Inprise
چهارشنبه 14 اردیبهشت 1384, 17:01 عصر
سلام؛
<span dir=ltr>Creates pseudo-c code to aid you in the progress of decompiling a target. Of course, the script doesn't give you accurate results. It doesn't have any dataflow analysis nor doese it handle every mnemonic/code structure</span>
بسته به نسخهء مورد استفاده :
// pseudo_c.idc v1.02 by trapflag
//
// Creates pseudo-c code to aid you in the progress
// of decompiling a target. Of course, the script doesn't
// give you accurate results. It doesn't have any dataflow analysis
// nor doese it handle every mnemonic/code structure.
// My intention was to play a bit with the IDC scripting
// language. The messy code is due to the limited instruction set of
// the idc language. Go, code a plugin or help extending desquirr :)
//
// What's new:
//
// Jan,9th,2004:
//
// - script can track back stdcall function parameters.
// assumes stdcall for every function tho ;-\
//
// by default, the script adds comments to the database.
// This can be turned off by commenting the '#define OVERRIDE' line.
#define OVERRIDE
#include "idc.idc"
static NextMnem(ea)
{
auto mnem, nexthead;
nexthead = NextHead(ea, FindFuncEnd( ea ));
mnem = GetMnem(nexthead);
return mnem;
}
static GetParamCount(ea)
{
auto nextea;
//spdif = GetSpDiff(ea) - GetSpd(ea);
nextea = NextHead(ea, FindFuncEnd( ea ));
// Message("%x params\n",GetSpDiff(nextea)/4);
return (GetSpDiff(nextea)/4);
}
static GetParamEa(ea,n)
{
auto i,tempea,actualparam;
i=0;
tempea=ea;
actualparam = n;
while(i!=actualparam)
{
tempea=PrevHead(tempea,0);
if(GetMnem(tempea)=="call")
actualparam = actualparam + GetParamCount(tempea);
else if(GetMnem(tempea)=="push")
i++;
}
return tempea;
}
static NextOpnd0(ea)
{
auto mnem, nexthead;
nexthead = NextHead(ea, FindFuncEnd( ea ));
return GetOpnd(nexthead,0);
}
static NextOpnd1(ea)
{
auto mnem, nexthead;
nexthead = NextHead(ea, FindFuncEnd( ea ));
return GetOpnd(nexthead,1);
}
static main()
{
auto ea, nextea, screenea,funcend,mnem,opnd0,opnd1,output,spdif,i;
screenea = ScreenEA();
Message("funcend %08X\n"FindFuncEnd(screenea));
funcend=FindFuncEnd(screenea);
for (ea=screenea;ea<=funcend;ea=NextHead(ea, funcend))
{
//Message(GetCurrentLine());
//Message(GetMnem(ea));
mnem = GetMnem(ea);
opnd0 = GetOpnd(ea,0);
opnd1 = GetOpnd(ea,1);
if (ea==BADADDR) break;
Message("%08X: ",ea);
if( strstr( mnem,"jmp" ) != -1)
{
output = "goto "+opnd0;
}
else if( strstr( mnem,"mov" ) != -1)
{
output= opnd0 + " = " + opnd1;
}
else if( strstr( mnem,"call" ) != -1)
{
output = opnd0 + "(";
if(GetParamCount(ea)>0)
{
for(i=1;i<=GetParamCount(ea);i++)
{
output = output+GetOpnd(GetParamEa(ea,i),0);
if(i>=1 && i!=GetParamCount(ea)) output=output+", ";
}
}
output = output + ")";
