Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit dac0f4f

Browse files
fareedfauzifareedfauzi
authored
Create qilin_rename_jump_fx.py
1 parent dba308a commit dac0f4f

1 file changed

Lines changed: 184 additions & 0 deletions

File tree

qilin_rename_jump_fx.py

Lines changed: 184 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,184 @@
1+
import idaapi
2+
import idc
3+
4+
address_to_name = {
5+
0x101E318C: "mw_WriteFileEx",
6+
0x101E3194: "mw_WriteConsoleW",
7+
0x101E319C: "mw_Wow64RevertWow64FsRedirection",
8+
0x101E31A4: "mw_Wow64DisableWow64FsRedirection",
9+
0x101E31AC: "mw_WideCharToMultiByte",
10+
0x101E31B4: "mw_RtlWakeAllConditionVariable",
11+
0x101E31BC: "mw_WaitForSingleObjectEx",
12+
0x101E31C4: "mw_WaitForSingleObject",
13+
0x101E31CC: "mw_WaitForMultipleObjects",
14+
0x101E31D4: "mw_UnmapViewOfFile",
15+
0x101E31DC: "mw_RtlTryAcquireSRWLockExclusive",
16+
0x101E31E4: "mw_TlsSetValue",
17+
0x101E31EC: "mw_TlsGetValue",
18+
0x101E31F4: "mw_TlsFree",
19+
0x101E31FC: "mw_TlsAlloc",
20+
0x101E3204: "mw_TerminateProcess",
21+
0x101E320C: "mw_SwitchToThread",
22+
0x101E3214: "mw_SleepEx",
23+
0x101E321C: "mw_SleepConditionVariableSRW",
24+
0x101E3224: "mw_Sleep",
25+
0x101E322C: "mw_SetThreadToken",
26+
0x101E3234: "mw_SetThreadStackGuarantee",
27+
0x101E323C: "mw_SetLastError",
28+
0x101E3244: "mw_SetFilePointerEx",
29+
0x101E324C: "mw_SetFileAttributesW",
30+
0x101E3254: "mw_SetErrorMode",
31+
0x101E325C: "mw_RtlCaptureContext",
32+
0x101E3264: "mw_RtlReleaseSRWLockShared",
33+
0x101E326C: "mw_RtlReleaseSRWLockExclusive",
34+
0x101E3274: "mw_ReleaseMutex",
35+
0x101E327C: "mw_ReadFileEx",
36+
0x101E3284: "mw_ReadFile",
37+
0x101E328C: "mw_ReadConsoleW",
38+
0x101E3294: "mw_QueryPerformanceFrequency",
39+
0x101E329C: "mw_QueryPerformanceCounter",
40+
0x101E32A4: "mw_OpenProcess",
41+
0x101E32AC: "mw_MultiByteToWideChar",
42+
0x101E32B4: "mw_MoveFileExW",
43+
0x101E32BC: "mw_Module32NextW",
44+
0x101E32C4: "mw_Module32FirstW",
45+
0x101E32CC: "mw_MapViewOfFile",
46+
0x101E32D4: "mw_LocalFree",
47+
0x101E32DC: "mw_LoadLibraryA",
48+
0x101E32E4: "mw_IsWow64Process",
49+
0x101E32EC: "mw_InitOnceComplete",
50+
0x101E32F4: "mw_InitOnceBeginInitialize",
51+
0x101E32FC: "mw_RtlReAllocateHeap",
52+
0x101E3304: "mw_HeapFree",
53+
0x101E330C: "mw_RtlAllocateHeap",
54+
0x101E3314: "mw_GetWindowsDirectoryW",
55+
0x101E331C: "mw_GetVolumePathNamesForVolumeNameW",
56+
0x101E3324: "mw_GetTempPathW",
57+
0x101E332C: "mw_GetSystemTimeAsFileTime",
