├── LICENSE ├── README.md ├── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── settings.gradle └── src └── main └── java └── RS3NXTRefactorer.java /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # rs3nxt-ghidra-scripts 2 | Ghidra scripts to help reverse-engineer RS3's NXT client. Currently one huge messy file that performs a few simple operations such as creating/setting up a few data structures, and finding some methods in the binary. 3 | 4 | This has only been tested on win64 binaries. MacOS and Linux binaries will not work due to different calling conventions. 5 | 6 | # Extending the script 7 | Fork and PR away! Please open-source all your changes to comply with the license, and to contribute to the scene. 8 | 9 | # Usage 10 | Simply copy the contents of the files from `/src/main/java/...` into Ghidra's script editor. They should work standalone. -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | // Builds a Ghidra Extension for a given Ghidra installation. 2 | // 3 | // An absolute path to the Ghidra installation directory must be supplied either by setting the 4 | // GHIDRA_INSTALL_DIR environment variable or Gradle project property: 5 | // 6 | // > export GHIDRA_INSTALL_DIR= 7 | // > gradle 8 | // 9 | // or 10 | // 11 | // > gradle -PGHIDRA_INSTALL_DIR= 12 | // 13 | // Gradle should be invoked from the directory of the project to build. Please see the 14 | // application.gradle.version property in /Ghidra/application.properties 15 | // for the correction version of Gradle to use for the Ghidra installation you specify. 16 | 17 | //----------------------START "DO NOT MODIFY" SECTION------------------------------ 18 | apply plugin: 'java' 19 | apply plugin: 'idea' 20 | def ghidraInstallDir 21 | 22 | if (System.env.GHIDRA_INSTALL_DIR) { 23 | ghidraInstallDir = System.env.GHIDRA_INSTALL_DIR 24 | } else if (project.hasProperty("GHIDRA_INSTALL_DIR")) { 25 | ghidraInstallDir = project.getProperty("GHIDRA_INSTALL_DIR") 26 | } else { 27 | ghidraInstallDir = "C:\\Users\\Development\\Downloads\\ghidra_10.0-BETA_PUBLIC_20210521\\ghidra_10.0-BETA_PUBLIC" 28 | } 29 | 30 | if (ghidraInstallDir) { 31 | apply from: new File(ghidraInstallDir).getCanonicalPath() + "/support/buildExtension.gradle" 32 | } else { 33 | throw new GradleException("GHIDRA_INSTALL_DIR is not defined!") 34 | } 35 | //----------------------END "DO NOT MODIFY" SECTION------------------------------- 36 | dependencies { 37 | runtimeOnly fileTree(dir: ghidraInstallDir + '/Ghidra/Framework', include: "**/*.jar") 38 | runtimeOnly fileTree(dir: ghidraInstallDir + '/Ghidra/Features', include: "**/*.jar") 39 | runtimeOnly fileTree(dir: ghidraInstallDir + '/Ghidra/Processors', include: "**/*.jar") 40 | } 41 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Techdaan/rs3nxt-ghidra-scripts/d1a15d77f9b39d04645d404436aab9c11554bc74/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # 4 | # Copyright 2015 the original author or authors. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ############################################################################## 20 | ## 21 | ## Gradle start up script for UN*X 22 | ## 23 | ############################################################################## 24 | 25 | # Attempt to set APP_HOME 26 | # Resolve links: $0 may be a link 27 | PRG="$0" 28 | # Need this for relative symlinks. 29 | while [ -h "$PRG" ] ; do 30 | ls=`ls -ld "$PRG"` 31 | link=`expr "$ls" : '.*-> \(.*\)$'` 32 | if expr "$link" : '/.*' > /dev/null; then 33 | PRG="$link" 34 | else 35 | PRG=`dirname "$PRG"`"/$link" 36 | fi 37 | done 38 | SAVED="`pwd`" 39 | cd "`dirname \"$PRG\"`/" >/dev/null 40 | APP_HOME="`pwd -P`" 41 | cd "$SAVED" >/dev/null 42 | 43 | APP_NAME="Gradle" 44 | APP_BASE_NAME=`basename "$0"` 45 | 46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' 48 | 49 | # Use the maximum available, or set MAX_FD != -1 to use that value. 50 | MAX_FD="maximum" 51 | 52 | warn () { 53 | echo "$*" 54 | } 55 | 56 | die () { 57 | echo 58 | echo "$*" 59 | echo 60 | exit 1 61 | } 62 | 63 | # OS specific support (must be 'true' or 'false'). 64 | cygwin=false 65 | msys=false 66 | darwin=false 67 | nonstop=false 68 | case "`uname`" in 69 | CYGWIN* ) 70 | cygwin=true 71 | ;; 72 | Darwin* ) 73 | darwin=true 74 | ;; 75 | MINGW* ) 76 | msys=true 77 | ;; 78 | NONSTOP* ) 79 | nonstop=true 80 | ;; 81 | esac 82 | 83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 84 | 85 | 86 | # Determine the Java command to use to start the JVM. 87 | if [ -n "$JAVA_HOME" ] ; then 88 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 89 | # IBM's JDK on AIX uses strange locations for the executables 90 | JAVACMD="$JAVA_HOME/jre/sh/java" 91 | else 92 | JAVACMD="$JAVA_HOME/bin/java" 93 | fi 94 | if [ ! -x "$JAVACMD" ] ; then 95 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 96 | 97 | Please set the JAVA_HOME variable in your environment to match the 98 | location of your Java installation." 99 | fi 100 | else 101 | JAVACMD="java" 102 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 103 | 104 | Please set the JAVA_HOME variable in your environment to match the 105 | location of your Java installation." 106 | fi 107 | 108 | # Increase the maximum file descriptors if we can. 109 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 110 | MAX_FD_LIMIT=`ulimit -H -n` 111 | if [ $? -eq 0 ] ; then 112 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 113 | MAX_FD="$MAX_FD_LIMIT" 114 | fi 115 | ulimit -n $MAX_FD 116 | if [ $? -ne 0 ] ; then 117 | warn "Could not set maximum file descriptor limit: $MAX_FD" 118 | fi 119 | else 120 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 121 | fi 122 | fi 123 | 124 | # For Darwin, add options to specify how the application appears in the dock 125 | if $darwin; then 126 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 127 | fi 128 | 129 | # For Cygwin or MSYS, switch paths to Windows format before running java 130 | if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then 131 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 132 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 133 | 134 | JAVACMD=`cygpath --unix "$JAVACMD"` 135 | 136 | # We build the pattern for arguments to be converted via cygpath 137 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 138 | SEP="" 139 | for dir in $ROOTDIRSRAW ; do 140 | ROOTDIRS="$ROOTDIRS$SEP$dir" 141 | SEP="|" 142 | done 143 | OURCYGPATTERN="(^($ROOTDIRS))" 144 | # Add a user-defined pattern to the cygpath arguments 145 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 146 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 147 | fi 148 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 149 | i=0 150 | for arg in "$@" ; do 151 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 152 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 153 | 154 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 155 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 156 | else 157 | eval `echo args$i`="\"$arg\"" 158 | fi 159 | i=`expr $i + 1` 160 | done 161 | case $i in 162 | 0) set -- ;; 163 | 1) set -- "$args0" ;; 164 | 2) set -- "$args0" "$args1" ;; 165 | 3) set -- "$args0" "$args1" "$args2" ;; 166 | 4) set -- "$args0" "$args1" "$args2" "$args3" ;; 167 | 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 168 | 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 169 | 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 170 | 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 171 | 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 172 | esac 173 | fi 174 | 175 | # Escape application args 176 | save () { 177 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 178 | echo " " 179 | } 180 | APP_ARGS=`save "$@"` 181 | 182 | # Collect all arguments for the java command, following the shell quoting and substitution rules 183 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 184 | 185 | exec "$JAVACMD" "$@" 186 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @rem 2 | @rem Copyright 2015 the original author or authors. 3 | @rem 4 | @rem Licensed under the Apache License, Version 2.0 (the "License"); 5 | @rem you may not use this file except in compliance with the License. 6 | @rem You may obtain a copy of the License at 7 | @rem 8 | @rem https://www.apache.org/licenses/LICENSE-2.0 9 | @rem 10 | @rem Unless required by applicable law or agreed to in writing, software 11 | @rem distributed under the License is distributed on an "AS IS" BASIS, 12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | @rem See the License for the specific language governing permissions and 14 | @rem limitations under the License. 15 | @rem 16 | 17 | @if "%DEBUG%" == "" @echo off 18 | @rem ########################################################################## 19 | @rem 20 | @rem Gradle startup script for Windows 21 | @rem 22 | @rem ########################################################################## 23 | 24 | @rem Set local scope for the variables with windows NT shell 25 | if "%OS%"=="Windows_NT" setlocal 26 | 27 | set DIRNAME=%~dp0 28 | if "%DIRNAME%" == "" set DIRNAME=. 