Marks DB2'S for you
Code:
#include <ida.idc>
static main(){
auto curAddr, xref;
// DB2Load
curAddr = FindBinary( 0, SEARCH_DOWN, "40 53 48 83 EC 50 48 89 51 08 48 8D 05 ? ? ? ? 48 89 01" );
if ( curAddr == BADADDR ){
Message("Can't find DB2Load, aborting...\n");
return;
}
// time to loop through and find all cross references to the wow DB_Common_Load function we found above!
for ( xref = RfirstB(curAddr); xref != BADADDR; xref = RnextB(curAddr, xref) ) {
auto prevFunc, nextFunc, disasm, disasmAddr, dbAddress, dbNameAddress;
prevFunc = PrevFunction( xref );
nextFunc = NextFunction( xref );
disasmAddr = xref;
disasmAddr = PrevHead( disasmAddr, prevFunc );
//Message("GetOperandValue at 0x%X\n", disasmAddr);
disasm = GetDisasm( disasmAddr );
if ( strstr( disasm, "lea" ) > -1 && strstr( disasm, "rcx" ) > -1 )
{
dbAddress = GetOperandValue(disasmAddr, 1);
if ( dbAddress == BADADDR ){
continue;
}
}
else
{
continue;
}
disasmAddr = PrevHead( disasmAddr, prevFunc );
//Message("disasmAddr at 0x%X\n", disasmAddr);
disasm = GetDisasm( disasmAddr );
//Message("disasm at 0x%X\n", disasm);
if ( strstr( disasm, "lea" ) > -1 && strstr( disasm, "rdx" ) > -1 )
{
dbNameAddress = GetOperandValue(disasmAddr, 1);
//Message("dbNameAddress at 0x%X\n", dbNameAddress);
if ( dbNameAddress == BADADDR ){
continue;
}
}
else
{
continue;
}
auto dbName;
dbName = WoWDb_GetName(dbNameAddress);
if ( strlen(dbName) == 0 ){
break;
}
RenameFunc( dbAddress, form( "%sDB", dbName ) );
Message( "%s = 0x%x\n", dbName, dbAddress );
}
}
// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
auto dwRet;
dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );
if( dwRet == 0 )
{
auto sTemp, i;
for( i = 0; i < 32; i++ )
{
sTemp = form( "%s_%i", sFunction, i );
if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
{
Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
break;
}
}
}
return dwRet;
}
static WoWDb_GetName( dbBase ){
auto dbName;
dbName = GetString( Dword(dbBase), -1, ASCSTR_C );
return substr( dbName, strstr( dbName, "\\" ) + 1, 30 );
}
Marks Cvars for you
Code:
#include <idc.idc>
/************************************************************************
Desc: Label each cvar variable with its appropriate name
Author: kynox
Credit: bobbysing for RenameFunc
Website: http://www.gamedeception.net
*************************************************************************/
// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
auto dwRet;
auto part = substr( GetFunctionName( dwAddress ), 0, 7 );
if ( part != "Script_" )
{
auto oldName = GetFunctionName( dwAddress );
dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );
if( dwRet == 0 )
{
auto sTemp, i;
for( i = 1; i < 32; i++ )
{
sTemp = form( "%s_%i", sFunction, i );
if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
{
// Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
break;
}
}
if( i == 31)
Message( "-- Error --: Failed to rename %s -> %s\n", oldName, sFunction );
}
else
Message( "%s 0x%X\n" , sFunction,dwAddress );
}
return dwRet;
}
static ExtractCvarDest( xRef )
{
auto head, maxLoops;
maxLoops = 20;
head = PrevHead( xRef,8 );
while ( maxLoops-- )
{
auto operandValue;
if ( head == BADADDR )
break;
operandValue = GetOperandValue( head, 0 );
if ( GetMnem( head ) == "mov" && SegName( operandValue ) == ".data" && GetOpnd( head, 1 ) == "rax" )
{
if ( strstr( GetOpnd( head, 0 ), "[" ) > -1 )
{
Message( "LabelCvars: [%X] Array registrations unsupported\n", head );
break;
}
return operandValue;
}
head = NextHead( head, head + 8 );
}
return 0;
}
static ExtractCvarName( xRef )
{
auto head;
head = PrevHead( xRef - 0xc, 8 );
