Few ida Scripts menu
Follow us:

User Tag List

Results 1 to 6 of 6
  1. 10-30-2019 #1
    charles420's Avatar
    charles420
    charles420 is offline
    Contributor
    Reputation
    315
    Join Date
    Jun 2009
    Posts
    329
    Thanks G/R
    25/119
    Trade Feedback
    0 (0%)
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)

    Few ida Scripts

    Marks DB2'S for you

    Code:
    #include <ida.idc>
 
static main(){
    auto curAddr, xref;
 
	// DB2Load
	curAddr = FindBinary( 0, SEARCH_DOWN, "40 53 48 83 EC 50 48 89 51 08 48 8D 05 ? ? ? ? 48 89 01" );
	
    if ( curAddr == BADADDR ){
        Message("Can't find DB2Load, aborting...\n");
        return;
    }
 
    // time to loop through and find all cross references to the wow DB_Common_Load function we found above!
    for ( xref = RfirstB(curAddr); xref != BADADDR; xref = RnextB(curAddr, xref) ) {
        auto prevFunc, nextFunc, disasm, disasmAddr, dbAddress, dbNameAddress;
 
        prevFunc = PrevFunction( xref );
		nextFunc = NextFunction( xref );
        disasmAddr = xref;
		
		disasmAddr = PrevHead( disasmAddr, prevFunc );
		//Message("GetOperandValue at 0x%X\n", disasmAddr);
		disasm = GetDisasm( disasmAddr );
		if ( strstr( disasm, "lea" ) > -1 && strstr( disasm, "rcx" ) > -1 )
        {
			dbAddress = GetOperandValue(disasmAddr, 1);
			if ( dbAddress == BADADDR ){
				continue;
			}
		}
		else
		{
			continue;
		}
		
		disasmAddr = PrevHead( disasmAddr, prevFunc );
		//Message("disasmAddr at 0x%X\n", disasmAddr);
		disasm = GetDisasm( disasmAddr );
		//Message("disasm at 0x%X\n", disasm);
		if ( strstr( disasm, "lea" ) > -1 && strstr( disasm, "rdx" ) > -1 ) 
        {
			dbNameAddress = GetOperandValue(disasmAddr, 1);
			//Message("dbNameAddress at 0x%X\n", dbNameAddress);
			if ( dbNameAddress == BADADDR ){
				continue;
			}
		}
		else
		{
			continue;
		}
		
		auto dbName;
		dbName = WoWDb_GetName(dbNameAddress);
		
		if ( strlen(dbName) == 0 ){
        		break;
        	}
		
		RenameFunc( dbAddress, form( "%sDB", dbName ) );
		Message( "%s = 0x%x\n", dbName, dbAddress );
    }
}

// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
	auto dwRet;

	dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );

	if( dwRet == 0 )
	{
		auto sTemp, i;
		for( i = 0; i < 32; i++ )
		{
			sTemp = form( "%s_%i", sFunction, i );

			if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
			{
				Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
				break;
			}
		}
	}
	return dwRet;	
}
 
static WoWDb_GetName( dbBase ){
    auto dbName;
 
    dbName = GetString( Dword(dbBase), -1, ASCSTR_C );
 
    return substr( dbName, strstr( dbName, "\\" ) + 1, 30 );
}
    Marks Cvars for you

    Code:
    #include <idc.idc>

/************************************************************************
   Desc:		Label each cvar variable with its appropriate name
   Author:  kynox
   Credit:	bobbysing for RenameFunc
   Website: http://www.gamedeception.net
*************************************************************************/

// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
	auto dwRet;
    auto part = substr( GetFunctionName( dwAddress ), 0, 7 );
    
    if ( part != "Script_" )
    {
        auto oldName = GetFunctionName( dwAddress );
        
        dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );

        if( dwRet == 0 )
        {
            auto sTemp, i;
            
            for( i = 1; i < 32; i++ )
            {
                sTemp = form( "%s_%i", sFunction, i );

                if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
                {
                   // Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
                    break;
                }
            }
            
            if( i == 31)
                Message( "-- Error --: Failed to rename %s -> %s\n", oldName, sFunction );
        }
        else
            Message( "%s 0x%X\n" , sFunction,dwAddress );
    }
	
	return dwRet;	
}

static ExtractCvarDest( xRef )
{
	auto head, maxLoops;
	maxLoops = 20;
	head = PrevHead( xRef,8 );
	while ( maxLoops-- )
	{
		auto operandValue;
		if ( head == BADADDR )
			break;
		operandValue = GetOperandValue( head, 0 );
		if ( GetMnem( head ) == "mov" && SegName( operandValue ) == ".data" && GetOpnd( head, 1 ) == "rax" ) 
		{
			if ( strstr( GetOpnd( head, 0 ), "[" ) > -1 )
			{
				Message( "LabelCvars: [%X] Array registrations unsupported\n", head );
				break;
			}
			
			return operandValue;
		}
		
		head = NextHead( head, head + 8 );
	}
	
	return 0;
}

static ExtractCvarName( xRef )
{
	auto head;
	head = PrevHead( xRef - 0xc, 8 );
	while ( 1 )
	{
		auto operandValue;
		operandValue = GetOperandValue( head, 1 );
		if ( GetMnem( head ) == "lea" )
		{
			if ( SegName( operandValue ) != ".rdata" )
				break;			
			return GetString( operandValue, -1, ASCSTR_C );
		}
		
		head = PrevHead( head, 8 );
	}	
}

static main()
{
	auto cvarRegister, xRef;
	
	cvarRegister = FindBinary( 0, SEARCH_DOWN, "48 8B C4 55 56 41 55 41 57 48 83 EC 48" );
	Message("cvarRegister_RegisterFunction at 0x%X\n", cvarRegister);

	for( xRef = RfirstB( cvarRegister ); xRef != BADADDR; xRef = RnextB( cvarRegister, xRef ) )
	{
		auto cvarDest, cvarName;
		cvarName = ExtractCvarName( xRef );
		cvarDest = ExtractCvarDest( xRef );
		
		if ( cvarDest )		
		{
			RenameFunc( cvarDest, form( "s_Cvar_%s", cvarName ) );
		}
	}
}
    Marks FrameScript_Object__FillScriptMethodTable Scripts

    Code:
    #include <idc.idc>

/************************************************************************
   Desc:		Label each lua function based on its appropriate name
   Author:  kynox 
   Credit:	bobbysing for RenameFunc
   Website: http://www.gamedeception.net
*************************************************************************/

// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
	auto dwRet;
    auto part = substr( GetFunctionName( dwAddress ), 0, 7 );
    
    if ( part != "Script_" )
    {
        auto oldName = GetFunctionName( dwAddress );
        
        dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );

        if( dwRet == 0 )
        {
            auto sTemp, i;
            
            for( i = 1; i < 32; i++ )
            {
                sTemp = form( "%s_%i", sFunction, i );

                if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
                {
                   // Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
                    break;
                }
            }
            
            if( i == 31)
                Message( "-- Error --: Failed to rename %s -> %s\n", oldName, sFunction );
        }
        else
            Message( "%s 0x%X\n" , sFunction,dwAddress );
    }
	
	return dwRet;	
}

static Luafunc_GetName( structAddr )
{
	return GetString( Qword( structAddr ), -1, ASCSTR_C );
}

static Luafunc_GetFunc( structAddr )
{
	return Qword( structAddr + 8 );
}

static HandleLuaFunc( structBase )
{
 	auto funcName, funcAddr;
    
	funcName = Luafunc_GetName( structBase );
	funcAddr = Luafunc_GetFunc( structBase );	
	RenameFunc( funcAddr, form( "CSimpleSlider_%s", funcName ) );
}

static main()
{
        auto registerFunc, xRef;
        registerFunc = registerFunc = FindBinary( 0, SEARCH_DOWN, "45 85 C0 7E 5B 48 89 5C 24 ? 48 89 74 24 ? 57 48 83 EC 20 48 8B DA 49 63 F0 48 8B F9 0F 1F 00 48 8B 13 48 8B CF E8 ? ? ? ? 48 8B 53 08" );
    