29 | set APP_BASE_NAME=%~n0 30 | set APP_HOME=%DIRNAME% 31 | 32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter. 33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi 34 | 35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" 37 | 38 | @rem Find java.exe 39 | if defined JAVA_HOME goto findJavaFromJavaHome 40 | 41 | set JAVA_EXE=java.exe 42 | %JAVA_EXE% -version >NUL 2>&1 43 | if "%ERRORLEVEL%" == "0" goto execute 44 | 45 | echo. 46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 47 | echo. 48 | echo Please set the JAVA_HOME variable in your environment to match the 49 | echo location of your Java installation. 50 | 51 | goto fail 52 | 53 | :findJavaFromJavaHome 54 | set JAVA_HOME=%JAVA_HOME:"=% 55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 56 | 57 | if exist "%JAVA_EXE%" goto execute 58 | 59 | echo. 60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 61 | echo. 62 | echo Please set the JAVA_HOME variable in your environment to match the 63 | echo location of your Java installation. 64 | 65 | goto fail 66 | 67 | :execute 68 | @rem Setup the command line 69 | 70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 71 | 72 | 73 | @rem Execute Gradle 74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* 75 | 76 | :end 77 | @rem End local scope for the variables with windows NT shell 78 | if "%ERRORLEVEL%"=="0" goto mainEnd 79 | 80 | :fail 81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 82 | rem the _cmd.exe /c_ return code! 83 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 84 | exit /b 1 85 | 86 | :mainEnd 87 | if "%OS%"=="Windows_NT" endlocal 88 | 89 | :omega 90 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'RS3-NXT-Ghidra' 2 | 3 | -------------------------------------------------------------------------------- /src/main/java/RS3NXTRefactorer.java: -------------------------------------------------------------------------------- 1 | //Attempts to refactor parts of the NXT RS3 Win64 client. This might break. 2 | // 3 | // This WILL override ANY data you have. Make a backup BEFORE running this. You have been warned. 4 | // 5 | // Don't question the code at some points. This was thrown together at very-early am. 6 | //@author Techdaan 7 | //@category _NXT_ 8 | //@keybinding 9 | //@menupath NXT.RS3 NXT Refactorer 10 | //@toolbar 11 | 12 | import ghidra.app.script.GhidraScript; 13 | import ghidra.program.model.address.Address; 14 | import ghidra.program.model.address.AddressSet; 15 | import ghidra.program.model.data.*; 16 | import ghidra.program.model.lang.Register; 17 | import ghidra.program.model.listing.*; 18 | import ghidra.program.model.mem.MemoryBlock; 19 | import ghidra.program.model.scalar.Scalar; 20 | import ghidra.program.model.symbol.*; 21 | import ghidra.program.util.string.FoundString; 22 | import ghidra.program.util.string.StringSearcher; 23 | import ghidra.util.exception.DuplicateNameException; 24 | import ghidra.util.exception.InvalidInputException; 25 | import org.apache.commons.lang3.tuple.Pair; 26 | 27 | import java.util.*; 28 | import java.util.stream.Collectors; 29 | import java.util.stream.Stream; 30 | 31 | public class RS3NXTRefactorer extends GhidraScript { 32 | 33 | private static class Settings { 34 | static boolean FIND_CLIENT_PROT = true; 35 | static boolean PRINT_PROTOCOL_INFO = true; 36 | 37 | static int MIN_CLIENT_PROTS = 120; 38 | static int MAX_CLIENT_PROTS = 135; // maximum number of client prot packets, in 918 there are 124 39 | } 40 | 41 | private static String TODO_DESC = ""; 42 | 43 | private static class Types { 44 | // Built-ins 45 | static DataType LONGLONG; 46 | static DataType BOOL; 47 | static DataType VOID; 48 | static DataType UINT; 49 | static DataType INT; 50 | static DataType BYTE; 51 | 52 | // Structs 53 | static Structure S_ISAAC; 54 | static Structure S_CONNECTION_MANAGER; 55 | static Structure S_HEAP_INTERFACE; 56 | static Structure S_CLIENT; 57 | static Structure S_PACKET; 58 | static Structure S_CLIENT_PROT; 59 | 60 | // Classes (These are *technically* namespaces) 61 | static GhidraClass C_ISAAC; 62 | static GhidraClass C_CONNECTION_MANAGER; 63 | static GhidraClass C_HEAP_INTERFACE; 64 | static GhidraClass C_CLIENT; 65 | static GhidraClass C_PACKET; 66 | static GhidraClass C_CLIENT_PROT; 67 | } 68 | 69 | private int getClientVersion() { 70 | MemoryBlock block = getMemoryBlock(".rdata"); 71 | List strings = findStrings(new AddressSet(block.getStart(), block.getEnd()), 8, 1, true, false); 72 | strings = strings.stream().filter(string -> string.getString(currentProgram.getMemory()).equals("Client Version: %i-%i")).collect(Collectors.toList()); 73 | if (strings.size() != 1) { 74 | throw new IllegalStateException("Failed to get client version: " + strings); 75 | } 76 | 77 | Reference[] references = getReferencesTo(strings.get(0).getAddress()); 78 | if (references.length != 1) { 79 | throw new NullPointerException("Expected one reference, got multiple: " + Arrays.toString(references)); 80 | } 81 | 82 | return 0; 83 | } 84 | 85 | @Override 86 | protected void run() throws Exception { 87 | //noinspection ConstantConditions 88 | if (NUM_PACKETS != PACKET_NAMES.length) { 89 | throw new IllegalStateException("NUM_PACKETS =/= PACKET_NAMES length"); 90 | } 91 | 92 | printf("NXT v. %d%n", getClientVersion()); 93 | 94 | printf("Initializing default data types%n"); 95 | initDefaultDataTypes(); 96 | 97 | printf("Creating/updating data structures%n"); 98 | createDataStructures(); 99 | 100 | printf("Refactoring: App entry function%n"); 101 | Function fn = findAppEntryFunction(); 102 | renameFunction(fn, "jag::App::MainInit"); 103 | refactorAppEntry(fn); 104 | 105 | printf("Refactoring: jag::Isaac%n"); 106 | refactorIsaac(); 107 | 108 | printf("Refactoring jag::ConnectionManager%n"); 109 | refactorConnectionManagerCtor(); 110 | 111 | printf("%nRefactoring ServerProt%n"); 112 | refactorPackets(); 113 | 114 | if (Settings.FIND_CLIENT_PROT) { 115 | printf("%nRefactoring ClientProt%n"); 116 | clientProtPrototype(); 117 | } 118 | 119 | if (Settings.PRINT_PROTOCOL_INFO) { 120 | printf("%n// Packet sizes for ServerProt (server to client), mapped opcode->size%n"); 121 | printf("val CLIENT_PROT_SIZES = mapOf(%n"); 122 | for (int i = 0; i < clientProt.length; i++) { 123 | ClientProt info = clientProt[i]; 124 | if (info == null) continue; 125 | 126 | printf(" %d to %d,%n", info.opcode, info.size); 127 | } 128 | printf(")%n"); 129 | 130 | 131 | printf("%n// Packet names for ServerProt (server to client), mapped opcode->name%n"); 132 | printf("val SERVER_PROT_NAMES = mapOf(%n"); 133 | for (int i = 0; i < packets.length; i++) { 134 | ServerProtInfo info = packets[i]; 135 | if (info.name == null) continue; 136 | 137 | printf(" %d to \"%s\",%n", info.opcode, info.name); 138 | } 139 | printf(")%n"); 140 | 141 | printf("%n// Packet sizes for ServerProt (server to client), mapped opcode->size%n"); 142 | printf("val SERVER_PROT_SIZES = mapOf(%n"); 143 | for (int i = 0; i < packets.length; i++) { 144 | ServerProtInfo info = packets[i]; 145 | if (info.name == null) continue; 146 | 147 | printf(" %d to %d,%n", info.opcode, info.size); 148 | } 149 | printf(")%n"); 150 | } 151 | } 152 | 153 | private static class ClientProt { 154 | final Address address; 155 | final int opcode; 156 | final int size; 157 | 158 | ClientProt(Address address, int opcode, int size) { 159 | this.address = address; 160 | this.opcode = opcode; 161 | this.size = size; 162 | } 163 | } 164 | 165 | private ClientProt[] clientProt = null; 166 | 167 | private Pair findMakeClientMessage(Function fn) { 168 | Function makeClientMessageFn = null; 169 | Instruction makeClientMessageInsn = null; 170 | outer: 171 | for (Instruction insn : getFunctionInstructions(fn)) { 172 | if (!insn.getMnemonicString().equals("CALL")) 173 | continue; 174 | if (insn.getNumOperands() == 0 || insn.getAddress(0) == null) 175 | continue; 176 | 177 | Function called = getFunctionAt(insn.getAddress(0)); 178 | if (called == null) 179 | continue; 180 | 181 | for (Instruction inner : getFunctionInstructions(called)) { 182 | if (!inner.getMnemonicString().equals("CALL")) 183 | continue; 184 | if (inner.getNumOperands() == 0 || inner.getAddress(0) == null) 185 | continue; 186 | 187 | Function called2 = getFunctionAt(inner.getAddress(0)); 188 | if (called2 == null) 189 | continue; 190 | 191 | if (called2.getName().equals("_Throw_C_error")) { 192 | if (makeClientMessageFn != null && makeClientMessageFn != called) { 193 | throw new IllegalStateException("more than one option for MakeClientMessage found, disable ClientProt finding: " + makeClientMessageFn.getName() + ", " + called.getName()); 194 | } 195 | 196 | makeClientMessageFn = called; 197 | makeClientMessageInsn = insn; 198 | continue outer; 199 | } 200 | } 201 | } 202 | return Pair.of(makeClientMessageFn, makeClientMessageInsn); 203 | } 204 | 205 | private Function findNextFunction(Instruction startingAt) { 206 | for (int i = 0; i < 10; i++) { 207 | if (startingAt == null) return null; 208 | 209 | if (!startingAt.getMnemonicString().equals("CALL") && !startingAt.getMnemonicString().equals("JMP")) { 210 | startingAt = startingAt.getNext(); 211 | continue; 212 | } 213 | 214 | if (startingAt.getAddress(0) == null) { 215 | continue; 216 | } 217 | 218 | return getFunctionAt(startingAt.getAddress(0)); 219 | } 220 | 221 | return null; 222 | } 223 | 224 | private void clientProtPrototype() throws Exception { 225 | // reverse lookup... 