Last active
July 19, 2023 15:41
-
-
Save 52617365/9188fb31d5fe44fb3980b10b2e1efd3f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from binaryninja import * | |
| def replace_non_alphanumeric_characters(input_string): | |
| copy = input_string | |
| copy = ''.join(filter(str.isalnum, input_string)) | |
| return copy | |
| initialize_string_table_callers = bv.get_functions_by_name("initialize_string_table")[0].callers | |
| for caller in initialize_string_table_callers: | |
| for h in caller.medium_level_il.instructions: | |
| if isinstance(h, MediumLevelILCall): | |
| if h.tokens[0].text == "0x7ff71634c9e0": | |
| # and h.params[2].operation == | |
| if h.params[1].operation == MediumLevelILOperation.MLIL_CONST_PTR and h.params[2].operation == MediumLevelILOperation.MLIL_CONST_PTR: | |
| arg1 = bv.get_data_var_at(h.params[1].value.value) | |
| arg2 = bv.get_string_at(h.params[2].value.value) | |
| if arg1 is not None and arg2 is not None: | |
| arg2 = replace_non_alphanumeric_characters(arg2.value) | |
| # arg1.name = arg2 | |
| if arg2 is not "Error": | |
| print("call to initialize_string_table") | |
| print(f"arg1: {arg1}, arg2: {arg2}") | |
| print(f"{str(h)} is a call!") | |
| arg1.name = f"str_{arg2}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment