp_FlatSB_SetScrollPos | ||
| imp_ordinal_35 imp_FlatSB_SetScrollProp | ||
| imp_ordinal_36 imp_FlatSB_SetScrollRange | ||
| imp_ordinal_37 imp_FlatSB_ShowScrollBar | ||
| imp_ordinal_38 imp_GetMUILanguage | ||
| imp_ordinal_39 imp_ImageList_Add | ||
| imp_ordinal_40 imp_ImageList_AddIcon | ||
| imp_ordinal_41 imp_ImageList_AddMasked | ||
| imp_ordinal_42 imp_ImageList_BeginDrag | ||
| imp_ordinal_43 imp_ImageList_Copy | ||
| imp_ordinal_44 imp_ImageList_Create | ||
| imp_ordinal_45 imp_ImageList_Destroy | ||
| imp_ordinal_46 imp_ImageList_DragEnter | ||
| imp_ordinal_47 imp_ImageList_DragLeave | ||
| imp_ordinal_48 imp_ImageList_DragMove | ||
| imp_ordinal_49 imp_ImageList_DragShowNolock | ||
| imp_ordinal_50 imp_ImageList_Draw | ||
| imp_ordinal_51 imp_ImageList_DrawEx | ||
| imp_ordinal_52 imp_ImageList_DrawIndirect | ||
| imp_ordinal_53 imp_ImageList_Duplicate | ||
| imp_ordinal_54 imp_ImageList_EndDrag | ||
| imp_ordinal_55 imp_ImageList_GetBkColor | ||
| imp_ordinal_56 imp_ImageList_GetDragImage | ||
| imp_ordinal_57 imp_ImageList_GetFlags | ||
| imp_ordinal_58 imp_ImageList_GetIcon | ||
| imp_ordinal_59 imp_ImageList_GetIconSize | ||
| imp_ordinal_60 imp_ImageList_GetImageCount | ||
| imp_ordinal_61 imp_ImageList_GetImageInfo | ||
| imp_ordinal_62 imp_ImageList_GetImageRect | ||
| imp_ordinal_63 imp_ImageList_LoadImage | ||
| imp_ordinal_64 imp_ImageList_LoadImageA | ||
| imp_ordinal_65 imp_ImageList_LoadImageW | ||
| imp_ordinal_66 imp_ImageList_Merge | ||
| imp_ordinal_67 imp_ImageList_Read | ||
| imp_ordinal_68 imp_ImageList_Remove | ||
| imp_ordinal_69 imp_ImageList_Replace | ||
| imp_ordinal_70 imp_ImageList_ReplaceIcon | ||
| imp_ordinal_71 imp_None | ||
| imp_ordinal_72 imp_None | ||
| imp_ordinal_73 imp_None | ||
| imp_ordinal_74 imp_None | ||
| imp_ordinal_75 imp_ImageList_SetBkColor | ||
| imp_ordinal_76 imp_ImageList_SetDragCursorImage | ||
| imp_ordinal_77 imp_ImageList_SetFilter | ||
| imp_ordinal_78 imp_ImageList_SetFlags | ||
| imp_ordinal_79 imp_ImageList_SetIconSize | ||
| imp_ordinal_80 imp_ImageList_SetImageCount | ||
| imp_ordinal_81 imp_ImageList_SetOverlayImage | ||
| imp_ordinal_82 imp_ImageList_Write | ||
| imp_ordinal_83 imp_InitCommonControlsEx | ||
| imp_ordinal_84 imp_InitMUILanguage | ||
| imp_ordinal_85 imp_InitializeFlatSB | ||
| imp_ordinal_86 imp_PropertySheet | ||
| imp_ordinal_87 imp_PropertySheetA | ||
| imp_ordinal_88 imp_PropertySheetW | ||
| imp_ordinal_89 imp_RegisterClassNameW | ||
| imp_ordinal_90 imp_UninitializeFlatSB | ||
| imp_ordinal_91 imp__TrackMouseEvent | ||
| imp_ordinal_151 imp_None | ||
| imp_ordinal_152 imp_FreeMRUList | ||
| imp_ordinal_153 imp_None | ||
| imp_ordinal_154 imp_None | ||
| imp_ordinal_155 imp_None | ||
| imp_ordinal_156 imp_None | ||
| imp_ordinal_157 imp_None | ||
| imp_ordinal_163 imp_None | ||
| imp_ordinal_164 imp_None | ||
| imp_ordinal_167 imp_None | ||
| imp_ordinal_169 imp_None | ||
| imp_ordinal_233 imp_None | ||
| imp_ordinal_234 imp_None | ||
| imp_ordinal_235 imp_None | ||
| imp_ordinal_236 imp_Str_SetPtrW | ||
| imp_ordinal_320 imp_DSA_Create | ||
| imp_ordinal_321 imp_DSA_Destroy | ||
| imp_ordinal_322 imp_DSA_GetItem | ||
| imp_ordinal_323 imp_DSA_GetItemPtr | ||
| imp_ordinal_324 imp_DSA_InsertItem | ||
| imp_ordinal_325 imp_DSA_SetItem | ||
| imp_ordinal_326 imp_DSA_DeleteItem | ||