while ( 1 )
{
auto operandValue;
operandValue = GetOperandValue( head, 1 );
if ( GetMnem( head ) == "lea" )
{
if ( SegName( operandValue ) != ".rdata" )
break;
return GetString( operandValue, -1, ASCSTR_C );
}
head = PrevHead( head, 8 );
}
}
static main()
{
auto cvarRegister, xRef;
cvarRegister = FindBinary( 0, SEARCH_DOWN, "48 8B C4 55 56 41 55 41 57 48 83 EC 48" );
Message("cvarRegister_RegisterFunction at 0x%X\n", cvarRegister);
for( xRef = RfirstB( cvarRegister ); xRef != BADADDR; xRef = RnextB( cvarRegister, xRef ) )
{
auto cvarDest, cvarName;
cvarName = ExtractCvarName( xRef );
cvarDest = ExtractCvarDest( xRef );
if ( cvarDest )
{
RenameFunc( cvarDest, form( "s_Cvar_%s", cvarName ) );
}
}
}
Marks FrameScript_Object__FillScriptMethodTable Scripts
Code:
#include <idc.idc>
/************************************************************************
Desc: Label each lua function based on its appropriate name
Author: kynox
Credit: bobbysing for RenameFunc
Website: http://www.gamedeception.net
*************************************************************************/
// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
auto dwRet;
auto part = substr( GetFunctionName( dwAddress ), 0, 7 );
if ( part != "Script_" )
{
auto oldName = GetFunctionName( dwAddress );
dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );
if( dwRet == 0 )
{
auto sTemp, i;
for( i = 1; i < 32; i++ )
{
sTemp = form( "%s_%i", sFunction, i );
if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
{
// Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
break;
}
}
if( i == 31)
Message( "-- Error --: Failed to rename %s -> %s\n", oldName, sFunction );
}
else
Message( "%s 0x%X\n" , sFunction,dwAddress );
}
return dwRet;
}
static Luafunc_GetName( structAddr )
{
return GetString( Qword( structAddr ), -1, ASCSTR_C );
}
static Luafunc_GetFunc( structAddr )
{
return Qword( structAddr + 8 );
}
static HandleLuaFunc( structBase )
{
auto funcName, funcAddr;
funcName = Luafunc_GetName( structBase );
funcAddr = Luafunc_GetFunc( structBase );
RenameFunc( funcAddr, form( "CSimpleSlider_%s", funcName ) );
}
static main()
{
auto registerFunc, xRef;
registerFunc = registerFunc = FindBinary( 0, SEARCH_DOWN, "45 85 C0 7E 5B 48 89 5C 24 ? 48 89 74 24 ? 57 48 83 EC 20 48 8B DA 49 63 F0 48 8B F9 0F 1F 00 48 8B 13 48 8B CF E8 ? ? ? ? 48 8B 53 08" );
Message("FrameScript_Object__FillScriptMethodTable at 0x%X\n", registerFunc);
for( xRef = RfirstB( registerFunc ); xRef != BADADDR; xRef = RnextB( registerFunc, xRef ) )
{
auto structBase;
auto numFuncs, i, blahh,operandValue;
blahh = ( xRef - 0xF );
operandValue = GetOperandValue( blahh, 0 );
if (operandValue == "0x2")
{
structBase = GetOperandValue( xRef - 0xF, 1 );
numFuncs = GetOperandValue( xRef - 0x15, 1 ); // 5 works aswell but wrong
}
else
{
structBase = GetOperandValue( xRef - 0x7, 1 );
numFuncs = GetOperandValue( xRef - 0xD, 1 );
}
if ( numFuncs < 2000 && numFuncs > 0 )
{
//Message( "Found 0x%x, count: 0x%x\n", structBase, numFuncs);
for ( i = 0; i < numFuncs; i++ )
{
HandleLuaFunc( structBase );
structBase = structBase + 0x10;
}
}
}
}
Marks FrameScript__RegisterFunction Scripts
Code:
#include <idc.idc>
/************************************************************************
Desc: Label each lua function based on its appropriate name
Author: kynox
Credit: bobbysing for RenameFunc
Website: http://www.gamedeception.net
*************************************************************************/
// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
auto dwRet;
auto part = substr( GetFunctionName( dwAddress ), 0, 7 );
if ( part != "Script_" )
