-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathhopper.py
34 lines (26 loc) · 1.33 KB
/
hopper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
from pathlib import Path
from typing import Type
from tweakinspect.codesearch import FunctionHookCodeSearchOperation
from tweakinspect.codesearches.logos_register_hook import LogosRegisterHookCodeSearchOperation
from tweakinspect.codesearches.method_setImplementation import MethodSetImpCodeSearchOperation
from tweakinspect.codesearches.MSHookFunction import MSHookFunctionCodeSearchOperation
from tweakinspect.codesearches.MSHookMessageEx import MSHookMessageExCodeSearchOperation
from tweakinspect.executable import Executable
print("TweakInspect hook analysis running")
doc = Document.getCurrentDocument() # noqa: F821
__TEXT_SEG = doc.getSegmentByName("__TEXT")
p = Path(doc.getExecutableFilePath())
executable = Executable(original_file_name="unknown", file_path=p)
codesearch_ops: list[Type[FunctionHookCodeSearchOperation]] = [
MSHookFunctionCodeSearchOperation,
MSHookMessageExCodeSearchOperation,
MethodSetImpCodeSearchOperation,
LogosRegisterHookCodeSearchOperation,
]
for code_search_op in codesearch_ops:
for hook in code_search_op(executable).analyze():
new_routine_name = str(hook)
function_address = hook.replacement_address
print(f"{hook} at {hex(hook.replacement_address)}")
__TEXT_SEG.setNameAtAddress(function_address, new_routine_name)
print("TweakInspect hook analysis complete")