| imp_ordinal_327 imp_DSA_DeleteAllItems | ||
| imp_ordinal_328 imp_DPA_Create | ||
| imp_ordinal_329 imp_DPA_Destroy | ||
| imp_ordinal_330 imp_DPA_Grow | ||
| imp_ordinal_331 imp_DPA_Clone | ||
| imp_ordinal_332 imp_DPA_GetPtr | ||
| imp_ordinal_333 imp_DPA_GetPtrIndex | ||
| imp_ordinal_334 imp_DPA_InsertPtr | ||
| imp_ordinal_335 imp_DPA_SetPtr | ||
| imp_ordinal_336 imp_DPA_DeletePtr | ||
| imp_ordinal_337 imp_DPA_DeleteAllPtrs | ||
| imp_ordinal_338 imp_DPA_Sort | ||
| imp_ordinal_339 imp_DPA_Search | ||
| imp_ordinal_340 imp_DPA_CreateEx | ||
| imp_ordinal_341 imp_None | ||
| imp_ordinal_342 imp_None | ||
| imp_ordinal_350 imp_None | ||
| imp_ordinal_351 imp_None | ||
| imp_ordinal_352 imp_None | ||
| imp_ordinal_353 imp_None | ||
| imp_ordinal_354 imp_None | ||
| imp_ordinal_355 imp_None | ||
| imp_ordinal_356 imp_None | ||
| imp_ordinal_357 imp_None | ||
| imp_ordinal_358 imp_None | ||
| imp_ordinal_359 imp_None | ||
| imp_ordinal_360 imp_None | ||
| imp_ordinal_361 imp_None | ||
| imp_ordinal_362 imp_None | ||
| imp_ordinal_363 imp_None | ||
| imp_ordinal_364 imp_None | ||
| imp_ordinal_365 imp_None | ||
| imp_ordinal_366 imp_None | ||
| imp_ordinal_367 imp_None | ||
| imp_ordinal_368 imp_None | ||
| imp_ordinal_369 imp_None | ||
| imp_ordinal_372 imp_None | ||
| imp_ordinal_373 imp_None | ||
| imp_ordinal_374 imp_None | ||
| imp_ordinal_375 imp_None | ||
| imp_ordinal_376 imp_None | ||
| imp_ordinal_377 imp_None | ||
| imp_ordinal_382 imp_None | ||
| imp_ordinal_383 imp_None | ||
| imp_ordinal_384 imp_None | ||
| imp_ordinal_385 imp_DPA_EnumCallback | ||
| imp_ordinal_386 imp_DPA_DestroyCallback | ||
| imp_ordinal_387 imp_DSA_EnumCallback | ||
| imp_ordinal_388 imp_DSA_DestroyCallback | ||
| imp_ordinal_389 imp_None | ||
| imp_ordinal_390 imp_None | ||
| imp_ordinal_400 imp_CreateMRUListW | ||
| imp_ordinal_401 imp_AddMRUStringW | ||
| imp_ordinal_402 imp_None | ||
| imp_ordinal_403 imp_EnumMRUListW | ||
| imp_ordinal_404 imp_None | ||
| imp_ordinal_410 imp_SetWindowSubclass | ||
| imp_ordinal_411 imp_None | ||
| imp_ordinal_412 imp_RemoveWindowSubclass | ||
| imp_ordinal_413 imp_DefSubclassProc | ||
| imp_ordinal_414 imp_None | ||
| imp_ordinal_415 imp_None | ||
| imp_ordinal_416 imp_None | ||
| imp_ordinal_417 imp_None | ||
| imp_ordinal_418 imp_None | ||
| imp_ordinal_419 imp_None | ||
| imp_ordinal_420 imp_None | ||
| imp_ordinal_421 imp_None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| #!/usr/bin/python | ||
| import pefile | ||
| import sys | ||
| import os | ||
|
|
||
| if __name__ == "__main__": | ||
| if len(sys.argv) != 2: | ||
| print >>sys.stderr, "Usage: %s DLL" % sys.argv[0] | ||
| sys.exit(1) | ||
|
|
||
| filename = sys.argv[1] | ||
| if not os.path.exists(filename): | ||
| print >>sys.stderr, "'%s' does not exist" % filename | ||
| sys.exit(1) | ||
|
|
||
| d = [pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_EXPORT"]] | ||
| pe = pefile.PE(filename, fast_load=True) | ||
| pe.parse_data_directories(directories=d) | ||
|
|
||
| print "# %s exports for 'Ordinals to Names' Hopper Script" % os.path.basename(filename) | ||
| print "# Ordinal Name" | ||
|
|
||
| exports = [(e.ordinal, e.name) for e in pe.DIRECTORY_ENTRY_EXPORT.symbols] | ||
| for export in sorted(exports): | ||
| print "imp_ordinal_%-4d imp_%s" % export |
Oops, something went wrong.