        Message("FrameScript_Object__FillScriptMethodTable at 0x%X\n", registerFunc);
	
        for( xRef = RfirstB( registerFunc ); xRef != BADADDR; xRef = RnextB( registerFunc, xRef ) )
        {
        auto structBase;
        auto numFuncs, i, blahh,operandValue;       

        blahh = ( xRef - 0xF );
        operandValue = GetOperandValue( blahh, 0 );
        if (operandValue == "0x2")
        {
        structBase = GetOperandValue( xRef - 0xF, 1 );
        numFuncs = GetOperandValue( xRef - 0x15, 1 ); // 5 works aswell but wrong
        } 
        else
        { 
        structBase = GetOperandValue( xRef - 0x7, 1 );
        numFuncs = GetOperandValue( xRef - 0xD, 1 );
        } 
		if ( numFuncs < 2000 && numFuncs > 0 )
		{
			//Message( "Found 0x%x, count: 0x%x\n", structBase, numFuncs);
            
			for ( i = 0; i < numFuncs; i++ )
			{
				HandleLuaFunc( structBase );
				structBase = structBase + 0x10;
			}	
		} 
	}
}
    Marks FrameScript__RegisterFunction Scripts

    Code:
    #include <idc.idc>

/************************************************************************
   Desc:		Label each lua function based on its appropriate name
   Author:  kynox
   Credit:	bobbysing for RenameFunc
   Website: http://www.gamedeception.net
*************************************************************************/

// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
	auto dwRet;
    auto part = substr( GetFunctionName( dwAddress ), 0, 7 );
    
    if ( part != "Script_" )
    {
        auto oldName = GetFunctionName( dwAddress );
        
        dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );

        if( dwRet == 0 )
        {
            auto sTemp, i;
            
            for( i = 1; i < 32; i++ )
            {
                sTemp = form( "%s_%i", sFunction, i );

                if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
                {
                   // Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
                    break;
                }
            }
            
            if( i == 31)
                Message( "-- Error --: Failed to rename %s -> %s\n", oldName, sFunction );
        }
        else
            Message( "%s 0x%X\n" , sFunction,dwAddress );
    }
	
	return dwRet;	
}

static Luafunc_GetName( structAddr )
{
	return GetString( Qword( structAddr ), -1, ASCSTR_C );
}

static Luafunc_GetFunc( structAddr )
{
	return Qword( structAddr + 8 );
}

static HandleLuaFunc( structBase )
{
 	auto funcName, funcAddr;
    
	funcName = Luafunc_GetName( structBase );
	funcAddr = Luafunc_GetFunc( structBase );	
	RenameFunc( funcAddr, form( "Script_%s", funcName ) );
}

// ToDo Add a check For These 2 Types 
//
// UnitExists
// SetTaxiMap

static main()
{
        auto registerFunc, xRef;
        registerFunc = registerFunc = FindBinary( 0, SEARCH_DOWN, "48 89 5C 24 ? 57 48 83 EC 20 48 8B 3D ? ? ? ? 48 8B D9 48 8B CF 45 33 C0 E8 ? ? ? ? 48 8B D3 48 8B CF E8 ? ? ? ? BA ? ? ? ? 48 8B CF" );
    
        Message("FrameScript__RegisterFunction at 0x%X\n", registerFunc);
	
        for( xRef = RfirstB( registerFunc ); xRef != BADADDR; xRef = RnextB( registerFunc, xRef ) )
        {
        auto structBase;
        auto numFuncs, i, blahh,operandValue;
        
