def retrieveGetCompleteHook(ctx):
returnParams = ctx.getArgument(1).rawData()
# First 4-byte contains source bitmap handle, while the next contains mask bitmap handle.
(bitmapHandle, maskHandle) = struct.unpack('<LL', returnParams[:8])
symemu.emulog('Rendered icon to bitmap handle {}, mask handle {}', bitmapHandle, maskHandle)
def ipcCopyHook():
msgHandle = ctypes.c_long(symemu.Cpu.getReg(0)).value
msg = symemu.messageFromHandle(msgHandle)
if msg != None:
symemu.emulog('Message opcode: {}, sender: {}'.format(
msg.function(),
msg.sender().getName()))
def retrieveGetSendHook(ctx):
params = ctx.getArgument(0).rawData()
# First field of the param struct is a static UCS2 descriptor.
# That's the name of the file containg icon pool.
(fileNameMaxLen, filename) = StringUtils.getStaticUcs2String(params)
offsetStart = 8 + fileNameMaxLen * 2
# Extract the bitmap ID and mask ID. These all takes 4 bytes each
(bitmapId, maskId) = struct.unpack('<ll', params[offsetStart: offsetStart + 8])
symemu.emulog('From file {}, bitmap ID {}, mask ID {}', filename, bitmapId, maskId)
def serverDoConnectHook():
message2Ptr = cpu.getReg(1)
handle = symemu.readDword(message2Ptr)
func = symemu.readDword(message2Ptr + 4)
verMajor = symemu.readByte(message2Ptr + 8)
verMinor = symemu.readByte(message2Ptr + 9)
verBuild = symemu.readWord(message2Ptr + 10)
sessionPtr = symemu.readDword(message2Ptr + 24)
flag = symemu.readDword(message2Ptr + 28)
symemu.emulog('Func: {}, Version {}.{}({}), flag: {}', c_int(func),
verMajor, verMinor, verBuild, flag)
def scriptEntry():
# Load EUSER DLL.
seg = symemu.loadCodeseg('euser.dll')
# Print code runtime information
symemu.emulog('Runtime code address: 0x{:X}, size: 0x{:X}'.format(
seg.codeRunAddress(), seg.codeSize()))
symemu.emulog('Runtime data address: 0x{:X}, size: 0x{:X}'.format(
seg.dataRunAddress(), seg.dataSize()))
symemu.emulog('Runtime bss address: 0x{:X}, size: 0x{:X}'.format(
seg.bssRunAddress(), seg.bssSize()))
symemu.emulog('Total exports: {}'.format(seg.exportCount()))
symemu.emulog('Export 649 loaded address: 0x{:X}'.format(seg.lookup(649)))
def printStr(slot):
strPointer = symemu.Cpu.getReg(slot)
process = symemu.getCurrentProcess()
format = ''
while True:
temp = process.readProcessMemory(strPointer, 1).decode('utf-8')
if temp == '\0':
break
format += temp
strPointer += 1
symemu.emulog(format)
def entryScript():
symemu.emulog('The entry! This means that I have been imported and survived!')
def waitForAnyRequestHook():
symemu.emulog('Just wait for request...., what do you still want?')
def getProcess():
processList = symemu.getProcessesList()
for process in processList:
symemu.emulog('Name: {}, Path: {}', process.getName(), process.getExecutablePath())
def leaveHook():
# r0, when begging the function, contains the leave code. User is a static class
# Since the code is uint32 from C, it must be converted to signed for the leave code
# to be visible
leaveCode = ctypes.c_long(symemu.Cpu.getReg(0)).value
symemu.emulog('Function leaved with code: {}', leaveCode)
def waitForRequestWhoHook():
# Get current thread
crrThread = symemu.getCurrentThread()
symemu.emulog('Thread {} will wait for any request!'.format(crrThread.getName()))
def scriptEntry():
symemu.emulog('Hello EKA2L1!')
def compareHook():
des1 = Descriptor16(cpu.getReg(0))
des2 = Descriptor16(cpu.getReg(1))
emulog('Target 1: {}, target 2 {}', str(des1), str(des2))
def domainClientPanic(panicCode):
errcode = -(panicCode & 0xFFFF)
line = (panicCode >> 16) & 0xFFFF
symemu.emulog('DomainClient exited with exit code: {} at line {}', errcode,
line)
