[Konctantin]

Накалякал тут скрипт для переименования lua функций в x64 клиенте, может кому-то пригодится:

Код:

luaFuncs = []

def DumpFunctionArray(ref, arrPtr, size, nameSpace):
    if size > 0 and arrPtr > 1000:
        for i in xrange(0, size):
            ptr  = arrPtr+(i*16)
            name = GetString(Qword(ptr), -1, ASCSTR_C)
            addr = Qword(ptr+8)
            if name != None:
                if nameSpace != None:
                    name = nameSpace+"."+name
                #print("0x%016X 0x%016X %s" % (ptr, addr, name))   
                luaFuncs.append(["Script_"+name, addr])
            else:
                print("# Bad str ref at 0x%X and addr 0x%X" % (ref, ptr))
    else:
        print("# >> Bad parse at ref: 0x%X (Ptr: 0x%X, Size %i)" % (ref, arrPtr, size))

def DumpGlobalFuncs():
    searchPatern = "48 89 5C 24 08 57 48 83 EC 20 48 8B ? ? ? ? ? 48 8B D9 45 33 C0"
    regFunc = FindBinary(0, SEARCH_DOWN, searchPatern)
    print("# !!! FrameScript::RegisterFunction = 0x%016X" % regFunc)
    reference = RnextB(regFunc, 0)
    while reference != BADADDR:
        prev = PrevHead(reference)
        opType = GetOpType(prev, 1)
        opVal = GetOperandValue(prev, 0)
        if opType == 2: #Memory Reference
            # array has 1 function
            arrPtr  = GetOperandValue(prev, 1)
            DumpFunctionArray(reference, arrPtr, 1, None)
        elif opType == 3: #Base + Index
            while (GetMnem(prev) != "lea"):
                prev = PrevHead(prev)
            arrPtr = GetOperandValue(prev, 1)           # lea rbx, arr_adr
            size   = GetOperandValue(NextHead(prev), 1) # mov rdi, arr_size
            DumpFunctionArray(reference, arrPtr, size, None)
        else:
            print("# >> ERR: Unhandled operand type at 0x%X: %u" % (reference, opType))
        reference = RnextB(regFunc, reference)

def DumpNamespaceFunc():
    searchPatern = "48 89 5C 24 08 48 89 6C 24 10 48 89 74 24 18 57 48 83 EC 20 48 8B 1D ? ? ? ? 8B F2"
    regFunc = FindBinary(0, SEARCH_DOWN, searchPatern)
    print("# !!! FrameScript::RegisterFunctionNamespaceWithCount = 0x%016X" % regFunc)
    reference = RnextB(regFunc, 0)
    while reference != BADADDR:
        # find first lea r8, namespace_ptr
        lea_r8  = PrevHead(reference)
        while (GetMnem(lea_r8) != "lea" or GetOperandValue(lea_r8, 0) != 8 or GetOpType(lea_r8, 0) != 1):
            lea_r8 = PrevHead(lea_r8)

        # find first lea rcx, table_ptr
        lea_rcx = PrevHead(reference)
        while (GetMnem(lea_rcx) != "lea" or GetOperandValue(lea_rcx, 0) != 1 or GetOpType(lea_rcx, 0) != 1):
            lea_rcx = PrevHead(lea_rcx)

        #find first mov edx, rec_count
        mov_edx = PrevHead(reference)
        while (GetMnem(mov_edx) != "mov" or GetOperandValue(mov_edx, 0) != 2 or GetOpType(mov_edx, 0) != 1):
            mov_edx = PrevHead(mov_edx)
            
        #print("lea_r8 = %X, lea_rcx = %X, mov_edx = %X" % (lea_r8,lea_rcx,mov_edx))
        size  = GetOperandValue(mov_edx, 1)
        table = GetOperandValue(lea_rcx, 1)
        ns    = GetOperandValue(lea_r8, 1)
        namesp= GetString(ns, -1, ASCSTR_C)

        DumpFunctionArray(reference, table, size, namesp)
        reference = RnextB(regFunc, reference)

DumpNamespaceFunc();
DumpGlobalFuncs();

luaFuncs.sort()

for i in xrange(0, len(luaFuncs)):
    print("MakeNameEx(0x%X, \"%s\", SN_NOWARN)" % (luaFuncs[i][1], luaFuncs[i][0]))
    MakeNameEx(luaFuncs[i][1], luaFuncs[i][0], SN_NOWARN)

https://gist.github.com/Konctantin/32975edb3d886d157918