// output= opnd0 + "("+ltoa(GetParamCount(ea),10)+")";
}
else if( strstr( mnem,"lea" ) != -1 & strstr( mnem,"leave" ) == -1)
{
output= opnd0 + " = &" + opnd1;
}
else if( strstr( mnem,"cmp" ) != -1)
{
if ( NextMnem(ea) == "jz" )
{
output= "if ("+opnd0+" == "+opnd1+") ";
ea = NextHead(ea,funcend);
output=output+"goto "+GetOpnd(ea,0);
}
else if ( NextMnem(ea) == "jnz" )
{
output= "if ("+opnd0+" != "+opnd1+") ";
ea = NextHead(ea,funcend);
output=output+"goto "+GetOpnd(ea,0);
}
//Message(opnd0 + " = &" + opnd1);
}
else if( strstr( mnem,"test" ) != -1)
{
if ( GetOpnd(ea,0) == GetOpnd(ea,1) )
if ( NextMnem(ea) == "jnz" )
{
output="if ("+opnd0+" != 0) ";
ea = NextHead(ea,funcend);
output=output+"goto "+GetOpnd(ea,0);
}
else if ( NextMnem(ea) == "jz" )
{
output="if ("+opnd0+" == 0) ";
ea = NextHead(ea,funcend);
output=output+"goto "+GetOpnd(ea,0);
}
}
else if( strstr( mnem,"dec" ) != -1)
{
output=opnd0 + "--";
}
else if( strstr( mnem,"inc" ) != -1)
{
output=opnd0 + "++";
}
else if( strstr( mnem,"xor" ) != -1)
{
if( opnd0 == opnd1 )
{
if ( NextMnem(ea) == "inc" && NextOpnd0(ea) == GetOpnd(ea,0) )
{
output=GetOpnd(ea,0)+" = 1";
ea = NextHead(ea,funcend);
}
else output= opnd0 + " = 0";
}
else output=opnd0 + " ^= " + opnd1;
}
else if( strstr( mnem,"add" ) != -1)
{
output=opnd0+ " += "+opnd1;
}
else if( strstr( mnem,"sub" ) != -1)
{
output=opnd0+ " -= "+opnd1;
}
else if( strstr( mnem,"ret" ) != -1)
{
output="return";
}
else output = "";//="???";//Message("???");
if(output!="") output = output + ";";
#ifdef OVERRIDE
//SetManualInsn(ea,output);
MakeComm(ea,output);
#endif
Message(output+"\n");
output="";
}
}
به من که خیلی کمک میکنه ، حتما" ازش استفاده کنید .
http://img94.echo.cx/img94/8554/psc6me.jpg
:)
<span dir=ltr>Creates pseudo-c code to aid you in the progress of decompiling a target. Of course, the script doesn't give you accurate results. It doesn't have any dataflow analysis nor doese it handle every mnemonic/code structure</span>
بسته به نسخهء مورد استفاده :
// pseudo_c.idc v1.02 by trapflag
//
// Creates pseudo-c code to aid you in the progress
// of decompiling a target. Of course, the script doesn't
// give you accurate results. It doesn't have any dataflow analysis
// nor doese it handle every mnemonic/code structure.
// My intention was to play a bit with the IDC scripting
// language. The messy code is due to the limited instruction set of
// the idc language. Go, code a plugin or help extending desquirr :)
//
// What's new:
//
// Jan,9th,2004:
//
// - script can track back stdcall function parameters.
// assumes stdcall for every function tho ;-\
//
// by default, the script adds comments to the database.
// This can be turned off by commenting the '#define OVERRIDE' line.