226 | SymbolIterator it = currentProgram.getSymbolTable().getSymbols("SendPing"); 227 | if (!it.hasNext()) throw new IllegalStateException("SendPing not found (Obtained from ServerProt decoding)"); 228 | Symbol sendPingSymbol = it.next(); 229 | if (it.hasNext()) throw new IllegalStateException("more than one SendPing found?"); 230 | 231 | Function f = findNextFunction(getInstructionAt(sendPingSymbol.getAddress())); 232 | if (f == null) { 233 | throw new IllegalStateException("Failed to find inner function of SendPing (At " + sendPingSymbol.getAddress() +")"); 234 | } 235 | 236 | // TODO: If ClientProt shit breaks, this is likely it. 237 | Function makeClientMessageFn = null; 238 | Instruction makeClientMessageInsn = null; 239 | for (Instruction insn : getFunctionInstructions(f)) { 240 | if (!insn.getMnemonicString().equals("CALL")) { 241 | continue; 242 | } 243 | 244 | makeClientMessageFn = getFunctionAt(insn.getAddress(0)); 245 | makeClientMessageInsn = insn; 246 | break; 247 | } 248 | 249 | Address someClientProt = null; 250 | renameFunction(makeClientMessageFn, "jag::ServerConnection::MakeClientMessage"); 251 | int i = 10; 252 | while (i-- > 0) { 253 | makeClientMessageInsn = makeClientMessageInsn.getPrevious(); 254 | if (makeClientMessageInsn.getMnemonicString().equals("LEA") && makeClientMessageInsn.getRegister(0).getBaseRegister().getName().equals("R8")) { 255 | someClientProt = makeClientMessageInsn.getAddress(1); 256 | break; 257 | } 258 | } 259 | if (someClientProt == null) { 260 | throw new IllegalStateException("Couldn't find a ClientProt struct, please disable ClientProt finding"); 261 | } 262 | printf("Found a ClientProt struct at %s%n", someClientProt); 263 | 264 | Address registerClientProt = null; 265 | for (Reference reference : getReferencesTo(someClientProt.subtract(4))) { 266 | Instruction insn = getInstructionAt(reference.getFromAddress()); 267 | int j = 3; 268 | while( insn.getPrevious() != null && j >= 0) { 269 | insn = insn.getPrevious(); 270 | j--; 271 | } 272 | i = 8; 273 | while (i-- > 0) { 274 | insn = insn.getNext(); 275 | if (insn.getMnemonicString().equals("JMP")) { 276 | if (registerClientProt != null) { 277 | throw new IllegalStateException("more than one register client prot qualifier found, disable ClientProt finding"); 278 | } 279 | 280 | int numReferences = getReferencesTo(insn.getAddress(0)).length; 281 | if (numReferences > Settings.MIN_CLIENT_PROTS && numReferences < Settings.MAX_CLIENT_PROTS) 282 | registerClientProt = insn.getAddress(0); 283 | break; 284 | } 285 | } 286 | } 287 | if (registerClientProt == null) { 288 | throw new IllegalStateException("no client prot register function found, disable ClientProt finding"); 289 | } 290 | 291 | // rcx -> TcpConnectionBase 292 | // rdx -> ? 293 | // r8 -> message / ClientProt 294 | // r9 -> ? 295 | Reference[] references = getReferencesTo(registerClientProt); 296 | clientProt = new ClientProt[references.length]; 297 | printf("Found %d references to REGISTER_CLIENT_MESSAGE at %s%n", references.length, registerClientProt.toString()); 298 | 299 | for (Reference reference : references) { 300 | if (!reference.getReferenceType().isCall()) continue; 301 | 302 | Instruction insn = getInstructionAt(reference.getFromAddress()); 303 | 304 | outer: 305 | while (true) { 306 | Reference[] referencesTo = getReferencesTo(insn.getAddress()); 307 | 308 | if (referencesTo.length != 0) { 309 | for (Reference ref : referencesTo) { 310 | if (ref.getReferenceType() == RefType.DATA) { 311 | break outer; 312 | } 313 | } 314 | } 315 | 316 | insn = insn.getPrevious(); // roll back to begin of function 317 | } 318 | 319 | Address clientProt = null; 320 | int opcode = -100; 321 | int size = -100; 322 | 323 | i = 10; 324 | boolean rcx = false, rdx = false, r8 = false; 325 | while (i-- > 0 && (!rcx || !rdx || !r8)) { 326 | if (insn.getRegister(0) == null) { 327 | insn = insn.getNext(); 328 | continue; 329 | } 330 | 331 | String register = insn.getRegister(0).getBaseRegister().getName(); 332 | switch (register) { 333 | case "RCX": 334 | if (!insn.getMnemonicString().equals("LEA")) 335 | throw new IllegalStateException("expected LEA for loading ClientProt struct"); 336 | clientProt = insn.getAddress(1); 337 | rcx = true; 338 | break; 339 | case "RDX": 340 | if (insn.getMnemonicString().equals("MOV") && insn.getRegister(1) != null && insn.getRegister(1).getBaseRegister().getName().equals("R8")) { 341 | if (size == -100) 342 | throw new IllegalStateException("attempted to set opcode from size, but size is not set"); 343 | opcode = size; 344 | } else if (insn.getMnemonicString().equals("MOV")) { 345 | opcode = (int) insn.getScalar(1).getSignedValue();//insn.getInt(1); 346 | } else if (insn.getMnemonicString().equals("XOR") && insn.getRegister(0).getBaseRegister().getName().equals("RDX") && insn.getRegister(1).getBaseRegister().getName().equals("RDX")) { 347 | opcode = 0; 348 | } else if (insn.getMnemonicString().equals("LEA") && size != -100 && insn.getOpObjects(1).length == 2) { 349 | if (!((Register) insn.getOpObjects(1)[0]).getBaseRegister().getName().equals("R8")) 350 | throw new IllegalStateException("unexpected register, expected r8"); 351 | 352 | opcode = (int) (size + ((Scalar) insn.getOpObjects(1)[1]).getValue()); 353 | } else { 354 | throw new RuntimeException(" unsure how to get opcode from " + insn + " [size = " + size + "] at " + insn.getAddress()); 355 | } 356 | 357 | rdx = true; 358 | break; 359 | case "R8": 360 | if (insn.getMnemonicString().equals("MOV") && insn.getRegister(1) != null && insn.getRegister(1).getBaseRegister().getName().equals("RDX")) { 361 | if (opcode == -100) 362 | throw new IllegalStateException("attempted to set size from opcode, but opcode is not set"); 363 | size = opcode; 364 | } else if (insn.getMnemonicString().equals("MOV")) { 365 | // printf("???? %d%n", insn.getScalar(1).getSignedValue()); 366 | size = (int) insn.getScalar(1).getSignedValue(); 367 | // printf("Size of %d is %d%n", opcode, size); 368 | } else if (insn.getMnemonicString().equals("XOR") && insn.getRegister(0).getBaseRegister().getName().equals("R8") && insn.getRegister(1).getBaseRegister().getName().equals("R8")) { 369 | size = 0; 370 | } else if (insn.getMnemonicString().equals("LEA") && opcode != -100 && insn.getOpObjects(1).length == 2) { 371 | if (!((Register) insn.getOpObjects(1)[0]).getBaseRegister().getName().equals("RDX")) 372 | throw new IllegalStateException("unexpected register, expected rdx"); 373 | 374 | size = (int) (opcode + ((Scalar) insn.getOpObjects(1)[1]).getValue()); 375 | // if (size != -1 && size != -2) 376 | // size &= 0xff; 377 | // printf("Size of %d is %d%n", opcode, size); 378 | } else { 379 | throw new RuntimeException(" unsure how to get size from " + insn + " [opcode = " + opcode + "] at " + insn.getAddress()); 380 | } 381 | r8 = true; 382 | break; 383 | } 384 | 385 | insn = insn.getNext(); 386 | } 387 | 388 | if (clientProt == null || opcode == -100 || size == -100) { 389 | throw new IllegalStateException("failed to read clientprot from address " + reference.getFromAddress()); 390 | } 391 | 392 | this.clientProt[opcode] = new ClientProt(clientProt, opcode, size); 393 | 394 | setDataType(clientProt, Types.S_CLIENT_PROT, 8); 395 | setLabel(clientProt, "jag::ClientProt::ClientProtOP_" + opcode); 396 | } 397 | } 398 | 399 | private void setDataType(Address address, DataType type, int length) throws Exception { 400 | Listing listing = currentProgram.getListing(); 401 | Data sourceData = listing.getDataAt(address); 402 | if (sourceData == null) return; 403 | 404 | listing.clearCodeUnits(address, address.add(length), false); 405 | listing.createData(address, type, length); 406 | } 407 | 408 | private Data setDataType(Program program, Address address, DataType dataType, int length) { 409 | 410 | int txID = program.startTransaction("Change Data Type"); 411 | boolean commit = false; 412 | try { 413 | Listing listing = program.getListing(); 414 | Data sourceData = listing.getDataAt(address); 415 | if (sourceData == null) { 416 | return null; 417 | } 418 | listing.clearCodeUnits(address, sourceData.getMaxAddress(), false); 419 | Data data; 420 | if (length > 0) { 421 | data = listing.createData(address, dataType, length); 422 | } else { 423 | data = listing.createData(address, dataType); 424 | } 425 | commit = true; 426 | return data; 427 | } catch (Exception e) { 428 | // Commit is false by default so nothing else to do. 429 | return null; 430 | } finally { 431 | program.endTransaction(txID, commit); 432 | } 433 | } 434 | 435 | private void createDataStructures() throws DuplicateNameException, InvalidInputException { 436 | printf(" - jag::Isaac%n"); 437 | Types.C_ISAAC = getOrCreateClass("jag::Isaac"); 438 | Types.S_ISAAC = getStructureForClass(Types.C_ISAAC); 439 | Types.S_ISAAC.deleteAll(); 440 | resizeStructure(Types.S_ISAAC, 2064); 441 | Types.S_ISAAC.replaceAtOffset(0, Types.UINT, 4, "values_left", "The amount of values