        blahh = ( xRef - 0xE );
        operandValue = GetOperandValue( blahh, 0 );
        //Message("blahh at 0x%X\n", blahh);
        //Message("operandValue at 0x%X\n", operandValue);
        if (operandValue == 0x3)
        {  
        structBase = GetOperandValue( xRef - 0xE, 1 );
        numFuncs = GetOperandValue( xRef + 0xB, 1 );
        }     
        else
        {
        structBase = GetOperandValue( xRef - 0x14, 1 );
        numFuncs = GetOperandValue( xRef + 0xB, 1 );
        }
        //else if
        // {
        //structBase = GetOperandValue( xRef - 0x1D, 1 ); // works for last few start struct
        //numFuncs = GetOperandValue( xRef + 0x14, 1 );  // hail mary for size of struct since mia 
        //}
    		if ( numFuncs < 1000 && numFuncs > 0 )
		{
			//Message( "Found 0x%x, count: 0x%x\n", structBase, numFuncs);
            
			for ( i = 0; i < numFuncs; i++ )
			{
				HandleLuaFunc( structBase );
				structBase = structBase + 0x10;
			}	
		} 
	}
}
    Marks FrameScript__RegisterFunctionNamespaceWithCount Scripts

    Code:
    #include <idc.idc>

/************************************************************************
   Desc:		Label each lua function based on its appropriate name
   Author:  kynox 
   Credit:	bobbysing for RenameFunc
   Website: http://www.gamedeception.net
*************************************************************************/

// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
	auto dwRet;
    auto part = substr( GetFunctionName( dwAddress ), 0, 7 );
    
    if ( part != "Script_" )
    {
        auto oldName = GetFunctionName( dwAddress );
        
        dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );

        if( dwRet == 0 )
        {
            auto sTemp, i;
            
            for( i = 1; i < 32; i++ )
            {
                sTemp = form( "%s_%i", sFunction, i );

                if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
                {
                   // Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
                    break;
                }
            }
            
            if( i == 31)
                Message( "-- Error --: Failed to rename %s -> %s\n", oldName, sFunction );
        }
        else
            Message( "%s 0x%X\n" , sFunction,dwAddress );
    }
	
	return dwRet;	
}


static Luafunc_GetName( structAddr )
{
	return GetString( Qword( structAddr ), -1, ASCSTR_C );
}

static Luafunc_GetFunc( structAddr )
{
	return Qword( structAddr + 8 );
}

static HandleLuaFunc( structBase )
{
 	auto funcName, funcAddr;
    
	funcName = Luafunc_GetName( structBase );
	funcAddr = Luafunc_GetFunc( structBase );	
	RenameFunc( funcAddr, form( "Script_%s", funcName ) );
}
// Misses 2 Total Sets of labels because style i use to dump ToDo Fix This
//  C_WowTokenSecure
//  C_NewItems

static main()
{
        auto registerFunc, xRef;
        registerFunc = registerFunc = FindBinary( 0, SEARCH_DOWN, "48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 57 48 83 EC 20 48 8B 1D ? ? ? ? 48 8B F9 8B F2 48 8B CB 49 8B D0 49 8B E8 E8 ? ? ? ? BA ? ? ? ?" );
    
        Message("FrameScript__RegisterFunctionNamespaceWithCount at 0x%X\n", registerFunc);
	
        for( xRef = RfirstB( registerFunc ); xRef != BADADDR; xRef = RnextB( registerFunc, xRef ) )
        {
        auto structBase;
        auto numFuncs, i, blahh,operandValue;   
        
        blahh = ( xRef - 0x7 );
        operandValue = GetOperandValue( blahh, 0 );
        if (operandValue == 0x1)
        {  
        structBase = GetOperandValue( xRef - 0x7, 1 );
        numFuncs = GetOperandValue( xRef - 0xC, 1 );
        }     
        else
        {
        structBase = GetOperandValue( xRef - 0xB, 1 );
        numFuncs = GetOperandValue( xRef - 0x10, 1 );
        }

		if ( numFuncs < 1000 && numFuncs > 0 )
		{
			//Message( "Found 0x%x, count: 0x%x\n", structBase, numFuncs);
            
			for ( i = 0; i < numFuncs; i++ )
			{
				HandleLuaFunc( structBase );
				structBase = structBase + 0x10;
			}	
		} 
	}
}
    DumpEvents_CombatLog /// You Will Need a Folder IDC\\Output you can change if you like

    Code:
    #include <ida.idc>

static ExtractPath( sPath )
{
	auto dwIndex;
	for( dwIndex = strlen( sPath ); strstr( substr( sPath, dwIndex, -1 ), "\\" ); dwIndex-- );
	return substr( sPath, 0, dwIndex + 1 );
}

static GetTargetPath()
{
	return ExtractPath( GetIdbPath() ) + "IDC\\Output\\";
}


static main()
{
	auto sPath, hFile, dwTable, sString, iIndex, iMax, iStop;

	sPath = GetTargetPath() + "Events_CombatLog_Enum.cpp";
	hFile = fopen( sPath, "w" );
	if( hFile != -1 )
	{
		fprintf( hFile, "#include \"CWoWX.h\"\n" );
		fprintf( hFile, "const char * pszCombatLogEvents[][2] =\n{\n" );
		/// .data:000000000217F790 off_217F790     dq offset aEnvironmentalD In Ida for offset or ENVIRONMENTAL_DAMAGE strings 
		dwTable = 0x217F790;
		Message( "dwTable %x\n", dwTable );

		if( dwTable != BADADDR )
		{
			dwTable = ( dwTable );
			
			Message( "Found event table at %x\n", dwTable );

			iIndex = 0;
			while( 1 )
			{
				sString = GetString( Dword( dwTable + iIndex * 8 ), -1, ASCSTR_C );

				if( strlen( sString ) <= 0 )
					break;
				///
				///   TODO Add A Better End Stop	
				if( strstr( sString, "CombatLogResetFilter" ) != -1 )
					break;

				iStop = strstr( sString, "_" );
				
				fprintf( hFile, "\t{ \"%s\", \"%s\" }%s\n", substr( sString, 0, iStop ), substr( sString, iStop + 1, -1 ), (iIndex != iMax -1)? "," : "" );
				iIndex = iIndex + 1;
			}
		}
		fprintf( hFile, "};\n" );
		fclose( hFile );

		Message( "Successfully dumped %s.\n", sPath );
	}
	else
		Message( "Failed to open file %s.\n", sPath );
	sPath = GetTargetPath() + "Events_CombatLog_Enum.h";
	hFile = fopen( sPath, "w" );
	if( hFile != -1 )
	{
		fprintf( hFile, "#ifndef __EVENTS_COMBATLOG_ENUM_H__\n#define __EVENTS_COMBATLOG_ENUM_H__\n" );
		fprintf( hFile, "extern const char * pszCombatLogEvents[][2];\n\n" );
		fprintf( hFile, "#endif //__EVENTS_COMBATLOG_ENUM_H__" );
		fclose( hFile );
		Message( "Successfully dumped %s.\n", sPath );
	}
	else
		Message( "Failed to open file %s.\n", sPath );
	return 0;
}
    This Dumps Wow Events To ida window Note you have to put mouse on function also works for other things so i never put a start address but todo dump to file

    Code:
    #include <idc.idc>
static main(){
auto func , end , count, inst,operandValue, xRef, funcName, GetNameEffset, getname;

// Put Mouse on DELETE_ITEM_CONFIRM function will dump all the events to window todo dump to file

func = GetFunctionAttr(ScreenEA(),FUNCATTR_START);
if(func != -1){
end = GetFunctionAttr(func,FUNCATTR_END);
count = 0;
inst = func;
while (inst <end) {
count++;
inst = FindCode(inst,SEARCH_DOWN | SEARCH_NEXT);

if ( GetMnem( inst ) == "lea") 	
{
//Message( "%s 0x%X\n" , getname,inst );
operandValue = GetOperandValue( inst, 1 );
getname = GetString( operandValue, -1, ASCSTR_C );
Message( "%s\n" , getname );
//Message("FrameScript__RegisterFunction at 0x%X\n", inst);
}