{
auto oldName = GetFunctionName( dwAddress );
dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );
if( dwRet == 0 )
{
auto sTemp, i;
for( i = 1; i < 32; i++ )
{
sTemp = form( "%s_%i", sFunction, i );
if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
{
// Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
break;
}
}
if( i == 31)
Message( "-- Error --: Failed to rename %s -> %s\n", oldName, sFunction );
}
else
Message( "%s 0x%X\n" , sFunction,dwAddress );
}
return dwRet;
}
static Luafunc_GetName( structAddr )
{
return GetString( Qword( structAddr ), -1, ASCSTR_C );
}
static Luafunc_GetFunc( structAddr )
{
return Qword( structAddr + 8 );
}
static HandleLuaFunc( structBase )
{
auto funcName, funcAddr;
funcName = Luafunc_GetName( structBase );
funcAddr = Luafunc_GetFunc( structBase );
RenameFunc( funcAddr, form( "Script_%s", funcName ) );
}
// ToDo Add a check For These 2 Types
//
// UnitExists
// SetTaxiMap
static main()
{
auto registerFunc, xRef;
registerFunc = registerFunc = FindBinary( 0, SEARCH_DOWN, "48 89 5C 24 ? 57 48 83 EC 20 48 8B 3D ? ? ? ? 48 8B D9 48 8B CF 45 33 C0 E8 ? ? ? ? 48 8B D3 48 8B CF E8 ? ? ? ? BA ? ? ? ? 48 8B CF" );
Message("FrameScript__RegisterFunction at 0x%X\n", registerFunc);
for( xRef = RfirstB( registerFunc ); xRef != BADADDR; xRef = RnextB( registerFunc, xRef ) )
{
auto structBase;
auto numFuncs, i, blahh,operandValue;
blahh = ( xRef - 0xE );
operandValue = GetOperandValue( blahh, 0 );
//Message("blahh at 0x%X\n", blahh);
//Message("operandValue at 0x%X\n", operandValue);
if (operandValue == 0x3)
{
structBase = GetOperandValue( xRef - 0xE, 1 );
numFuncs = GetOperandValue( xRef + 0xB, 1 );
}
else
{
structBase = GetOperandValue( xRef - 0x14, 1 );
numFuncs = GetOperandValue( xRef + 0xB, 1 );
}
//else if
// {
//structBase = GetOperandValue( xRef - 0x1D, 1 ); // works for last few start struct
//numFuncs = GetOperandValue( xRef + 0x14, 1 ); // hail mary for size of struct since mia
//}
if ( numFuncs < 1000 && numFuncs > 0 )
{
//Message( "Found 0x%x, count: 0x%x\n", structBase, numFuncs);
for ( i = 0; i < numFuncs; i++ )
{
HandleLuaFunc( structBase );
structBase = structBase + 0x10;
}
}
}
}
Marks FrameScript__RegisterFunctionNamespaceWithCount Scripts
Code:
#include <idc.idc>
/************************************************************************
Desc: Label each lua function based on its appropriate name
Author: kynox
Credit: bobbysing for RenameFunc
Website: http://www.gamedeception.net
*************************************************************************/
// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
auto dwRet;
auto part = substr( GetFunctionName( dwAddress ), 0, 7 );
if ( part != "Script_" )
{
auto oldName = GetFunctionName( dwAddress );
dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );
if( dwRet == 0 )
{
auto sTemp, i;
for( i = 1; i < 32; i++ )
{
sTemp = form( "%s_%i", sFunction, i );
if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
{
// Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
break;
}
}
if( i == 31)
Message( "-- Error --: Failed to rename %s -> %s\n", oldName, sFunction );
}
else
Message( "%s 0x%X\n" , sFunction,dwAddress );
}
return dwRet;
}
static Luafunc_GetName( structAddr )
{
return GetString( Qword( structAddr ), -1, ASCSTR_C );
}
static Luafunc_GetFunc( structAddr )
{
return Qword( structAddr + 8 );
}
static HandleLuaFunc( structBase )
{
auto funcName, funcAddr;
funcName = Luafunc_GetName( structBase );
funcAddr = Luafunc_GetFunc( structBase );
RenameFunc( funcAddr, form( "Script_%s", funcName ) );
}
// Misses 2 Total Sets of labels because style i use to dump ToDo Fix This