left before having to generate new ones"); 442 | Types.S_ISAAC.replaceAtOffset(4, arr(Types.UINT, 256, 4), 1024, "rand_results", "The generated random results"); 443 | Types.S_ISAAC.replaceAtOffset(1028, arr(Types.UINT, 256, 4), 1024, "mm", TODO_DESC); 444 | Types.S_ISAAC.replaceAtOffset(2052, Types.INT, 4, "aa", TODO_DESC); 445 | Types.S_ISAAC.replaceAtOffset(2056, Types.INT, 4, "bb", TODO_DESC); 446 | Types.S_ISAAC.replaceAtOffset(2060, Types.INT, 4, "cc", TODO_DESC); 447 | 448 | printf(" - jag::HeapInterface"); 449 | Types.C_HEAP_INTERFACE = getOrCreateClass("jag::HeapInterface"); 450 | Types.S_HEAP_INTERFACE = getStructureForClass(Types.C_HEAP_INTERFACE); 451 | 452 | printf(" - jag::Client%n"); 453 | Types.C_CLIENT = getOrCreateClass("jag::Client"); 454 | Types.S_CLIENT = getStructureForClass(Types.C_CLIENT); // We will initialize this later on. 455 | 456 | printf(" - jag::ConnectionManager%n"); 457 | Types.C_CONNECTION_MANAGER = getOrCreateClass("jag::ConnectionManager"); 458 | Types.S_CONNECTION_MANAGER = getStructureForClass(Types.C_CONNECTION_MANAGER); 459 | if (Types.S_CONNECTION_MANAGER.getLength() < 0x10) 460 | resizeStructure(Types.S_CONNECTION_MANAGER, 0x10); // We will resize this later on 461 | Types.S_CONNECTION_MANAGER.replaceAtOffset(0x8, ptr(Types.S_CLIENT), 8, "client", TODO_DESC); 462 | 463 | printf("- jag::Packet%n"); 464 | Types.C_PACKET = getOrCreateClass("jag::Packet"); 465 | Types.S_PACKET = getStructureForClass(Types.C_PACKET); 466 | resizeStructure(Types.S_PACKET, 0x20); 467 | Types.S_PACKET.replaceAtOffset(0x0, Types.LONGLONG, 8, "field_0x0", TODO_DESC); 468 | Types.S_PACKET.replaceAtOffset(0x8, Types.LONGLONG, 8, "capacity", "The capacity of the buffer (todo: confirm)"); 469 | Types.S_PACKET.replaceAtOffset(0x10, ptr(Types.BYTE), 8, "buffer", "The backing buffer"); 470 | Types.S_PACKET.replaceAtOffset(0x18, Types.LONGLONG, 8, "offset", "The offset (writer AND reader offset) in the buffer"); 471 | 472 | printf("- jag::ClientProt%n"); 473 | Types.C_CLIENT_PROT = getOrCreateClass("jag::ClientProt"); 474 | Types.S_CLIENT_PROT = getStructureForClass(Types.C_CLIENT_PROT); 475 | Types.S_CLIENT_PROT.deleteAll(); 476 | resizeStructure(Types.S_CLIENT_PROT, 8); 477 | Types.S_CLIENT_PROT.replaceAtOffset(0, Types.UINT, 4, "opcode", "Opcode of this ClientProt"); 478 | Types.S_CLIENT_PROT.replaceAtOffset(4, Types.INT, 4, "size", "Size of this ClientProt"); 479 | Types.S_CLIENT_PROT.setDescription("ClientProt is also used by login packets, opcodes may overlap with in-game protocol definitions."); 480 | } 481 | 482 | /** 483 | * Attempts to find the KERNEL32.DLL:SetErrorMode method. This is called once in the main app method. 484 | */ 485 | private Function findAppEntryFunction() { 486 | Symbol symbol = null; 487 | 488 | for (Symbol s : currentProgram.getSymbolTable().getSymbols("SetErrorMode")) { 489 | symbol = s; 490 | } 491 | 492 | if (symbol == null) 493 | throw new NullPointerException("Could not find SetErrorMode"); 494 | 495 | int count = 0; 496 | Function f = null; 497 | for (Reference reference : getReferencesTo(symbol.getAddress())) { 498 | Function l = getCurrentProgram().getFunctionManager().getFunctionContaining(reference.getFromAddress()); 499 | if (l != null) { 500 | f = l; 501 | count++; 502 | } 503 | } 504 | 505 | if (count > 1) { 506 | throw new IllegalStateException("Multiple possibilities of SetErrorMode xrefs"); 507 | } 508 | 509 | if (f != null) { 510 | return f; 511 | } 512 | 513 | throw new NullPointerException("Could not find app entry function"); 514 | } 515 | 516 | private boolean isValidFunctionCall(Instruction insn) { 517 | if (!insn.getMnemonicString().equals("CALL")) 518 | return false; 519 | 520 | // Some call functions don't actually have addresses (eg. when using a vtable) 521 | if (insn.getNumOperands() == 0 || insn.getAddress(0) == null) 522 | return false; 523 | 524 | // And some don't have a function at all 525 | Function called = getFunctionAt(insn.getAddress(0)); 526 | if (called == null) 527 | return false; 528 | 529 | return true; 530 | } 531 | 532 | /** 533 | * Handles the app's main entry. This performs the following operations: 534 | *

535 | * - Finds function jag::HeapInterface::Alloc 536 | * This is the first method with a LOT of calls in the entrypoint. Found by checking amount of xrefs 537 | *

538 | * - Finds address jag::HeapInterface::g_pHeapInterface 539 | * This is the first argument to jag::HeapInterface::Alloc 540 | *

541 | * - Finds the size of structure jag::Client 542 | * This is the second argument to the first call of jag::HeapInterface::Alloc 543 | *

544 | * - Finds the constructor jag::Client::Client 545 | * This is the first function after the jag::HeapInterface::Alloc class 546 | * 547 | * @param fn The app main entry 548 | */ 549 | private void refactorAppEntry(Function fn) throws Exception { 550 | println("App entry at " + fn.getEntryPoint()); 551 | int XREF_THRESHOLD = 1500; // Min. number of references to jag::HeapInterface::Alloc 552 | boolean foundAlloc = false; 553 | 554 | RegisterTracker tracker = new RegisterTracker(); 555 | for (Instruction insn : getFunctionInstructions(fn)) { 556 | tracker.update(insn); 557 | 558 | if (!isValidFunctionCall(insn)) { 559 | continue; 560 | } 561 | 562 | Function called = getFunctionAt(insn.getAddress(0)); 563 | if (!foundAlloc && getReferencesTo(called.getEntryPoint()).length > XREF_THRESHOLD) { 564 | // Jag introduced a function that gets called in place of directly calling Alloc on HeapInterface 565 | Instruction rcx = tracker.getRegisterValue("RCX"); // num_bytes 566 | Instruction rdx = tracker.getRegisterValue("RDX"); // alignment 567 | 568 | renameFunction(called, "jag::HeapInterface::CheckedAlloc"); 569 | called.replaceParameters(Function.FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, false, SourceType.USER_DEFINED, 570 | new ParameterImpl("num_bytes", Types.LONGLONG, currentProgram), 571 | new ParameterImpl("alignment", Types.LONGLONG, currentProgram)); 572 | 573 | resizeStructure(Types.S_CLIENT, rcx.getInt(1)); 574 | 575 | RegisterTracker tracker2 = new RegisterTracker(); 576 | for (Instruction insn2 : getFunctionInstructions(called)) { 577 | tracker2.update(insn2); 578 | 579 | if (!isValidFunctionCall(insn2)) { 580 | continue; 581 | } 582 | 583 | Function called2 = getFunctionAt(insn2.getAddress(0)); 584 | Instruction rcx2 = tracker2.getRegisterValue("RCX"); // num_bytes 585 | Instruction rdx2 = tracker2.getRegisterValue("RDX"); // alignment 586 | 587 | setLabel(rcx2.getAddress(1), "jag::HeapInterface::g_pHeapInterface"); 588 | 589 | renameFunction(called2, "jag::HeapInterface::Alloc"); 590 | called2.setCallingConvention("__thiscall"); 591 | called2.replaceParameters(Function.FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, false, SourceType.USER_DEFINED, 592 | new ParameterImpl("num_bytes", Types.LONGLONG, currentProgram), 593 | new ParameterImpl("alignment", Types.LONGLONG, currentProgram)); 594 | break; 595 | } 596 | 597 | foundAlloc = true; 598 | continue; 599 | } 600 | 601 | if (foundAlloc) { 602 | renameFunction(called, "jag::Client::Client"); 603 | return; 604 | } 605 | } 606 | } 607 | 608 | /** 609 | * Handles a few ISAAC functions. This performs the following operations: 610 | *

611 | * - Finds function jag::Isaac::Init 612 | * This is the only method in the client with references to a constant and certain bit shifting. 613 | *

614 | * - Finds function jag::Isaac::Generate 615 | * This is the only method that's called from function jag::Isaac::Init 616 | */ 617 | private void refactorIsaac() throws Exception { 618 | List initQualifiers = new ArrayList<>(); 619 | 620 | fn_loop: 621 | for (Function fn : currentProgram.getFunctionManager().getFunctions(true)) { 622 | for (Instruction insn : getFunctionInstructions(fn)) { 623 | if (!insn.getMnemonicString().equals("MOV")) 624 | continue; 625 | 626 | if (insn.getInt(0) == 0x9e3779b9 || insn.getInt(1) == 0x9e3779b9 || insn.getInt(2) == 0x9e3779b9) { 627 | boolean shl8 = false; 628 | boolean shla = false; 629 | boolean shr10 = false; 630 | 631 | for (Instruction inner : getFunctionInstructions(fn)) { 632 | if (inner.getMnemonicString().equals("SHL")) { 633 | if (inner.getByte(2) == 0x8) 634 | shl8 = true; 635 | else if (inner.getByte(2) == 0xa) 636 | shla = true; 637 | } else if (inner.getMnemonicString().equals("SHR")) { 638 | if (inner.getByte(2) == 0x10) 639 | shr10 = true; 640 | } 641 | } 642 | 643 | if (shl8 && shla && shr10) { 644 | initQualifiers.add(fn); 645 | } 646 | 647 | continue fn_loop; 648 | } 649 | } 650 | } 651 | 652 | if (initQualifiers.size() != 1) { 653 | throw new IllegalStateException("couldn't find jag::Isaac::Init qualifiers! (found " + initQualifiers.size() + ")"); 654 | } 655 | 656 | Function init = initQualifiers.get(0); 657 | renameFunction(init, "jag::Isaac::Init"); 658 | init.setCallingConvention("__thiscall"); 659 | init.setReturnType(Types.VOID, SourceType.USER_DEFINED); 660 | init.replaceParameters(Function.FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, false, SourceType.USER_DEFINED, 661 | new ParameterImpl("seeds", ptr(Types.UINT), currentProgram)); 662 | 663 | // Find generate 664 | Function generate = null; 665 | for (Instruction insn : getFunctionInstructions(init)) { 666 | if (insn.getMnemonicString().equals("CALL")) { 667 | if (generate != null) { 668 | throw new IllegalStateException("More than 1 CALL in jag::Isaac::Init"); 669 | } 670 | 671 | generate = getFunctionAt(insn.getAddress(0)); 672 | } 673 | } 674 | 675 | if (generate == null) { 676 | throw new IllegalStateException("Failed to find jag::Isaac::Generate in jag::Isaac::Init"); 677 | } 678 | 679 | renameFunction(generate, "jag::Isaac::Generate"); 680 | generate.setCallingConvention("__thiscall"); 681 | generate.replaceParameters(Function.FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, false, SourceType.USER_DEFINED); 682 | generate.setReturnType(Types.VOID, SourceType.USER_DEFINED); 683 | } 684 | 685 | private Function connectionManagerCtor; 686 | 687 | /** 688 | * Handles the connection manager ctor. This performs the following operations: 689 | *

