def retrieveGetCompleteHook(ctx):
returnParams = ctx.getArgument(1).rawData()
# First 4-byte contains source bitmap handle, while the next contains mask bitmap handle.
(bitmapHandle, maskHandle) = struct.unpack('<LL', returnParams[:8])
symemu.log('Rendered icon to bitmap handle {}, mask handle {}',
bitmapHandle, maskHandle)
def ipcCopyHook():
msgHandle = ctypes.c_long(symemu.Cpu.getReg(0)).value
msg = symemu.messageFromHandle(msgHandle)
if msg != None:
symemu.log('Message opcode: {}, sender: {}'.format(
msg.function(),
msg.sender().getName()))
def retrieveGetSendHook(ctx):
params = ctx.getArgument(0).rawData()
# First field of the param struct is a static UCS2 descriptor.
# That's the name of the file containg icon pool.
(fileNameMaxLen, filename) = StringUtils.getStaticUcs2String(params)
offsetStart = 8 + fileNameMaxLen * 2
# Extract the bitmap ID and mask ID. These all takes 4 bytes each
(bitmapId, maskId) = struct.unpack('<ll',
params[offsetStart:offsetStart + 8])
symemu.log('From file {}, bitmap ID {}, mask ID {}', filename, bitmapId,
maskId)
def domainClientPanic(panicCode):
errcode = -(panicCode & 0xFFFF)
line = (panicCode >> 16) & 0xFFFF
symemu.log('DomainClient exited with exit code: {} at line {}', errcode, line)
def waitForRequestWhoHook():
# Get current thread
crrThread = symemu.getCurrentThread()
symemu.log('Thread {} will wait for any request!'.format(
crrThread.getName()))
def scriptEntry():
symemu.log('Hello EKA2L1!')
def getProcess():
processList = symemu.getProcessesList()
for process in processList:
symemu.log('Name: {}, Path: {}', process.getName(), process.getExecutablePath())