}
Warning ("%s contains %d instructions \n",Name(func), count);
}
else
{
Warning("No function found at location %x ", ScreenEA());
}
}
    This Is Some Really Ugly Code Just pre warning It Grabs All wow Op code Info Vtables / CliPutWithMsgId // Op Code Offsets
    Its Not Perfect And idc Works for my needs I Have my version That Labels vtables /CliPutWithMsgId Based Of a Text File from dumping the names i marked / copyed and guessed from prev versions i haven't fully tested it yet vs patches so i'm not releasing the naming part for time being

    Code:
    #include <idc.idc>

/************************************************************************
   Desc:		Label each cvar variable with its appropriate name
   Author:  kynox
   Credit:	bobbysing for RenameFunc
   Website: http://www.gamedeception.net
*************************************************************************/

// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
	auto dwRet;

	dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );

	if( dwRet == 0 )
	{
		auto sTemp, i;
		for( i = 0; i < 32; i++ )
		{
			sTemp = form( "%s_%i", sFunction, i );

			if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
			{
				Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
				break;
			}
		}
	}
	return dwRet;	
}

// Gets Op Code Vtable 
static ExtractCvarDest( xRef )
{
	auto head, blahhhhhhhhhhhhh;
	head = ( xRef - 0x18 );
	Message("Op Vtable OffSet at 0x%X\n", head);
	//
	//Grabs Names of Labled Vtables To Make A Text File TO prase / Name Them Future
	//
	//blahhhhhhhhhhhhh = get_name(head);
	//Message( "%s,\n", blahhhhhhhhhhhhh );
}

/// get op code CliPutWithMsgId // op code offset
static ExtractCvarName( xRef )
{
	auto head,Blahhhhh,operandValue, OPOffSet;
	head = PrevHead( xRef , 0 ); // opcode function
	Blahhhhh = Dfirst( head );
            OPOffSet = ( Blahhhhh + 0x13 ); // 0x18  /// 0x1D
            if ( GetMnem( OPOffSet ) == "mov" && GetOpnd( OPOffSet, 0 ) == "edx" )  
            //
	//Grabs Names of Labled CliPutWithMsgId To Make A Text File TO prase / Name Them Future
	//
	//blahhhhhhhhhhhhh = get_name(head);
	//Message( "%s,\n", blahhhhhhhhhhhhh );
            operandValue = GetOperandValue( OPOffSet, 1 );
	if (operandValue > 100)
	{
	Message("CliPutWithMsgId at 0x%X\n", head);
	Message("OPCode OFF Set at 0x%X\n", operandValue);
	}
	else
	{
	OPOffSet = ( Blahhhhh + 0x18 ); // 0x18 // 0x1D
	operandValue = GetOperandValue( OPOffSet, 1 );
	if (operandValue > 100)
	{
	Message("CliPutWithMsgId at 0x%X\n", head);
	Message("OPCode OFF Set at 0x%X\n", operandValue);
	}
	else 
	{
	OPOffSet = ( Blahhhhh + 0x1D );// 0x7 // 0x12 // 0x1F
	operandValue = GetOperandValue( OPOffSet, 1 );
	if (operandValue > 100)
	{
	Message("CliPutWithMsgId at 0x%X\n", head);
	Message("OPCode OFF Set at 0x%X\n", operandValue);
	}
	else
	{
	// Message("not found ");
	}
        }
    }
}

static main()
{
	auto cvarRegister, xRef;
	
	cvarRegister = FindBinary( 0, SEARCH_DOWN, "48 8D 05 ? ? ? ? 48 89 02 33 C0 48 89 42 08 48 89 42 10 48 8B C2 C3 " );
	if ( cvarRegister == BADADDR )
	{
		Message( "LabelCvars: Failed to locate cvarRegister\n" );
		return;
	}
	
	for( xRef = DfirstB( cvarRegister ); xRef != BADADDR; xRef = DnextB( cvarRegister, xRef ) )
	{
		auto cvarDest, cvarName;
		cvarName = ExtractCvarName( xRef );
		cvarDest = ExtractCvarDest( xRef );
		