690 | * - Finds function jag::ConnectionManager::ConnectionManager 691 | * There are only a few methods that have the int constant 20_000, which is always at the end of the function. So we 692 | * scan instructions backwards to filter out the other few remaining functions. 693 | */ 694 | private void refactorConnectionManagerCtor() throws Exception { 695 | Map qualifiers = new HashMap<>(); 696 | 697 | for (Function f : currentProgram.getFunctionManager().getFunctions(true)) { 698 | for (Instruction insn : getFunctionInstructions(f)) { 699 | if (insn.getMnemonicString().equals("ADD")) { 700 | if (insn.getInt(0) == 20_000 || insn.getInt(1) == 20_000 || insn.getInt(2) == 20_000) { 701 | qualifiers.put(insn, f); 702 | } 703 | } 704 | } 705 | } 706 | 707 | Function ctor = null; 708 | Instruction needle = null; 709 | Iterator> it = qualifiers.entrySet().iterator(); 710 | while (it.hasNext()) { 711 | Map.Entry entry = it.next(); 712 | Instruction insn = entry.getKey(); 713 | 714 | int dist = 0; 715 | while (!insn.getMnemonicString().equals("RET")) { 716 | insn = insn.getNext(); 717 | dist++; 718 | } 719 | 720 | if (dist > 15) { 721 | it.remove(); 722 | continue; 723 | } 724 | 725 | needle = entry.getKey(); 726 | ctor = entry.getValue(); 727 | } 728 | 729 | if (qualifiers.size() > 1) { 730 | qualifiers.forEach((insn, f) -> printerr("at: " + f.getEntryPoint() + " (" + f.getName() + ") @ " + insn.getAddress())); 731 | throw new IllegalStateException("Found more than one qualifier for jag::ConnectionManager::ConnectionManager"); 732 | } 733 | 734 | if (ctor == null) 735 | throw new NullPointerException("Found no qualifiers for jag::ConnectionManager::ConnectionManager"); 736 | 737 | renameFunction(ctor, "jag::ConnectionManager::ConnectionManager"); 738 | ctor.setCallingConvention("__thiscall"); 739 | ctor.replaceParameters(Function.FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, false, SourceType.USER_DEFINED, new ParameterImpl("client", ptr(Types.S_CLIENT), currentProgram)); 740 | ctor.setReturnType(ptr(Types.S_CONNECTION_MANAGER), SourceType.USER_DEFINED); 741 | 742 | RegisterTracker tracker = new RegisterTracker(); 743 | for (Instruction insn : getFunctionInstructions(ctor)) { 744 | if (insn == needle) { 745 | String register = insn.getRegister(0).getName(); 746 | Instruction setter = tracker.getRegisterValue(register); 747 | 748 | Address m_currentTimeMS = null; 749 | for (int k = 0; k < 5; k++) { 750 | Address a = setter.getAddress(k); 751 | if (a != null) { 752 | m_currentTimeMS = a; 753 | } 754 | } 755 | 756 | if (m_currentTimeMS == null) { 757 | throw new IllegalStateException("Couldn't find jag::FrameTime::m_currentTimeMS"); 758 | } 759 | 760 | setLabel(m_currentTimeMS, "jag::FrameTime::m_currentTimeMS"); 761 | 762 | break; 763 | } 764 | 765 | tracker.update(insn); 766 | } 767 | 768 | Reference[] xrefs = getReferencesTo(ctor.getEntryPoint()); 769 | if (xrefs.length != 1) { 770 | Address to = xrefs[0].getToAddress(); 771 | for (Reference xref : xrefs) { 772 | if (!xref.getToAddress().equals(to)) 773 | throw new IllegalStateException("0 or more than 1 xref to jag::ConnectionManager::ConnectionManager"); 774 | } 775 | 776 | for (Reference xref : xrefs) { 777 | if (xref.getReferenceType() != RefType.DATA) 778 | xrefs[0] = xref; 779 | } 780 | } 781 | 782 | Instruction insn = getInstructionAt(xrefs[0].getFromAddress()).getPrevious(); 783 | while (!insn.getMnemonicString().equals("CALL")) insn = insn.getPrevious(); 784 | 785 | while ((insn = insn.getPrevious()) != null) { 786 | if (!insn.getMnemonicString().equals("MOV")) { 787 | continue; 788 | } 789 | 790 | if (insn.getRegister(0) == null || !insn.getRegister(0).getName().equals("RDX")) { 791 | continue; 792 | } 793 | 794 | int size = insn.getInt(1); 795 | 796 | resizeStructure(Types.S_CONNECTION_MANAGER, size); 797 | 798 | break; 799 | } 800 | 801 | connectionManagerCtor = ctor; 802 | } 803 | 804 | private Function serverProtReg1; 805 | 806 | /** 807 | * Black magic. 808 | */ 809 | private void refactorPackets() throws Exception { 810 | RegisterTracker tracker = new RegisterTracker(); 811 | HashSet

visited = new HashSet<>(); 812 | 813 | if (connectionManagerCtor == null) throw new NullPointerException("?"); 814 | 815 | try { 816 | int i = 0; 817 | for (Instruction insn : getFunctionInstructions(connectionManagerCtor)) { 818 | tracker.update(insn); 819 | 820 | checkAndNameServerProt(insn); 821 | 822 | if (!insn.getMnemonicString().equals("CALL")) 823 | continue; 824 | 825 | i++; 826 | if (i <= 2) 827 | continue; 828 | 829 | Address addr = insn.getAddress(0); 830 | if (addr != null) 831 | refactorPacketsRecursive(insn, getFunctionAt(addr), visited, tracker.waistClone(), tracker.getRegisterValue("RCX"), tracker.getRegisterValue("RDX")); 832 | } 833 | } catch (Exception e) { 834 | if (e.getMessage().equals("yayeeeet")) { 835 | refactorPackets(); 836 | return; 837 | } else { 838 | throw e; 839 | } 840 | } 841 | 842 | for (int i = 0; i < packets.length; i++) { 843 | ServerProtInfo info = packets[i]; 844 | if (info.name == null) continue; 845 | 846 | StringBuilder nameBuilder = new StringBuilder(); 847 | for (String s : info.name.split("_")) { 848 | if (s.length() < 2) continue; 849 | nameBuilder.append(s.substring(0, 1).toUpperCase(Locale.ROOT)); 850 | nameBuilder.append(s.substring(1).toLowerCase(Locale.ROOT)); 851 | } 852 | 853 | Data data = getDataAt(info.vtable.add(16)); 854 | if (data == null || data.getValue() == null) { 855 | printerr("Addr == null @ " + info.vtable.toString()); 856 | } 857 | 858 | Address fnAddr = (Address) getDataAt(info.vtable.add(16)).getValue(); 859 | Function fn; 860 | try { 861 | fn = getFunctionAt(fnAddr); 862 | renameFunction(fn, "jag::PacketHandlers::" + nameBuilder); 863 | } catch (Exception e) { 864 | createFunction(fnAddr, nameBuilder.toString()); 865 | fn = getFunctionAt(fnAddr); 866 | renameFunction(fn, "jag::PacketHandlers::" + nameBuilder); 867 | } 868 | fn.replaceParameters(Function.FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, false, SourceType.USER_DEFINED, 869 | new ParameterImpl("param1", Types.LONGLONG, currentProgram), 870 | new ParameterImpl("packet", ptr(Types.S_PACKET), currentProgram), 871 | new ParameterImpl("param3", Types.LONGLONG, currentProgram), 872 | new ParameterImpl("isaac", ptr(Types.S_ISAAC), currentProgram) 873 | ); 874 | fn.setComment("\n << AUTO REFACTORED BY RS3 NXT REFACTORER >>\nOpcode: " + info.opcode + "\nSize: " + info.size + "\nName: " + info.name); 875 | println("Found ServerProt " + info); 876 | } 877 | } 878 | 879 | HashSet
addresses = new HashSet<>(); 880 | 881 | private ServerProtInfo serverProtFromAddress(Address a) { 882 | if (addresses.isEmpty()) { 883 | for (ServerProtInfo packet : packets) { 884 | addresses.add(packet.addr); 885 | } 886 | } 887 | for (int i = 0; i < packets.length; i++) { 888 | if (a.equals(packets[i].addr)) 889 | return packets[i]; 890 | } 891 | throw new IllegalStateException("???"); 892 | } 893 | 894 | private void refactorPacketsRecursive(Instruction callInsn, Function fn, HashSet
