def DecryptString0(addrDecryptFunction):
print "[+]DecryptString0"
#Get All Calls to this function
calls = idautils.CodeRefsTo(addrDecryptFunction, 1)
#Iterate all Calls Decrypt Strings
for call in calls:
print "[+]Call at 0x%08X %s" % (call, idc.GetFunctionName(call))
pDecrypted, pEncrypted = GetDecryptString0Parameters(call)
print "[+]Parameters: 0x%08X 0x%08X" % (pDecrypted, pEncrypted)
#Get String
szEncryptedString = idc.GetString(pEncrypted)
#Handle one Byte Empty Strings
if szEncryptedString == None:
#Read Byte
szEncryptedString = ""
idx = 0
while True:
byte = idc.Byte(pEncrypted + idx)
szEncryptedString += chr(byte)
if byte == 0:
break
idx += 1
szDecryptedString = DecryptString0Algo(szEncryptedString, 0xFE)
print "[+]Dec: \"%s\"" % szDecryptedString
print
#Rename and Add Comments
idc.MakeRptCmt(pEncrypted, szDecryptedString)
idc.MakeNameEx(pEncrypted, "crypt" + szDecryptedString, SN_NOCHECK | SN_NOWARN)
idc.MakeNameEx(pDecrypted, "" + szDecryptedString, SN_NOCHECK | SN_NOWARN)
#Patch decrypted Buffer and convert to String
idx = 0
for c in szDecryptedString:
idc.PatchByte(pDecrypted + idx, ord(c))
idx += 1
idc.PatchByte(pDecrypted + idx, 0)
idc.MakeStr(pDecrypted, pDecrypted + idx)
print
评论列表
文章目录