58+
0x101E3334: "mw_GetSystemInfo",
59+
0x101E333C: "mw_GetSystemDirectoryW",
60+
0x101E3344: "mw_GetStdHandle",
61+
0x101E334C: "mw_GetProcessId",
62+
0x101E3354: "mw_GetProcessHeap",
63+
0x101E335C: "mw_GetProcAddress",
64+
0x101E3364: "mw_GetOverlappedResult",
65+
0x101E336C: "mw_GetModuleHandleW",
66+
0x101E3374: "mw_GetModuleHandleA",
67+
0x101E337C: "mw_GetModuleFileNameW",
68+
0x101E3384: "mw_GetLogicalDrives",
69+
0x101E338C: "mw_GetLastError",
70+
0x101E3394: "mw_GetFullPathNameW",
71+
0x101E339C: "mw_GetFileInformationByHandleEx",
72+
0x101E33A4: "mw_GetFileInformationByHandle",
73+
0x101E33AC: "mw_GetFileAttributesW",
74+
0x101E33B4: "mw_GetExitCodeProcess",
75+
0x101E33BC: "mw_GetErrorMode",
76+
0x101E33C4: "mw_GetEnvironmentVariableW",
77+
0x101E33CC: "mw_GetEnvironmentStringsW",
78+
0x101E33D4: "mw_GetDriveTypeW",
79+
0x101E33DC: "mw_GetCurrentThread",
80+
0x101E33E4: "mw_GetCurrentProcessId",
81+
0x101E33EC: "mw_GetCurrentProcess",
82+
0x101E33F4: "mw_GetCurrentDirectoryW",
83+
0x101E33FC: "mw_GetConsoleMode",
84+
0x101E3404: "mw_GetComputerNameExW",
85+
0x101E340C: "mw_GetCommandLineW",
86+
0x101E3414: "mw_FreeEnvironmentStringsW",
87+
0x101E341C: "mw_FreeConsole",
88+
0x101E3424: "mw_FormatMessageW",
89+
0x101E342C: "mw_FlushFileBuffers",
90+
0x101E3434: "mw_FindVolumeClose",
91+
0x101E343C: "mw_FindNextVolumeW",
92+
0x101E3444: "mw_FindNextFileW",
93+
0x101E344C: "mw_FindFirstVolumeW",
94+
0x101E3454: "mw_FindFirstFileW",
95+
0x101E345C: "mw_FindClose",
96+
0x101E3464: "mw_ExitProcess",
97+
0x101E346C: "mw_DuplicateHandle",
98+
0x101E3474: "mw_DeviceIoControl",
99+
0x101E347C: "mw_CreateToolhelp32Snapshot",
100+
0x101E3484: "mw_CreateThread",
101+
0x101E348C: "mw_CreateProcessW",
102+
0x101E3494: "mw_CreateNamedPipeW",
103+
0x101E349C: "mw_CreateMutexW",
104+
0x101E34A4: "mw_CreateMutexA",
105+
0x101E34AC: "mw_CreateFileW",
106+
0x101E34B4: "mw_CreateFileMappingA",
107+
0x101E34BC: "mw_CreateEventW",
108+
0x101E34C4: "mw_CreateDirectoryW",
109+
0x101E34CC: "mw_CompareStringOrdinal",
110+
0x101E34D4: "mw_CloseHandle",
111+
0x101E34DC: "mw_CancelIo",
112+
0x101E34E4: "mw_RtlAcquireSRWLockShared",
113+
0x101E34EC: "mw_RtlAcquireSRWLockExclusive",
114+
0x101E34F4: "mw_WSACleanup",
115+
0x101E34FC: "mw_WSAGetLastError",
116+
0x101E3504: "mw_WSAStartup",
117+
0x101E350C: "mw_FreeAddrInfoW",
118+
0x101E3514: "mw_getaddrinfo",
119+
0x101E351C: "mw_ExitWindowsEx",
120+
0x101E3524: "mw_SystemParametersInfoW",
121+