visited, RegisterTracker tracker, Instruction rcx, Instruction rdx) throws Exception { 895 | // if fn we called is null... 896 | if (fn == null) 897 | return; 898 | 899 | // did we find server prot register 900 | if (serverProtReg1 == null) { 901 | if (getReferencesTo(fn.getEntryPoint()).length > 200) { 902 | visited.remove(fn.getEntryPoint()); 903 | serverProtReg1 = fn; 904 | 905 | printerr("serverProtReg1 = @ " + serverProtReg1.getName() + " " + serverProtReg1.getEntryPoint()); 906 | 907 | while (callInsn.getRegister(0) == null || !callInsn.getRegister(0).getName().equals("RDX")) { 908 | callInsn = callInsn.getPrevious(); 909 | } 910 | 911 | Address referringTo = callInsn.getAddress(1); 912 | 913 | if (referringTo == null) { 914 | if (rdx.getMnemonicString().equals("LEA") && rdx.getAddress(1) != null) { 915 | referringTo = rdx.getAddress(1); 916 | } else if (rcx.getMnemonicString().equals("LEA") && rcx.getAddress(1) != null) { 917 | referringTo = rcx.getAddress(1); 918 | } else { 919 | printerr("hmm0 " + callInsn + ", " + callInsn.getAddress()); 920 | throw new IllegalStateException("wat"); 921 | } 922 | } 923 | 924 | Reference[] references = getReferencesTo(referringTo.subtract(0x8)); 925 | if (references.length != 1) { 926 | throw new IllegalStateException("What @ " + referringTo); 927 | } 928 | 929 | Function fn2 = getFunctionContaining(references[0].getFromAddress()); 930 | Instruction callTo = null; 931 | for (Instruction insn : getFunctionInstructions(fn2)) { 932 | if (!insn.getMnemonicString().equals("CALL")) 933 | continue; 934 | 935 | if (callTo != null) 936 | throw new IllegalStateException("wot"); 937 | 938 | callTo = insn; 939 | } 940 | 941 | Function fn3 = getFunctionAt(callTo.getAddress(0)); 942 | Reference[] refs = getReferencesTo(fn3.getEntryPoint()); 943 | if (((int) Stream.of(refs).filter(ref -> ref.getReferenceType().isCall()).count()) != NUM_PACKETS) { 944 | // if (getReferencesTo(fn3.getEntryPoint()).length != NUM_PACKETS) { 945 | printerr("invalid packet count " + callInsn + ", " + callInsn.getAddress() + " @ " + fn3.getEntryPoint()); 946 | printerr("expected " + NUM_PACKETS + "packets, got " + (((int) Stream.of(refs).filter(ref -> ref.getReferenceType().isCall()).count()))); 947 | return; 948 | } 949 | 950 | for (Reference ref : refs) { 951 | if (!ref.getReferenceType().isCall()) continue; 952 | 953 | Function regF = getFunctionContaining(ref.getFromAddress()); 954 | RegisterTracker t = new RegisterTracker(); 955 | Instruction b = getInstructionAt(regF.getEntryPoint()); 956 | Instruction s = getInstructionAt(ref.getFromAddress()); 957 | while (!b.equals(s)) { 958 | t.update(b); 959 | b = b.getNext(); 960 | } 961 | 962 | List opcodeInsns = t.getRegisterValues("RDX"); 963 | int opcode = -500; 964 | if (opcodeInsns.size() == 0) { // probably no need to do this check, but whatever it's 4am i am tired 965 | boolean xored = false; 966 | 967 | b = getInstructionAt(regF.getEntryPoint()); 968 | s = getInstructionAt(ref.getFromAddress()); 969 | while (!b.equals(s)) { 970 | b = b.getNext(); 971 | if (b.getMnemonicString().equals("XOR") && b.getRegister(0).getBaseRegister().getName().equals("RDX") && b.getRegister(1).getBaseRegister().getName().equals("RDX")) { 972 | xored = true; 973 | } 974 | } 975 | 976 | if (!xored) throw new IllegalStateException("the fuck"); 977 | opcode = 0; 978 | } else if (opcodeInsns.size() == 1 && opcodeInsns.get(0).getMnemonicString().equals("MOV")) { 979 | opcode = opcodeInsns.get(0).getInt(1); 980 | } else if (opcodeInsns.size() == 1 && opcodeInsns.get(0).getMnemonicString().equals("LEA") && opcodeInsns.get(0).getOpObjects(1).length == 2) { 981 | if (!opcodeInsns.get(0).getRegister(0).getBaseRegister().getName().equals("RDX")) 982 | throw new IllegalStateException("WHAT"); 983 | if (!((Register) opcodeInsns.get(0).getOpObjects(1)[0]).getBaseRegister().getName().equals("R8")) 984 | throw new IllegalStateException("WHAT 2"); 985 | 986 | List sizeInsns = t.getRegisterValues("R8"); 987 | boolean xoredd = false; 988 | 989 | Instruction bs = getInstructionAt(regF.getEntryPoint()); 990 | Instruction ss = getInstructionAt(ref.getFromAddress()); 991 | while (!bs.equals(ss)) { 992 | bs = bs.getNext(); 993 | if (bs.getMnemonicString().equals("XOR") && bs.getRegister(0).getBaseRegister().getName().equals("R8") && bs.getRegister(1).getBaseRegister().getName().equals("R8")) { 994 | xoredd = true; 995 | } 996 | } 997 | 998 | if (!xoredd) throw new IllegalStateException("the fuck " + sizeInsns); 999 | opcode = (int) (((Scalar) opcodeInsns.get(0).getOpObjects(1)[1]).getValue()); 1000 | } 1001 | 1002 | List sizeInsns = t.getRegisterValues("R8"); 1003 | int size = -500; 1004 | if (sizeInsns.size() == 0) { // probably no need to do this check, but whatever it's 4am i am tired 1005 | boolean xored = false; 1006 | 1007 | b = getInstructionAt(regF.getEntryPoint()); 1008 | s = getInstructionAt(ref.getFromAddress()); 1009 | while (!b.equals(s)) { 1010 | b = b.getNext(); 1011 | if (b.getMnemonicString().equals("XOR") && b.getRegister(0).getBaseRegister().getName().equals("R8") && b.getRegister(1).getBaseRegister().getName().equals("R8")) { 1012 | xored = true; 1013 | } 1014 | } 1015 | 1016 | if (!xored) throw new IllegalStateException("the fuck " + sizeInsns); 1017 | size = 0; 1018 | } else if (sizeInsns.size() == 1 && sizeInsns.get(0).getMnemonicString().equals("MOV")) { 1019 | if (sizeInsns.get(0).getRegister(0).getBaseRegister().getName().equals("RDX")) { 1020 | size = opcode; 1021 | } else { 1022 | size = sizeInsns.get(0).getInt(2); 1023 | } 1024 | } else if (sizeInsns.size() == 1 && sizeInsns.get(0).getMnemonicString().equals("LEA") && sizeInsns.get(0).getOpObjects(1).length == 2) { 1025 | if (!sizeInsns.get(0).getRegister(0).getBaseRegister().getName().equals("R8")) 1026 | throw new IllegalStateException("WHAT"); 1027 | if (!((Register) sizeInsns.get(0).getOpObjects(1)[0]).getBaseRegister().getName().equals("RDX")) 1028 | throw new IllegalStateException("WHAT 2"); 1029 | size = (int) (opcode + ((Scalar) sizeInsns.get(0).getOpObjects(1)[1]).getValue()); 1030 | } 1031 | 1032 | ServerProtInfo info = new ServerProtInfo(); 1033 | info.opcode = opcode; 1034 | info.size = size; 1035 | info.addr = t.getRegisterValue("RCX").getAddress(1).add(8); 1036 | packets[opcode] = info; 1037 | } 1038 | 1039 | for (int i = 0; i < NUM_PACKETS; i++) { 1040 | if (packets[i] == null) 1041 | throw new IllegalStateException("i thought i had em all :( at " + i); 1042 | } 1043 | 1044 | HashSet
a = new HashSet<>(); 1045 | for (ServerProtInfo packet : packets) { 1046 | if (a.contains(packet.addr)) 1047 | throw new IllegalStateException("REWRWE"); 1048 | a.add(packet.addr); 1049 | } 1050 | 1051 | throw new Exception("yayeeeet"); 1052 | } 1053 | } 1054 | 1055 | // okay welp time to scan insns 1056 | for (Instruction insn : getFunctionInstructions(fn)) { 1057 | tracker.update(insn); 1058 | 1059 | checkAndNameServerProt(insn); 1060 | 1061 | if (!insn.getMnemonicString().equals("CALL")) 1062 | continue; 1063 | 1064 | Address addr = insn.getAddress(0); 1065 | 1066 | boolean isRegister = (addr != null && serverProtReg1 != null && addr.equals(serverProtReg1.getEntryPoint())); 1067 | if (addr != null && (!visited.contains(addr) || isRegister)) { 1068 | if (!isRegister) 1069 | visited.add(addr); 1070 | refactorPacketsRecursive(insn, getFunctionAt(addr), visited, tracker.waistClone(), isRegister ? rdx : tracker.getRegisterValue("RCX"), tracker.getRegisterValue("RDX")); 1071 | } 1072 | } 1073 | } 1074 | 1075 | private void checkAndNameServerProt(Instruction insn) { 1076 | if (serverProtReg1 != null && insn.getAddress(1) != null) { 1077 | try { 1078 | ServerProtInfo info = serverProtFromAddress(insn.getAddress(1)); 1079 | addresses.remove(insn.getAddress(1)); 1080 | if (!info.done) { 1081 | info.done = true; 1082 | // println("before " + info); 1083 | info.name = PACKET_NAMES[packetNamesOffset++]; 1084 | 1085 | if (insn.getRegister(0).getBaseRegister().getName().equals("RDX")) { 1086 | Instruction t = insn.getPrevious(); 1087 | while (t.getAddress(1) == null || t.getAddress(1).getAddressSpace().isStackSpace()) { 1088 | t = t.getPrevious(); 1089 | } 1090 | info.vtable = t.getAddress(1); 1091 | } else if (insn.getRegister(0).getBaseRegister().getName().equals("RCX")) { 1092 | Function f = getFunctionAt(insn.getNext().getAddress(0)); 1093 | Instruction t = getInstructionAt(f.getEntryPoint()); 1094 | while (t.getAddress(1) == null || t.getAddress(1).getAddressSpace().isStackSpace()) { 1095 | t = t.getNext(); 1096 | } 1097 | info.vtable = t.getAddress(1); 1098 | } else { 1099 | throw new IllegalStateException(); 1100 | } 1101 | 1102 | // println(" hmm " + insn.toString() + " @ " + insn.getAddress()); 1103 | 1104 | // i know yayeet should be used here but whatever it's 4:05am 1105 | // StringBuilder handlerName = new StringBuilder(); 1106 | // for (String s : info.name.toLowerCase(Locale.ROOT).split("_")) { 1107 | // handlerName.append(s.substring(0, 1).toUpperCase(Locale.ROOT)).append(s.substring(1).toUpperCase(Locale.ROOT)); 1108 | // } 1109 | 1110 | // println("after " + info); 1111 | } 1112 | } catch (Exception e) { 1113 | } 1114 | } 1115 | } 1116 | 1117 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 1118 | // UTILITIES SECTION // 1119 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 1120 | 1121 | /** 1122 | * @param fn The function to rename 1123 | * @param name The new name of the function 1124 | * @throws DuplicateNameException [Document Ghidra exceptions here] 1125 | * @throws InvalidInputException [Document Ghidra exceptions here] 1126 | * @throws CircularDependencyException [Document Ghidra exceptions here] 1127 | */ 1128 | private void renameFunction(Function fn, FullyQualifiedName name) throws DuplicateNameException, InvalidInputException, CircularDependencyException { 1129 | fn.setName(name.name, SourceType.USER_DEFINED); 1130 | fn.setParentNamespace(getOrCreateNamespace(name.namespace)); 1131 | 1132 | printf("Renamed function at %s to '%s'%n", fn.getEntryPoint().toString(), name.toString()); 1133 | } 1134 | 1135 | /** 1136 | * @param fn The function to rename 1137 | * @param name The new name of the function 1138 | * @throws DuplicateNameException [Document Ghidra exceptions here] 1139 | * @throws InvalidInputException [Document Ghidra exceptions here] 1140 | * @throws CircularDependencyException [Document Ghidra exceptions here] 1141 | */ 1142 | private void renameFunction(Function fn, String name) throws DuplicateNameException, InvalidInputException, CircularDependencyException { 1143 | renameFunction(fn, new FullyQualifiedName(name)); 1144 | } 1145 | 1146 | /** 1147 | * Sets a label at a point in the code 1148 | * 1149 | * @param address The address to apply the label to 1150 | * @param name The name of the label 1151 | * @throws DuplicateNameException [Document Ghidra exceptions here] 1152 | * @throws InvalidInputException [Document Ghidra exceptions here] 1153 | */ 1154 | private void setLabel(Address address, FullyQualifiedName name) throws DuplicateNameException, InvalidInputException { 1155 | printf("Set label at %s to '%s'%n", address.toString(), name.toString()); 1156 | 1157 | SymbolTable table = currentProgram.getSymbolTable(); 1158 | 1159 | for (Symbol symbol : table.getSymbols(address)) { 1160 | if (symbol.getName().equals(name.name)) 1161 | return; 1162 | } 1163 | 1164 | table.createLabel(address, name.name, getOrCreateNamespace(name.namespace), SourceType.USER_DEFINED); 1165 | } 1166 | 1167 | /** 1168 | * Sets a label at a point in the code 1169 | * 1170 | * @param address The address to apply the label to 1171 | * @param name The name of the label 1172 | * @throws DuplicateNameException [Document Ghidra exceptions here] 1173 | * @throws InvalidInputException [Document Ghidra exceptions here] 1174 | */ 1175 | private void setLabel(Address address, String name) throws DuplicateNameException, InvalidInputException { 1176 | setLabel(address, new FullyQualifiedName(name)); 1177 | } 1178 | 1179 | /** 1180 | * Gets a namespace from a string, or create it if it does not exist yet. This supports multi-level namespaces. 1181 | * 1182 | * @param name The name to convert into a namespace 1183 | * @return The namespace. If name is null, the global namespace will be returned. 1184 | * @throws DuplicateNameException [Document Ghidra exceptions here] 1185 | * @throws InvalidInputException [Document Ghidra exceptions here] 1186 | */ 1187 | private Namespace getOrCreateNamespace(String name) throws DuplicateNameException, InvalidInputException { 1188 | if (name == null) { 1189 | return currentProgram.getGlobalNamespace(); 1190 | } 1191 | 1192 | SymbolTable table = currentProgram.getSymbolTable(); 1193 | 1194 | String[] path = name.split("::"); 1195 | Namespace parent = currentProgram.getGlobalNamespace(); 1196 | for (String s : path) { 1197 | Namespace child = table.getNamespace(s, parent); 1198 | if (child == null) { 1199 | child = table.createNameSpace(parent, s, SourceType.USER_DEFINED); 1200 | } 1201 | parent = child; 1202 | } 1203 | 1204 | return parent; 1205 | } 1206 | 1207 | /** 1208 | * Lists all instructions for the provided function. 1209 | * 1210 | * @param fn The function to list instructions for 1211 | * @return A list containing the instructions in the function. Modifying this list does not reflect on the function. 1212 | */ 1213 | private List getFunctionInstructions(Function fn) { 1214 | List insns = new ArrayList<>(); 1215 | 1216 | for (CodeUnit codeUnit : currentProgram.getListing().getCodeUnits(fn.getBody(), true)) { 1217 | Instruction insn = getInstructionAt(codeUnit.getAddress()); 1218 | if (insn == null) { 1219 | // printf("Error: insn == null%n"); 1220 | continue; 1221 | } 1222 | 1223 | insns.add(insn); 1224 | } 1225 | 1226 | return insns; 1227 | } 1228 | 1229 | /** 1230 | * Represents a full name space. There's probably support for this in Ghidra but oh well. 1231 | *

1232 | * +---------------------------------------+ 1233 | * | some::long::path::to::a::FunctionName | 1234 | * | Namespace || Name | 1235 | * +------------------------++-------------+ 1236 | */ 1237 | public static class FullyQualifiedName { 1238 | public final String namespace; 1239 | public final String name; 1240 | 1241 | public FullyQualifiedName(String namespace, String name) { 1242 | this.namespace = namespace; 1243 | this.name = name; 1244 | } 1245 | 1246 | public FullyQualifiedName(String full) { 1247 | String[] split = full.split("::"); 1248 | 1249 | if (split.length == 0) { 1250 | this.namespace = null; 1251 | this.name = full; 1252 | } else { 1253 | StringJoiner jnr = new StringJoiner("::"); 1254 | for (int i = 0; i < split.length - 1; i++) { 1255 | jnr.add(split[i]); 1256 | } 1257 | 1258 | this.name = split[split.length - 1]; 1259 | this.namespace = jnr.toString(); 1260 | } 1261 | } 1262 | 1263 | @Override 1264 | public String toString() { 1265 | return namespace + "::" + name; 1266 | } 1267 | } 1268 | 1269 | public static RS3NXTRefactorer instance; 1270 | 1271 | 1272 | private static HashSet E = new HashSet<>(); 1273 | 1274 | /** 1275 | * Tracks the instructions that were used to manipulate a register. This can be useful for certain applications 1276 | */ 1277 | public static class RegisterTracker { 1278 | private HashMap> registerValues = new HashMap<>(); 1279 | private Stack> stack = new Stack<>(); 1280 | 1281 | /** 1282 | * Wipes all tracked registers 1283 | */ 1284 | public void clear() { 1285 | registerValues.clear(); 1286 | } 1287 | 1288 | /** 1289 | * Updates the register using ANY instruction. 1290 | *

1291 | * Function calls are not supported yet (RAX). 1292 | *

1293 | * If an instruction does not modify a register, this will do nothing. No exception will be thrown. 1294 | * 1295 | * @param insn Any instruction 1296 | */ 1297 | public void update(Instruction insn) { 1298 | if (insn == null || ((insn.getRegisters().size() == 0 || insn.getRegister(0) == null) && !insn.getMnemonicString().equals("CALL"))) 1299 | return; 1300 | 1301 | String registerName = insn.getMnemonicString().equals("CALL") ? "RAX" : insn.getRegister(0).getBaseRegister().getName(); 1302 | List prior = registerValues.getOrDefault(registerName, new ArrayList<>()); 1303 | 1304 | HashSet blegh = new HashSet() {{ 1305 | add("SUB"); 1306 | add("ADD"); 1307 | add("XOR"); 1308 | add("TEST"); 1309 | add("CMP"); 1310 | add("SETNZ"); 1311 | add("AND"); 1312 | add("ROR"); 1313 | add("MOV"); 1314 | add("MOVSXD"); 1315 | add("SAR"); 1316 | add("CMOVZ"); 1317 | add("CMOVA"); 1318 | add("DIV"); 1319 | add("OR"); 1320 | add("SBB"); 1321 | add("MOVZX"); 1322 | add("NEG"); 1323 | add("INC"); 1324 | add("IMUL"); 1325 | add("DEC"); 1326 | add("CMOVBE"); 1327 | add("PUNPCKLBW"); 1328 | add("JMP"); 1329 | add("ROL"); 1330 | add("SHR"); 1331 | add("MOVQ"); 1332 | }}; 1333 | if (insn.getMnemonicString().equals("PUSH")) { 1334 | prior = registerValues.remove(registerName); 1335 | if (prior == null) prior = new ArrayList<>(); 1336 | stack.push(prior); 1337 | } else if (insn.getMnemonicString().equals("POP")) { 1338 | registerValues.put(registerName, stack.pop()); 1339 | } else if (insn.getMnemonicString().equals("LEA")) { 1340 | List list = new ArrayList<>(); 1341 | list.add(insn); 1342 | registerValues.put(registerName, list); 1343 | } else if (blegh.contains(insn.getMnemonicString())) { 1344 | List src; 1345 | if (insn.getRegister(1) != null) 1346 | src = registerValues.getOrDefault(insn.getRegister(1).getBaseRegister().getName(), new ArrayList<>()); 1347 | else { 1348 | src = new ArrayList<>(); 1349 | src.add(insn); 1350 | } 1351 | registerValues.put(registerName, src); 1352 | } else if (insn.getMnemonicString().equals("CALL")) { 1353 | List list = new ArrayList<>(); 1354 | list.add(insn); 1355 | registerValues.put("RAX", list); 1356 | } else if (insn.getMnemonicString().equals("JMP")) { 1357 | // ignored 1358 | } else { 1359 | E.add(insn.getMnemonicString()); 1360 | 1361 | 1362 | List src; 1363 | if (insn.getRegister(1) != null) 1364 | src = registerValues.getOrDefault(insn.getRegister(1).getBaseRegister().getName(), new ArrayList<>()); 1365 | else { 1366 | src = new ArrayList<>(); 1367 | src.add(insn); 1368 | } 1369 | registerValues.put(registerName, src); 1370 | // throw new IllegalStateException("? " + registerName + " @ " + insn.getAddress() + ": " + insn); 1371 | } 1372 | 1373 | // registerValues.put(registerName, prior); 1374 | } 1375 | 1376 | /** 1377 | * @param register The register to check 1378 | * @return The last instruction that modified the register. May be null. 1379 | */ 1380 | public Instruction getRegisterValue(String register) { 1381 | List insn = registerValues.get(register); 1382 | if (insn == null || insn.isEmpty()) return null; 1383 | return registerValues.get(register).get(0); 1384 | } 1385 | 1386 | public List getRegisterValues(String register) { 1387 | return registerValues.getOrDefault(register, new ArrayList<>()); 1388 | } 1389 | 1390 | /** 1391 | * @return A semi-deep clone of this tracker, instructions are not deep-cloned. 