// C_WowTokenSecure
// C_NewItems
static main()
{
auto registerFunc, xRef;
registerFunc = registerFunc = FindBinary( 0, SEARCH_DOWN, "48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 57 48 83 EC 20 48 8B 1D ? ? ? ? 48 8B F9 8B F2 48 8B CB 49 8B D0 49 8B E8 E8 ? ? ? ? BA ? ? ? ?" );
Message("FrameScript__RegisterFunctionNamespaceWithCount at 0x%X\n", registerFunc);
for( xRef = RfirstB( registerFunc ); xRef != BADADDR; xRef = RnextB( registerFunc, xRef ) )
{
auto structBase;
auto numFuncs, i, blahh,operandValue;
blahh = ( xRef - 0x7 );
operandValue = GetOperandValue( blahh, 0 );
if (operandValue == 0x1)
{
structBase = GetOperandValue( xRef - 0x7, 1 );
numFuncs = GetOperandValue( xRef - 0xC, 1 );
}
else
{
structBase = GetOperandValue( xRef - 0xB, 1 );
numFuncs = GetOperandValue( xRef - 0x10, 1 );
}
if ( numFuncs < 1000 && numFuncs > 0 )
{
//Message( "Found 0x%x, count: 0x%x\n", structBase, numFuncs);
for ( i = 0; i < numFuncs; i++ )
{
HandleLuaFunc( structBase );
structBase = structBase + 0x10;
}
}
}
}
DumpEvents_CombatLog /// You Will Need a Folder IDC\\Output you can change if you like
Code:
#include <ida.idc>
static ExtractPath( sPath )
{
auto dwIndex;
for( dwIndex = strlen( sPath ); strstr( substr( sPath, dwIndex, -1 ), "\\" ); dwIndex-- );
return substr( sPath, 0, dwIndex + 1 );
}
static GetTargetPath()
{
return ExtractPath( GetIdbPath() ) + "IDC\\Output\\";
}
static main()
{
auto sPath, hFile, dwTable, sString, iIndex, iMax, iStop;
sPath = GetTargetPath() + "Events_CombatLog_Enum.cpp";
hFile = fopen( sPath, "w" );
if( hFile != -1 )
{
fprintf( hFile, "#include \"CWoWX.h\"\n" );
fprintf( hFile, "const char * pszCombatLogEvents[][2] =\n{\n" );
/// .data:000000000217F790 off_217F790 dq offset aEnvironmentalD In Ida for offset or ENVIRONMENTAL_DAMAGE strings
dwTable = 0x217F790;
Message( "dwTable %x\n", dwTable );
if( dwTable != BADADDR )
{
dwTable = ( dwTable );
Message( "Found event table at %x\n", dwTable );
iIndex = 0;
while( 1 )
{
sString = GetString( Dword( dwTable + iIndex * 8 ), -1, ASCSTR_C );
if( strlen( sString ) <= 0 )
break;
///
/// TODO Add A Better End Stop
if( strstr( sString, "CombatLogResetFilter" ) != -1 )
break;
iStop = strstr( sString, "_" );
fprintf( hFile, "\t{ \"%s\", \"%s\" }%s\n", substr( sString, 0, iStop ), substr( sString, iStop + 1, -1 ), (iIndex != iMax -1)? "," : "" );
iIndex = iIndex + 1;
}
}
fprintf( hFile, "};\n" );
fclose( hFile );
Message( "Successfully dumped %s.\n", sPath );
}
else
Message( "Failed to open file %s.\n", sPath );
sPath = GetTargetPath() + "Events_CombatLog_Enum.h";
hFile = fopen( sPath, "w" );
if( hFile != -1 )
{
fprintf( hFile, "#ifndef __EVENTS_COMBATLOG_ENUM_H__\n#define __EVENTS_COMBATLOG_ENUM_H__\n" );
fprintf( hFile, "extern const char * pszCombatLogEvents[][2];\n\n" );
fprintf( hFile, "#endif //__EVENTS_COMBATLOG_ENUM_H__" );
fclose( hFile );
Message( "Successfully dumped %s.\n", sPath );
}
else
Message( "Failed to open file %s.\n", sPath );
return 0;
}
This Dumps Wow Events To ida window Note you have to put mouse on function also works for other things so i never put a start address but todo dump to file
Code:
#include <idc.idc>
static main(){
auto func , end , count, inst,operandValue, xRef, funcName, GetNameEffset, getname;
// Put Mouse on DELETE_ITEM_CONFIRM function will dump all the events to window todo dump to file
func = GetFunctionAttr(ScreenEA(),FUNCATTR_START);
if(func != -1){
end = GetFunctionAttr(func,FUNCATTR_END);
count = 0;
inst = func;
while (inst <end) {
count++;
inst = FindCode(inst,SEARCH_DOWN | SEARCH_NEXT);
if ( GetMnem( inst ) == "lea")
