This source file includes following definitions.
- isIdentifies
- isString
- main
1
2 #include <stdio.h>
3
4
5
6 #define DUMP_SIZE 0x400000
7
8 #define HOST_ADDR(addr) ((addr)-baseaddr+dump)
9
10 #define PEEKW(addr) (*(int*)HOST_ADDR(addr))
11
12 #define ADDR(idx) (baseaddr+(idx))
13
14 #define IS_METHOD(addr) (addr > baseaddr && addr < baseaddr+DUMP_SIZE && PEEKW(addr) != 0 && isString(HOST_ADDR(addr)) < 4)
15
16
17
18
19 #define MATCH_POSTFIX() printf("};\n")
20 #define MATCH_PREFIX() printf("#include <idc.idc>\nstatic main(){\n")
21
22 #define MATCH_FOUND(s, addr) printf("MakeNameEx(0x%x, \"%s\", SN_PUBLIC);\n", addr, s)
23
24
25 #define DEBUG(...)
26
27
28 int isIdentifies(char *str) {
29
30 char * start = str;
31
32 while (*str >= 'a' && *str <= 'z' || *str >= 'A' && *str <= 'Z' || *str == '_')
33 {
34 str++;
35 if (str - start > 50) return 0;
36 if (*str == 0) return (str-start);
37 }
38
39 return 0;
40
41 }
42
43 int isString(char *str) {
44
45 char * start = str;
46
47 while (*str >= 0x20 && *str < 0x7F || *str == 0x0A)
48 {
49 str++;
50 if (str - start > 500) return 0;
51 if (*str == 0) return (str-start);
52 }
53
54 return 0;
55
56 }
57
58 int main(int argc, char**argv){
59
60 int baseaddr;
61
62 if (argc < 2) {
63 printf("usage: <input dump file> <base address>\n");
64 return 1;
65 }
66
67 sscanf(argv[2], "%x", &baseaddr);
68
69 FILE *fd = fopen(argv[1], "r");
70 fseek(fd, 0, SEEK_SET);
71
72 char *dump = malloc(DUMP_SIZE);
73
74 fread(dump, 1, DUMP_SIZE, fd);
75
76
77
78 int sidx;
79 for(sidx = 0; sidx < DUMP_SIZE; sidx +=1) {
80
81 int idlen = isIdentifies(dump+sidx);
82
83 if ( idlen <= 3) {
84 sidx += idlen;
85 continue;
86 }
87
88 DEBUG("Searching for: %08x : %s\n", ADDR(sidx), HOST_ADDR(ADDR(sidx)));
89
90 int tidx;
91 for(tidx = 0; tidx < DUMP_SIZE; tidx +=4) {
92
93 if (PEEKW(ADDR(tidx)) == ADDR(sidx)) {
94
95 DEBUG("Found ref:%x\n", baseaddr+tidx);
96
97 if ( IS_METHOD(PEEKW(ADDR(tidx+4))) ) {
98 MATCH_FOUND(dump+sidx, PEEKW(ADDR(tidx+4)) );
99 }
100 }
101
102 }
103
104
105 sidx += idlen;
106 }
107
108
109 free(dump);
110 fclose(fd);
111
112 }