HopperScripts icon indicating copy to clipboard operation
HopperScripts copied to clipboard
verified publisher icon phracker

Issues getting Ordinal to Names to work

Open mitchelkoster opened this issue 8 years ago • 0 comments

I am debugging a DLL file which uses WS32_DLL functionality on Linux (x64) using HopperV4. Trying to run your Orinal -> Name plugins I run into some errors. Hopefully you can help me.

Running at imports

; Imports from WS2_32.dll' imp_ordinal_WS2_32.dll_18: // ordinal_WS2_32.dll_18' 100163c4 dd 0x80000012 ; DATA XREF=sub_100016d0+856'

Running WS2_32.dll Ordinals to Names.py does not work because of the mid-name extension .dll in the file name. Renaming this to WS2_32 Ordinals to Names.py solves this issue and causes the file to run, but still crashes with the following error message:

Renaming in range 0x100163c4L to 0x10016404L Address: 268526532 Name: imp_ordinal_WS2_32.dll_18 Traceback (most recent call last): File "WS2_32 Ordinals to Names", line 138, in KeyError: 'imp_ordinal_WS2_32.dll_18'

I also noticed there is another (perhaps more general) script to rename the Ordinal called Ordinals to Names.py. Running this results in the following error:

Selection: 100163c4 - 10016400 Loading symbols for WS2_32.dll Unhandled Exception in Ordinals to Names Traceback (most recent call last): File "Ordinals to Names", line 99, in File "Ordinals to Names", line 70, in main File "Ordinals to Names", line 40, in get_symbols File "/usr/lib/python2.7/posixpath.py", line 70, in join elif path == '' or path.endswith('/'): AttributeError: 'NoneType' object has no attribute 'endswith'

Running at the main disassembly

10001757 call dword [imp_ordinal_WS2_32.dll_52] ; DATA XREF=sub_100016d0+856'

Running WS2_32 Ordinals to Names.py does not name the script, but does not rename the ordinals either:

Renaming in range 0x10001757L to 0x1000175dL Address: 268441431 Address: 268441435

Running Ordinals to Names.py does not name the script, but does not rename the ordinals either:

Selection: 10001757 - 1000175d Unhandled Exception in Ordinals to Names Traceback (most recent call last): File "Ordinals to Names", line 99, in File "Ordinals to Names", line 67, in main File "Ordinals to Names", line 19, in find_import_before File "Ordinals to Names", line 29, in get_import_at AttributeError: 'NoneType' object has no attribute 'startswith'

mitchelkoster avatar Nov 02 '17 15:11 mitchelkoster