		if ( cvarDest )		
		{
			//RenameFunc( cvarDest, form( "%sDB", cvarName ) );
		       //     Message( "%s = 0x%x\n", cvarName, cvarDest );
			//RenameFunc( cvarDest, form( "s_Cvar_%s", cvarName ) );
		}
	}
}
    Last edited by charles420; 12-08-2019 at 11:47 PM.
    Reply With Quote Reply With Quote
    Few ida Scripts
  2. Post Thanks / Like - 8 Thanks
    Thanks Corthezz, xalcon, GlittPrizes, xbec, BYSCUIT, silverpieces, imzz, InnerSilence (8 members gave Thanks to charles420 for this useful post)
  3. 06-14-2022 #2
    Loonbg's Avatar
    Loonbg
    Loonbg is offline
    Member
    Reputation
    7
    Join Date
    Feb 2008
    Posts
    26
    Thanks G/R
    4/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
    /************************************************************************
   Desc:		Label each cvar variable with its appropriate name
   Author:  kynox
   Credit:	bobbysing for RenameFunc
   Website: http://www.gamedeception.net
*************************************************************************/

// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
	auto dwRet;

	dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );

	if( dwRet == 0 )
	{
		auto sTemp, i;
		for( i = 0; i < 32; i++ )
		{
			sTemp = form( "%s_%i", sFunction, i );

			if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
			{
				Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
				break;
			}
		}
	}
	return dwRet;	
}

// Gets Op Code Vtable 
static ExtractCvarDest( xRef )
{
	auto head, blahhhhhhhhhhhhh;
	head = ( xRef - 0x18 );
	Message("Op Vtable OffSet at 0x%X\n", head);
	//
	//Grabs Names of Labled Vtables To Make A Text File TO prase / Name Them Future
	//
	//blahhhhhhhhhhhhh = get_name(head);
	//Message( "%s,\n", blahhhhhhhhhhhhh );
}

/// get op code CliPutWithMsgId // op code offset
static ExtractCvarName( xRef )
{
	auto head,Blahhhhh,operandValue, OPOffSet;
	head = PrevHead( xRef , 0 ); // opcode function
	Blahhhhh = Dfirst( head );
            OPOffSet = ( Blahhhhh + 0x10 );
            if ( GetMnem( OPOffSet ) == "mov" && GetOpnd( OPOffSet, 0 ) == "edx" )  
            //
	//Grabs Names of Labled CliPutWithMsgId To Make A Text File TO prase / Name Them Future
	//
	//blahhhhhhhhhhhhh = get_name(head);
	//Message( "%s,\n", blahhhhhhhhhhhhh );
            operandValue = GetOperandValue( OPOffSet, 1 );
	if (operandValue > 100)
	{
	Message("CliPutWithMsgId at 0x%X\n", head);
	Message("OPCode OFF Set at 0x%X\n", operandValue);
	}
	else
	{
	OPOffSet = ( Blahhhhh + 0x18 ); // 0x18 // 0x1D
	operandValue = GetOperandValue( OPOffSet, 1 );
	if (operandValue > 100)
	{
	Message("CliPutWithMsgId at 0x%X\n", head);
	Message("OPCode OFF Set at 0x%X\n", operandValue);
	}
	else 
	{
	OPOffSet = ( Blahhhhh + 0x1D );// 0x7 // 0x12 // 0x1F
	operandValue = GetOperandValue( OPOffSet, 1 );
	if (operandValue > 100)
	{
	Message("CliPutWithMsgId at 0x%X\n", head);
	Message("OPCode OFF Set at 0x%X\n", operandValue);
	}
	else
	{
	// Message("not found ");
	}
        }
    }
}

static main()
{
	auto cvarRegister, xRef;
	
	cvarRegister = FindBinary( 0, SEARCH_DOWN, "48 8D 05 ? ? ? ? 48 89 02 33 C0 48 89 42 08 48 89 42 10 48 8B C2 C3 " );
	if ( cvarRegister == BADADDR )
	{
		Message( "LabelCvars: Failed to locate cvarRegister\n" );
		return;
	}
	
	for( xRef = DfirstB( cvarRegister ); xRef != BADADDR; xRef = DnextB( cvarRegister, xRef ) )
	{
		auto cvarDest, cvarName;
		cvarName = ExtractCvarName( xRef );
		cvarDest = ExtractCvarDest( xRef );
		
		if ( cvarDest )		
		{
			//RenameFunc( cvarDest, form( "%sDB", cvarName ) );
		       //     Message( "%s = 0x%x\n", cvarName, cvarDest );
			//RenameFunc( cvarDest, form( "s_Cvar_%s", cvarName ) );
		}
	}
}
    i using your ida script on 7.3.X version
    i already edit OPOffSet from 0x13 to 0x10 and it start to dump OPCode OFF Set but it still don't find all opcodes
    any idea why is show half of em ?
    Last edited by Loonbg; 06-18-2022 at 05:42 AM.
    Reply With Quote Reply With Quote
  4. 07-09-2023 #3
    charles420's Avatar
    charles420
    charles420 is offline
    Contributor
    Reputation
    315
    Join Date
    Jun 2009
    Posts
    329
    Thanks G/R
    25/119
    Trade Feedback
    0 (0%)
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    you have to be in game to get all them i believe they loaded extra after joining if i recall
    Reply With Quote Reply With Quote
  5. 07-09-2023 #4
    charles420's Avatar
    charles420
    charles420 is offline
    Contributor
    Reputation
    315
    Join Date
    Jun 2009
    Posts
    329
    Thanks G/R
    25/119
    Trade Feedback
    0 (0%)
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    as for my framescript dump with latest wow u need to change it to unregister pattern or fix your dumps i recommend fixing dump just because it will help you long run
    Last edited by charles420; 07-22-2023 at 01:49 PM.
    Reply With Quote Reply With Quote
  6. 11-12-2023 #5
    qop1832's Avatar
    qop1832
    qop1832 is offline
    Active Member
    Reputation
    21
    Join Date
    Dec 2021
    Posts
    52
    Thanks G/R
    17/9
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by charles420 View Post
    as for my framescript dump with latest wow u need to change it to unregister pattern or fix your dumps i recommend fixing dump just because it will help you long run
    Can you share the latest available IDA script? I found it on 1.14.4.51829 (Label each lua function based on its appropriate name). The registerFunc address is 0x6272a0. There was something wrong with the runtime and it couldn't be positioned correctly. I spent all night Time to try and fix it, but failed, maybe I need more time.
    Hello everyone, I'm a newbie~ Recently I'm trying to study how to execute API externally and get the return value of API, as well as the release of aoe spells, come on!
    Reply With Quote Reply With Quote
  7. Post Thanks / Like - 1 Thanks
    Thanks klumpen (1 members gave Thanks to qop1832 for this useful post)
  8. 11-13-2023 #6
    air999's Avatar
    air999
    air999 is offline
    Contributor
    Reputation
    131
    Join Date
    Nov 2014
    Posts
    102
    Thanks G/R
    9/62
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    100% you need more time.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. IDA script / plugin
    By violentmagician in forum WoW Memory Editing
    Replies: 5
    Last Post: 09-19-2012, 06:19 PM
  2. IDA Scripts
    By kynox in forum WoW Memory Editing
    Replies: 20
    Last Post: 08-13-2009, 10:51 AM
  3. [IDA Script] Label Packet Handlers
    By kynox in forum WoW Memory Editing
    Replies: 5
    Last Post: 07-26-2009, 08:08 AM
  4. Need a Coder for a Few Quick Scripts
    By HellgFails in forum Programming
    Replies: 2
    Last Post: 02-19-2009, 05:42 PM
  5. [Release] A few lua scripts
    By Lich King in forum World of Warcraft Emulator Servers
    Replies: 1
    Last Post: 03-31-2008, 08:27 PM
All times are GMT -5. The time now is 05:13 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search