''' resolve_symbols.py: This script will xref a logging function and rename the function based on its string argument. Please note this may need tailoring to fit a particular situation. -Cody Pierce ''' import sys, os, time, re def get_string(ea): name = "" str_type = GetStringType(ea) if str_type == 0: while Byte(ea) != 0x00: name += chr(Byte(ea)) ea += 1 else: return None return name def get_arguments(ea): symname = None xref_ea = ea length = 384 if GetMnem(xref_ea) != "call": return False cur_ea = PrevHead(ea, xref_ea - length) while (cur_ea > xref_ea - length): cur_mnem = GetMnem(cur_ea); if cur_mnem == "push": op_type = GetOpType(cur_ea, 0) if op_type == 5: name = get_string(GetOperandValue(cur_ea, 0)) if name: # We need to match on the name some how if re.match('.*...$', name): symname = name elif cur_mnem == "call": # Do renaming bro if symname: funcname = GetFunctionName(cur_ea) try: funcea = get_func(cur_ea).startEA except: print "[!] Problem getting function %x" % cur_ea return None if re.match('sub_.*$', funcname): # If there is any processing that needs to be done do it here processed = symname.replace("...", "") print "[*] Adding %s to %x" % (processed, funcea) try: MakeNameEx(funcea, processed, 0) except: print "Couldnt make %s @ %x" % (processed, funcea) return None return processed else: return None else: break cur_ea = PrevHead(cur_ea, xref_ea - length) return None # This should be the top of the logging function we want to xref log_start = ScreenEA() xref_start = log_start xref_cur = RfirstB(xref_start) count = 0 while xref_cur != BADADDR: name = get_arguments(xref_cur) if name: count += 1 xref_cur = RnextB(xref_start, xref_cur) print "[*] Changed %d names" % count