def retrieveGetCompleteHook(ctx): returnParams = ctx.getArgument(1).rawData() # First 4-byte contains source bitmap handle, while the next contains mask bitmap handle. (bitmapHandle, maskHandle) = struct.unpack('<LL', returnParams[:8]) symemu.log('Rendered icon to bitmap handle {}, mask handle {}', bitmapHandle, maskHandle)
def ipcCopyHook(): msgHandle = ctypes.c_long(symemu.Cpu.getReg(0)).value msg = symemu.messageFromHandle(msgHandle) if msg != None: symemu.log('Message opcode: {}, sender: {}'.format( msg.function(), msg.sender().getName()))
def retrieveGetSendHook(ctx): params = ctx.getArgument(0).rawData() # First field of the param struct is a static UCS2 descriptor. # That's the name of the file containg icon pool. (fileNameMaxLen, filename) = StringUtils.getStaticUcs2String(params) offsetStart = 8 + fileNameMaxLen * 2 # Extract the bitmap ID and mask ID. These all takes 4 bytes each (bitmapId, maskId) = struct.unpack('<ll', params[offsetStart:offsetStart + 8]) symemu.log('From file {}, bitmap ID {}, mask ID {}', filename, bitmapId, maskId)
def domainClientPanic(panicCode): errcode = -(panicCode & 0xFFFF) line = (panicCode >> 16) & 0xFFFF symemu.log('DomainClient exited with exit code: {} at line {}', errcode, line)
def waitForRequestWhoHook(): # Get current thread crrThread = symemu.getCurrentThread() symemu.log('Thread {} will wait for any request!'.format( crrThread.getName()))
def scriptEntry(): symemu.log('Hello EKA2L1!')
def getProcess(): processList = symemu.getProcessesList() for process in processList: symemu.log('Name: {}, Path: {}', process.getName(), process.getExecutablePath())