#define OVERRIDE
#include "idc.idc"
static NextMnem(ea)
{
auto mnem, nexthead;
nexthead = NextHead(ea, FindFuncEnd( ea ));
mnem = GetMnem(nexthead);
return mnem;
}
static GetParamCount(ea)
{
auto nextea;
//spdif = GetSpDiff(ea) - GetSpd(ea);
nextea = NextHead(ea, FindFuncEnd( ea ));
// Message("%x params\n",GetSpDiff(nextea)/4);
return (GetSpDiff(nextea)/4);
}
static GetParamEa(ea,n)
{
auto i,tempea,actualparam;
i=0;
tempea=ea;
actualparam = n;
while(i!=actualparam)
{
tempea=PrevHead(tempea,0);
if(GetMnem(tempea)=="call")
actualparam = actualparam + GetParamCount(tempea);
else if(GetMnem(tempea)=="push")
i++;
}
return tempea;
}
static NextOpnd0(ea)
{
auto mnem, nexthead;
nexthead = NextHead(ea, FindFuncEnd( ea ));
return GetOpnd(nexthead,0);
}
static NextOpnd1(ea)
{
auto mnem, nexthead;
nexthead = NextHead(ea, FindFuncEnd( ea ));
return GetOpnd(nexthead,1);
}
static main()
{
auto ea, nextea, screenea,funcend,mnem,opnd0,opnd1,output,spdif,i;
screenea = ScreenEA();
Message("funcend %08X\n"FindFuncEnd(screenea));
funcend=FindFuncEnd(screenea);
for (ea=screenea;ea<=funcend;ea=NextHead(ea, funcend))
{
//Message(GetCurrentLine());
//Message(GetMnem(ea));
mnem = GetMnem(ea);
opnd0 = GetOpnd(ea,0);
opnd1 = GetOpnd(ea,1);
if (ea==BADADDR) break;
Message("%08X: ",ea);
if( strstr( mnem,"jmp" ) != -1)
{
output = "goto "+opnd0;
}
else if( strstr( mnem,"mov" ) != -1)
{
output= opnd0 + " = " + opnd1;
}
else if( strstr( mnem,"call" ) != -1)
{
output = opnd0 + "(";
if(GetParamCount(ea)>0)
{
for(i=1;i<=GetParamCount(ea);i++)
{
output = output+GetOpnd(GetParamEa(ea,i),0);
if(i>=1 && i!=GetParamCount(ea)) output=output+", ";
}
}
output = output + ")";
// output= opnd0 + "("+ltoa(GetParamCount(ea),10)+")";
}
else if( strstr( mnem,"lea" ) != -1 & strstr( mnem,"leave" ) == -1)
{
output= opnd0 + " = &" + opnd1;
}
else if( strstr( mnem,"cmp" ) != -1)
{
if ( NextMnem(ea) == "jz" )
{
output= "if ("+opnd0+" == "+opnd1+") ";
ea = NextHead(ea,funcend);
output=output+"goto "+GetOpnd(ea,0);
}
else if ( NextMnem(ea) == "jnz" )
{
output= "if ("+opnd0+" != "+opnd1+") ";
ea = NextHead(ea,funcend);
output=output+"goto "+GetOpnd(ea,0);
}
//Message(opnd0 + " = &" + opnd1);
}
else if( strstr( mnem,"test" ) != -1)
{
if ( GetOpnd(ea,0) == GetOpnd(ea,1) )
if ( NextMnem(ea) == "jnz" )
{
output="if ("+opnd0+" != 0) ";
ea = NextHead(ea,funcend);
output=output+"goto "+GetOpnd(ea,0);
}
else if ( NextMnem(ea) == "jz" )
{
output="if ("+opnd0+" == 0) ";
ea = NextHead(ea,funcend);
output=output+"goto "+GetOpnd(ea,0);
}
}
else if( strstr( mnem,"dec" ) != -1)
{
output=opnd0 + "--";
}
else if( strstr( mnem,"inc" ) != -1)
{
output=opnd0 + "++";
}
else if( strstr( mnem,"xor" ) != -1)
{
if( opnd0 == opnd1 )
{
if ( NextMnem(ea) == "inc" && NextOpnd0(ea) == GetOpnd(ea,0) )
{
output=GetOpnd(ea,0)+" = 1";
ea = NextHead(ea,funcend);
}
else output= opnd0 + " = 0";
}
else output=opnd0 + " ^= " + opnd1;
}
else if( strstr( mnem,"add" ) != -1)
{
output=opnd0+ " += "+opnd1;
}
else if( strstr( mnem,"sub" ) != -1)
{
output=opnd0+ " -= "+opnd1;
}
else if( strstr( mnem,"ret" ) != -1)
{
output="return";
}
else output = "";//="???";//Message("???");
if(output!="") output = output + ";";
#ifdef OVERRIDE
//SetManualInsn(ea,output);
MakeComm(ea,output);
#endif
Message(output+"\n");
output="";
}
}
به من که خیلی کمک میکنه ، حتما" ازش استفاده کنید .
http://img94.echo.cx/img94/8554/psc6me.jpg
:)