0x101E352C: "mw_SHGetKnownFolderPath",
122+
0x101E3534: "mw_ShellExecuteA",
123+
0x101E353C: "mw_SetupDiDestroyDeviceInfoList",
124+
0x101E3544: "mw_SetupDiEnumDeviceInfo",
125+
0x101E354C: "mw_SetupDiEnumDeviceInterfaces",
126+
0x101E3554: "mw_SetupDiGetClassDevsW",
127+
0x101E355C: "mw_SetupDiGetDeviceInstanceIdW",
128+
0x101E3564: "mw_SetupDiGetDeviceInterfaceDetailW",
129+
0x101E356C: "mw_RmEndSession",
130+
0x101E3574: "mw_RmGetList",
131+
0x101E357C: "mw_RmRegisterResources",
132+
0x101E3584: "mw_RmStartSession",
133+
0x101E358C: "mw_EnumProcesses",
134+
0x101E3594: "mw_GetProcessImageFileNameW",
135+
0x101E359C: "mw_CoCreateInstance",
136+
0x101E35A4: "mw_CoInitialize",
137+
0x101E35AC: "mw_CoTaskMemFree",
138+
0x101E35B4: "mw_CoUninitialize",
139+
0x101E35BC: "mw_RtlNtStatusToDosError",
140+
0x101E35C4: "mw_NetApiBufferFree",
141+
0x101E35CC: "mw_NetShareEnum",
142+
0x101E35D4: "mw_NetUserSetInfo",
143+
0x101E35DC: "mw_WNetCloseEnum",
144+
0x101E35E4: "mw_WNetEnumResourceW",
145+
0x101E35EC: "mw_WNetGetLastErrorA",
146+
0x101E35F4: "mw_WNetOpenEnumW",
147+
0x101E35FC: "mw_GetAdaptersAddresses",
148+
0x101E3604: "mw_BCryptGenRandom",
149+
0x101E360C: "mw_AdjustTokenPrivileges",
150+
0x101E3614: "mw_ChangeServiceConfigW",
151+
0x101E361C: "mw_ControlService",
152+
0x101E3624: "mw_DuplicateTokenEx",
153+
0x101E362C: "mw_EnumDependentServicesW",
154+
0x101E3634: "mw_EnumServicesStatusW",
155+
0x101E363C: "mw_GetTokenInformation",
156+
0x101E3644: "mw_GetUserNameW",
157+
0x101E364C: "mw_LookupPrivilegeValueA",
158+
0x101E3654: "mw_LookupPrivilegeValueW",
159+
0x101E365C: "mw_OpenProcessToken",
160+
0x101E3664: "mw_OpenSCManagerW",
161+
0x101E366C: "mw_OpenServiceW",
162+
0x101E3674: "mw_QueryServiceStatusEx",
163+
0x101E367C: "mw_RegCloseKey",
164+
0x101E3684: "mw_RegDeleteValueW",
165+
0x101E368C: "mw_RegEnumValueW",
166+
0x101E3694: "mw_RegOpenKeyExW",
167+
0x101E369C: "mw_RegSetValueExW",
168+
0x101E36A4: "mw_RevertToSelf",
169+
0x101E36AC: "mw_SystemFunction036",
170+
0x101E36B4: "mw_ZwWriteFile",
171+
0x101E36BC: "mw_ZwSetInformationProcess",
172+
0x101E36C4: "mw_NtReadFile"
173+
}
174+
175+
def rename_functions():
176+
for address, name in address_to_name.items():
177+
# Make sure the address is a function
178+
if idaapi.get_func(address):
179+
# Rename function
180+
idaapi.set_name(address, name, idaapi.SN_NOWARN)
181+
182+
if __name__ == "__main__":
183+
rename_functions()
184+
print("Booyah.")

0 commit comments

Comments
 (0)