{
//Message( "%s 0x%X\n" , getname,inst );
operandValue = GetOperandValue( inst, 1 );
getname = GetString( operandValue, -1, ASCSTR_C );
Message( "%s\n" , getname );
//Message("FrameScript__RegisterFunction at 0x%X\n", inst);
}
}
Warning ("%s contains %d instructions \n",Name(func), count);
}
else
{
Warning("No function found at location %x ", ScreenEA());
}
}
This Is Some Really Ugly Code Just pre warning It Grabs All wow Op code Info Vtables / CliPutWithMsgId // Op Code Offsets
Its Not Perfect And idc Works for my needs I Have my version That Labels vtables /CliPutWithMsgId Based Of a Text File from dumping the names i marked / copyed and guessed from prev versions i haven't fully tested it yet vs patches so i'm not releasing the naming part for time being
Code:
#include <idc.idc>
/************************************************************************
Desc: Label each cvar variable with its appropriate name
Author: kynox
Credit: bobbysing for RenameFunc
Website: http://www.gamedeception.net
*************************************************************************/
// 1 = Success, 0 = Failure
static RenameFunc( dwAddress, sFunction )
{
auto dwRet;
dwRet = MakeNameEx( dwAddress, sFunction, SN_NOWARN );
if( dwRet == 0 )
{
auto sTemp, i;
for( i = 0; i < 32; i++ )
{
sTemp = form( "%s_%i", sFunction, i );
if( ( dwRet = MakeNameEx( dwAddress, sTemp, SN_NOWARN ) ) != 0 )
{
Message( "Info: Renamed to %s instead of %s\n", sTemp, sFunction );
break;
}
}
}
return dwRet;
}
// Gets Op Code Vtable
static ExtractCvarDest( xRef )
{
auto head, blahhhhhhhhhhhhh;
head = ( xRef - 0x18 );
Message("Op Vtable OffSet at 0x%X\n", head);
//
//Grabs Names of Labled Vtables To Make A Text File TO prase / Name Them Future
//
//blahhhhhhhhhhhhh = get_name(head);
//Message( "%s,\n", blahhhhhhhhhhhhh );
}
/// get op code CliPutWithMsgId // op code offset
static ExtractCvarName( xRef )
{
auto head,Blahhhhh,operandValue, OPOffSet;
head = PrevHead( xRef , 0 ); // opcode function
Blahhhhh = Dfirst( head );
OPOffSet = ( Blahhhhh + 0x13 ); // 0x18 /// 0x1D
if ( GetMnem( OPOffSet ) == "mov" && GetOpnd( OPOffSet, 0 ) == "edx" )
//
//Grabs Names of Labled CliPutWithMsgId To Make A Text File TO prase / Name Them Future
//
//blahhhhhhhhhhhhh = get_name(head);
//Message( "%s,\n", blahhhhhhhhhhhhh );
operandValue = GetOperandValue( OPOffSet, 1 );
if (operandValue > 100)
{
Message("CliPutWithMsgId at 0x%X\n", head);
Message("OPCode OFF Set at 0x%X\n", operandValue);
}
else
{
OPOffSet = ( Blahhhhh + 0x18 ); // 0x18 // 0x1D
operandValue = GetOperandValue( OPOffSet, 1 );
if (operandValue > 100)
{
Message("CliPutWithMsgId at 0x%X\n", head);
Message("OPCode OFF Set at 0x%X\n", operandValue);
}
else
{
OPOffSet = ( Blahhhhh + 0x1D );// 0x7 // 0x12 // 0x1F
operandValue = GetOperandValue( OPOffSet, 1 );
if (operandValue > 100)
{
Message("CliPutWithMsgId at 0x%X\n", head);
Message("OPCode OFF Set at 0x%X\n", operandValue);
}
else
{
// Message("not found ");
}
}
}
}
static main()
{
auto cvarRegister, xRef;
cvarRegister = FindBinary( 0, SEARCH_DOWN, "48 8D 05 ? ? ? ? 48 89 02 33 C0 48 89 42 08 48 89 42 10 48 8B C2 C3 " );
if ( cvarRegister == BADADDR )
{
Message( "LabelCvars: Failed to locate cvarRegister\n" );
return;
}
for( xRef = DfirstB( cvarRegister ); xRef != BADADDR; xRef = DnextB( cvarRegister, xRef ) )
{
auto cvarDest, cvarName;
cvarName = ExtractCvarName( xRef );
cvarDest = ExtractCvarDest( xRef );
if ( cvarDest )
{
//RenameFunc( cvarDest, form( "%sDB", cvarName ) );
// Message( "%s = 0x%x\n", cvarName, cvarDest );
//RenameFunc( cvarDest, form( "s_Cvar_%s", cvarName ) );
}
}
}