IDA Scripts

[Cypher]

Here's a (very sucky) IDA script to rename all the Lua callbacks:

Code:

from idaapi import *
from idc import *

# RegisterLuaCallback = 0x005C0920 (eso.live.1.0.0.941004)

def RenameFunc(callback, name):
  if MakeNameEx(callback, name, SN_NOCHECK | SN_NOWARN) is False:
    print "Failed to rename callback. Attempting to append suffix."
    renamed = False
    for i in range(1, 10):
      name2 = str(name) + "_" + str(i)
      if MakeNameEx(callback, name2, SN_NOCHECK | SN_NOWARN) is True:
        renamed = True
        break
    if renamed is not True:
      raise Exception, "Failed to rename callback"

ea = ScreenEA()

func = get_func(ea)

if func is None:
  raise Exception, "Invalid function for RegisterLuaCallback"

funcea = func.startEA
print "RegisterLuaCallback is function %s at 0x%x" % (GetFunctionName(funcea), funcea)

for ref in CodeRefsTo(funcea, 1):
  print "RegisterLuaCallback called from %s (0x%x)" % (GetFunctionName(ref), ref)
  namestr = GetString(Dword(ref - 7 + 1))
  print "Callback name is %s" % (namestr)
  callback = Dword(ref - 0xC + 1)
  print "Callback function is %s (0x%x)" % (GetFunctionName(callback), callback)
  newfuncname = "Lua_" + str(namestr)
  print "Renaming callback %s (0x%x) as %s" % (GetFunctionName(callback), callback, newfuncname)
  RenameFunc(callback, newfuncname)

print "Finished"

I'm lazy so you'll have to set the cursor to the RegisterLuaCallback function yourself, it won't find it for you (although I've put the offset in a comment so you don't have to).

And here's one to rename the metatables:

Code:

from idaapi import *
from idc import *

# RegisterLuaMetatable = 0x005BDA10 (eso.live.1.0.0.941004)

def RenameFunc(callback, name):
  if MakeNameEx(callback, name, SN_NOCHECK | SN_NOWARN) is False:
    print "Failed to rename callback. Attempting to append suffix."
    renamed = False
    for i in range(1, 10):
      name2 = str(name) + "_" + str(i)
      if MakeNameEx(callback, name2, SN_NOCHECK | SN_NOWARN) is True:
        renamed = True
        break
    if renamed is not True:
      raise Exception, "Failed to rename callback"

ea = ScreenEA()

func = get_func(ea)

if func is None:
  raise Exception, "Invalid function for RegisterLuaMetatable"

funcea = func.startEA
print "RegisterLuaMetatable is function %s at 0x%x" % (GetFunctionName(funcea), funcea)

for ref in CodeRefsTo(funcea, 1):
  print "RegisterLuaMetatable called from %s (0x%x)" % (GetFunctionName(ref), ref)
  namestr = GetString(Dword(ref - 5 + 1))
  print "Metatable name is %s" % (namestr)
  callback = Dword(ref - 0xF + 1)
  print "Metatable function is %s (0x%x)" % (GetFunctionName(callback), callback)
  newfuncname = "Lua_" + str(namestr)
  print "Renaming callback %s (0x%x) as %s" % (GetFunctionName(callback), callback, newfuncname)
  RenameFunc(callback, newfuncname)
  metatable = Dword(ref - 0xA + 1)
  print "Metatable is 0x%x" % (metatable)
  i = 0
  while Dword(metatable + i * 4) != 0:
    callbacknamestr = GetString(Dword(metatable + i * 4))
    callbackptr = Dword(metatable + i * 4 + 4)
    MakeUnkn(callbackptr, DOUNK_SIMPLE)
    MakeFunction(callbackptr)
    print "Callback function is %s (0x%x)" % (GetFunctionName(callbackptr), callbackptr)
    callbacknamestrnew = "Lua_" + str(namestr) + "_" + str(callbacknamestr)
    print "Renaming callback %s (0x%x) as %s" % (GetFunctionName(callbackptr), callbackptr, callbacknamestrnew)
    RenameFunc(callbackptr, callbacknamestrnew)
    i = i + 2

print "Finished"

Again, you'll have to set the cursor yourself, but I've put the offset in the script.

[viperbot]

*nevermind*

[Cypher]

Yeah I had tagged that as RegisterLuaEvent but apparently it's used for the enums also. Thanks!

Found the func to actually run Lua code? I was going to hunt for that tomorrow but I won't say no if you want to save me some time.

[viperbot]

No, but there is a ExecuteChatCommand lua function might call it eventually. (I believe, since as in wow, you can do /script luacode).

[Cypher]

No, but there is a ExecuteChatCommand lua function might call it eventually. (I believe, since as in wow, you can do /script luacode).

Yeah, I saw that one but I didn't see a 'script' chat command callback... I'm only looking statically though, so I may have missed it, but there's also no "RunScript" Lua callback like there is in WoW.

EDIT: There's definitely a /played callback and that's not in the strings. I thought I saw others but maybe I was wrong. So yeah, that's actually probably a good place to start, thanks for the tip. Just wish I could actually log into the world, it would make everything so much easier to be able to actually debug things.

[JuJuBoSc]

Found the func to actually run Lua code? I was going to hunt for that tomorrow but I won't say no if you want to save me some time.

For eso.live.1.0.0.941004 :

Code:

009BE020 char __thiscall ZoLuaVM::DoString(int this, const char *apBuffer, unsigned int aBufferSize, char aIsTrusted, const char *apIdentifier)

[Cypher]

For eso.live.1.0.0.941004 :

Code:

009BE020 char __thiscall ZoLuaVM::DoString(int this, const char *apBuffer, unsigned int aBufferSize, char aIsTrusted, const char *apIdentifier)

Thanks JuJu, you're awesome!

[viperbot]

@JuJuBoSc, if you dont mind giving a quick lesson. How do you find something like that? Hook a known lua funtion and work backwards?

[Sirmabus]

I made my own similar IDA Pro Python scripts to gather and name the Lua register methods and constants
(TESO API ref here: ESOUI API)

For the register methods it names them with the register name/label with a "_lua" suffix, and saves out a sorted list to "eso_lua_methods.csv".
For the constants ("global constants", "events", etc., as seen in the API docs) are saved to sorted list "eso_lua_constants.csv".
From here one could easily make these output to some sort of a header file et al.
TESO_Lua_Parser_Scripts.zip