You are viewing our Forum Archives. To view or take place in current topics click here.

Useful?

YES
71.43% (5 votes)
NO
28.57% (2 votes)

Total Votes: 7

[IDC]Ghosts Functions Labeller [IDA]
Posted:

[IDC]Ghosts Functions Labeller [IDA]Posted:

IDA
  • Powerhouse
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Right so im releasing a functions labeler (idc) for Ghosts, Basically when you run this in IDA with any ghosts TU loaded up it should grab the offsets. I have tested on TU10, TU9 and TU8 and it grabs the offsets perfectly, in future Tu's such as TU18 it may start to become a bit dodgy as binary's often change.

If you wonder the point of it, its the easiest way of updating offsets for those who dont really know what to do

If you want a offset to be added to this either do it your self using notepad or tell me to add and ill update it regularly..

Currently Grabs : 42 Offsets.

How to use :

1. open up ida with ghosts loaded
2. goto FILE>SCRIPTFILE then locate this idc, (alternately in ida just press "ALT F7")
3. wait for it to complete
4. offsets shall be found in the output window

Picture of ida after idc script ran :

[ Register or Signin to view external links. ]


Download :

[ Register or Signin to view external links. ]


Virus Scan (just incase) :

[ Register or Signin to view external links. ]

Update log:
- added more functions
- tidied code ( optimised )


If you dont know how what ida is or ask me futher how to use, i will be quite blunt as tbh its quite easy to use

EDIT : For the record in case you didn't know i am Parse/Parsing


Last edited by IDA ; edited 2 times in total
#2. Posted:
Bitwise
  • Resident Elite
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Aaaaaaaaaaaaaaand this is why I released my IDC IDE. Nice I guess, Add more to it.
#3. Posted:
IDA
  • Powerhouse
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Bitwise wrote Aaaaaaaaaaaaaaand this is why I released my IDC IDE. Nice I guess, Add more to it.


yup thing is i dont think alot of people know what the **** to do otherwise your thread would have more replies and so would this i guess
#4. Posted:
Bitwise
  • Resident Elite
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
IDA wrote
Bitwise wrote Aaaaaaaaaaaaaaand this is why I released my IDC IDE. Nice I guess, Add more to it.


yup thing is i dont think alot of people know what the **** to do otherwise your thread would have more replies and so would this i guess


Download v0.0.3 to advance your script, didn't add every function ofcource would take forever but added afew cool ones.

Download it [ Register or Signin to view external links. ]
#5. Posted:
IDA
  • Powerhouse
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Bitwise wrote
IDA wrote
Bitwise wrote Aaaaaaaaaaaaaaand this is why I released my IDC IDE. Nice I guess, Add more to it.


yup thing is i dont think alot of people know what the **** to do otherwise your thread would have more replies and so would this i guess


Download v0.0.3 to advance your script, didn't add every function ofcource would take forever but added afew cool ones.

Download it [ Register or Signin to view external links. ]


cheers forgot about downloading it
#6. Posted:
TGK
  • TTG Senior
Status: Offline
Joined: Oct 03, 201311Year Member
Posts: 1,409
Reputation Power: 64
Status: Offline
Joined: Oct 03, 201311Year Member
Posts: 1,409
Reputation Power: 64
Do I put this on a USB and plug into my Xbox to get 10th?
I mean..erm...I will defo be using this. (and learning off the source)
#7. Posted:
Bitwise
  • Resident Elite
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Look into MakeFunction & MakeName/MakeNameEx at labeling the functions too ;)
#8. Posted:
IDA
  • Powerhouse
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Bitwise wrote Look into MakeFunction & MakeName/MakeNameEx at labeling the functions too ;)


Ok will do, thanks for help
#9. Posted:
Bitwise
  • Resident Elite
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
Status: Offline
Joined: Feb 09, 201410Year Member
Posts: 267
Reputation Power: 14
IDA wrote
Bitwise wrote Look into MakeFunction & MakeName/MakeNameEx at labeling the functions too ;)


Ok will do, thanks for help


It's simple. But can have bugs, but you can use things such as MakeUnknown so lets say if the function was already created, it would make it unknown again. Then create the function, then the name ect ect. I am still looking into creating the function type via IDC. I am not sure theres a function in idc.idc for it

EDIT: Do something like this;

if(IsFunc(function))
{
   MakeUnknown(function);
}
else
{
   MakeFunction(function, functionlengthhere, 0x00);
   MakeNameEx(function, "Function name here", 0x00);
}


Not been tested...

EDIT2:
Been testing...
You also need MakeCode too. I did it without it and it labeled it, but everything was null bytes XD so I instead looked in the documentation and found the function, it creates instruction at the address. the IDC looks like this;

#include<idc.idc>

static LabelFunction(name,binary,offset,length)
{
    auto function;
    for(function=0;function != BADADDR;function = function + 0x04)
    {
        function = FindBinary(function,SEARCH_DOWN,binary);
        if(function == BADADDR)
        {
            Message("%s could not be found in memory (%08X)\n", name, BADADDR);
            break;
        }
        else
        {
            auto math = function - offset;
            auto swag = function + length;
            MakeUnknown(math, length, 0x00);
            MakeCode(math);
            MakeFunction(math, swag);
            MakeNameEx(math, name, 0x00);
            Message("%s found in memory (%08X)\n", name, math);
            break;
        }
    }
}

static main()
{
    LabelFunction("SV_GameSendServerCommand", " 7D 69 40 2E 7D 43 51 D6  7C 6A 5A 14", 0x3C, 0x48);
}


Last edited by Bitwise ; edited 1 time in total
#10. Posted:
IDA
  • Powerhouse
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Status: Offline
Joined: Sep 21, 201311Year Member
Posts: 454
Reputation Power: 26
Bitwise wrote
IDA wrote
Bitwise wrote Look into MakeFunction & MakeName/MakeNameEx at labeling the functions too ;)


Ok will do, thanks for help


It's simple. But can have bugs, but you can use things such as MakeUnknown so lets say if the function was already created, it would make it unknown again. Then create the function, then the name ect ect. I am still looking into creating the function type via IDC. I am not sure theres a function in idc.idc for it

EDIT: Do something like this;

if(IsFunc(function))
{
   MakeUnknown(function);
}
else
{
   MakeFunction(function, functionlengthhere, 0x00);
   MakeNameEx(function, "Function name here", 0x00);
}


Not been tested...


Thanks, I'll try it out tomorrow should be handy ;)
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.