1392 | */ 1393 | public RegisterTracker waistClone() { // haha shallow is feet, deep is head-under, waist is in-between l0l 1394 | RegisterTracker clone = new RegisterTracker(); 1395 | clone.stack.addAll(stack); 1396 | registerValues.forEach((k, v) -> { 1397 | List list = new ArrayList<>(v); 1398 | clone.registerValues.put(k, list); 1399 | }); 1400 | return clone; 1401 | } 1402 | } 1403 | 1404 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 1405 | // DATA TYPES // 1406 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 1407 | 1408 | /** 1409 | * Initializes default/builtin data types that we use 1410 | */ 1411 | private void initDefaultDataTypes() { 1412 | Types.LONGLONG = getDataType("/longlong"); 1413 | Types.BOOL = getDataType("/bool"); 1414 | Types.VOID = getDataType("/void"); 1415 | Types.UINT = getDataType("/uint"); 1416 | Types.INT = getDataType("/int"); 1417 | Types.BYTE = getDataType("/byte"); 1418 | } 1419 | 1420 | /** 1421 | * Gets the data type according to Ghidra's path, throwing a NPE if it could not be found. 1422 | * 1423 | * @param path The path of the data type. By default this would be "/path/to/data/type/name" 1424 | * @return The data type 1425 | * @throws NullPointerException If said data type could not be found 1426 | */ 1427 | private DataType getDataType(String path) throws NullPointerException { 1428 | DataType type = currentProgram.getDataTypeManager().getDataType(path); 1429 | 1430 | if (type == null) { 1431 | throw new NullPointerException("DataType: " + path); 1432 | } 1433 | 1434 | return type; 1435 | } 1436 | 1437 | /** 1438 | * @return A pointer to the data type 1439 | */ 1440 | private DataType ptr(DataType type) { 1441 | return currentProgram.getDataTypeManager().getPointer(type); 1442 | } 1443 | 1444 | /** 1445 | * Creates a new array data type 1446 | * 1447 | * @param type The type of the elements in this array 1448 | * @param arraySize The amount of elements in this array 1449 | * @param elementLength The size of each element. For pointers, this would be 8, for ints, this would be 4, byte 1.. 1450 | * @return The newly created array data type. 1451 | */ 1452 | private DataType arr(DataType type, int arraySize, int elementLength) { 1453 | return new ArrayDataType(type, arraySize, elementLength, currentProgram.getDataTypeManager()); 1454 | } 1455 | 1456 | /** 1457 | * Gets the class, or creates the class 1458 | * 1459 | * @param name The name of the class 1460 | * @return The class 1461 | * @throws DuplicateNameException [Document Ghidra exceptions here] 1462 | * @throws InvalidInputException [Document Ghidra exceptions here] 1463 | * @throws IllegalStateException If the existing namespace is not a class 1464 | */ 1465 | private GhidraClass getOrCreateClass(String name) throws DuplicateNameException, InvalidInputException { 1466 | return getOrCreateClass(new FullyQualifiedName(name)); 1467 | } 1468 | 1469 | /** 1470 | * Gets the class, or creates the class 1471 | * 1472 | * @param name The name of the class 1473 | * @return The class 1474 | * @throws DuplicateNameException [Document Ghidra exceptions here] 1475 | * @throws InvalidInputException [Document Ghidra exceptions here] 1476 | * @throws IllegalStateException If the existing namespace is not a class 1477 | */ 1478 | private GhidraClass getOrCreateClass(FullyQualifiedName name) throws DuplicateNameException, InvalidInputException { 1479 | SymbolTable table = currentProgram.getSymbolTable(); 1480 | 1481 | Namespace parent = getOrCreateNamespace(name.namespace); 1482 | 1483 | Namespace existing = table.getNamespace(name.name, parent); 1484 | if (existing == null) { 1485 | return table.createClass(parent, name.name, SourceType.USER_DEFINED); 1486 | } 1487 | 1488 | if (!(existing instanceof GhidraClass)) { 1489 | throw new IllegalStateException("expected class, got namespace for " + name); 1490 | } 1491 | 1492 | return (GhidraClass) existing; 1493 | } 1494 | 1495 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 1496 | // STRUCTURES // 1497 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 1498 | 1499 | /** 1500 | * Resizes a structure. This will throw an exception if the structure is bigger than the size. 1501 | * 1502 | * @param struct The struct to resize 1503 | * @param size The desired size of the struct 1504 | * @throws NullPointerException If struct is null 1505 | * @throws IllegalStateException If the struct size is bigger than what it should be 1506 | */ 1507 | private void resizeStructure(Structure struct, int size) throws NullPointerException { 1508 | String fullPath = (struct.getCategoryPath().toString() + "::" + struct.getName()).replaceAll("/", "::").substring(2); 1509 | 1510 | if (struct.getLength() < size) { 1511 | int growBy = size - struct.getLength(); 1512 | 1513 | printf("Growing struct '%s' size from %d to %d (+%d bytes)%n", fullPath, struct.getLength(), size, growBy); 1514 | 1515 | struct.growStructure(growBy); 1516 | 1517 | if (struct.getLength() < size) { 1518 | struct.growStructure(size - struct.getLength()); 1519 | } 1520 | } else if (struct.getLength() > size) { 1521 | throw new IllegalStateException("Structure '" + fullPath + "' data structure too big: " + struct.getLength() + ", expected: " + size); 1522 | } else { 1523 | printf("Structure '%s' size already optimal! (=%d bytes)%n", fullPath, struct.getLength()); 1524 | } 1525 | } 1526 | 1527 | /** 1528 | * Gets the structure of a class. If the structure does not exist, it will create a new, empty, structure. 1529 | * 1530 | * @param clazz The class to get the structure for 1531 | * @return The structure of the class 1532 | * @throws IllegalStateException If the existing data type is not an instance of {@link Structure} or the data type 1533 | * was not found and could not be created 1534 | */ 1535 | private Structure getStructureForClass(GhidraClass clazz) { 1536 | CategoryPath path = new CategoryPath(CategoryPath.ROOT, clazz.getName(true).split("::")); 1537 | 1538 | DataType type = currentProgram.getDataTypeManager().getDataType(path.getParent(), path.getName()); 1539 | 1540 | if (type == null) { 1541 | printf("Created new data type/structure: %s%n", path.toString()); 1542 | currentProgram.getDataTypeManager().addDataType(new StructureDataType(path.getParent(), path.getName(), 0, currentProgram.getDataTypeManager()), DataTypeConflictHandler.DEFAULT_HANDLER); 1543 | 1544 | type = currentProgram.getDataTypeManager().getDataType(path.getParent(), path.getName()); 1545 | if (type == null) { 1546 | throw new IllegalStateException("no DataType found for class " + clazz.getName(true)); 1547 | } 1548 | } 1549 | 1550 | if (!(type instanceof Structure)) { 1551 | throw new IllegalStateException("class DataType is not instance of Structure " + clazz.getName(true) + ", but of " + type.getClass().getSimpleName()); 1552 | } 1553 | 1554 | return (Structure) type; 1555 | } 1556 | 1557 | private int packetNamesOffset = 0; 1558 | private static final String[] PACKET_NAMES = new String[]{ 1559 | /* Animations */ 1560 | "LOC_ANIM_SPECIFIC", 1561 | "PROJANIM_SPECIFIC", 1562 | "SPOTANIM_SPECIFIC", 1563 | "NPC_ANIM_SPECIFIC", 1564 | "RESET_ANIMS", 1565 | "SERVER_TICK_END", 1566 | 1567 | /* Audio */ 1568 | "SYNTH_SOUND", 1569 | "VORBIS_SOUND", 1570 | "VORBIS_SPEECH_SOUND", 1571 | "VORBIS_SPEECH_STOP", 1572 | "VORBIS_PRELOAD_SOUNDS", 1573 | "VORBIS_SOUND_GROUP", 1574 | "VORBIS_SOUND_GROUP_START", 1575 | "VORBIS_SOUND_GROUP_STOP", 1576 | "VORBIS_PRELOAD_SOUND_GROUP", 1577 | "SOUND_MIXBUSS_ADD", 1578 | "SOUND_MIXBUSS_SETLEVEL", 1579 | "MIDI_SONG", 1580 | "MIDI_SONG_STOP", 1581 | "MIDI_SONG_LOCATION", 1582 | "MIDI_JINGLE", 1583 | "SONG_PRELOAD", 1584 | 1585 | /* Camera */ 1586 | "CAMERA_UPDATE", 1587 | "CAM2_ENABLE", 1588 | "CAM_RESET", 1589 | "CAM_FORCEANGLE", 1590 | "CAM_MOVETO", 1591 | "CAM_LOOKAT", 1592 | "CAM_SMOOTHRESET", 1593 | "CAM_SHAKE", 1594 | "CAM_REMOVEROOF", 1595 | "CUTSCENE", 1596 | 1597 | /* Chat */ 1598 | "MESSAGE_PUBLIC", 1599 | "MESSAGE_GAME", 1600 | "CHAT_FILTER_SETTINGS", 1601 | "MESSAGE_PRIVATE", 1602 | "MESSAGE_PRIVATE_ECHO", 1603 | "MESSAGE_FRIENDCHANNEL", 1604 | "MESSAGE_CLANCHANNEL", 1605 | "MESSAGE_CLANCHANNEL_SYSTEM", 1606 | "MESSAGE_QUICKCHAT_PRIVATE_ECHO", 1607 | "MESSAGE_QUICKCHAT_PRIVATE", 1608 | "MESSAGE_QUICKCHAT_FRIENDCHAT", 1609 | "MESSAGE_QUICKCHAT_CLANCHANNEL", 1610 | "MESSAGE_PLAYER_GROUP", 1611 | "MESSAGE_QUICKCHAT_PLAYER_GROUP", 1612 | 1613 | /* Clans */ 1614 | "CLANSETTINGS_FULL", 1615 | "CLANSETTINGS_DELTA", 1616 | "CLANCHANNEL_FULL", 1617 | "CLANCHANNEL_DELTA", 1618 | 1619 | /* ClientState */ 1620 | "LOGOUT", 1621 | "LOGOUT_FULL", 1622 | "LOGOUT_TRANSFER", 1623 | "REBUILD_REGION", 1624 | "REBUILD_NORMAL", 1625 | "SET_MOVEACTION", 1626 | "SET_MAP_FLAG", 1627 | "RUNCLIENTSCRIPT", 1628 | "UPDATE_REBOOT_TIMER", 1629 | "JCOINS_UPDATE", 1630 | "LOYALTY_UPDATE", 1631 | 1632 | /* Debug */ 1633 | "DEBUG_SERVER_TRIGGERS", 1634 | "CONSOLE_FEEDBACK", 1635 | 1636 | /* Environment */ 1637 | "ENVIRONMENT_OVERRIDE", 1638 | "POINTLIGHT_COLOUR", 1639 | "_UNKNOWN1_", 1640 | 1641 | /* Friend Chat */ 1642 | "UPDATE_FRIENDCHAT_CHANNEL_FULL", 1643 | "UPDATE_FRIENDCHAT_CHANNEL_SINGLEUSER", 1644 | 1645 | /* Friends */ 1646 | "UPDATE_FRIENDLIST", 1647 | "FRIENDLIST_LOADED", 1648 | "CHAT_FILTER_SETTINGS_PRIVATECHAT", 1649 | 1650 | /* Hint */ 1651 | "HINT_ARROW", 1652 | "HINT_TRAIL", 1653 | 1654 | /* Ignores */ 1655 | "UPDATE_IGNORELIST", 1656 | 1657 | /* Interfaces */ 1658 | "IF_SETPOSITION", 1659 | "IF_SETSCROLLPOS", 1660 | "IF_OPENTOP", 1661 | "IF_OPENSUB", 1662 | "IF_OPENSUB_ACTIVE_PLAYER", 1663 | "IF_OPENSUB_ACTIVE_NPC", 1664 | "IF_OPENSUB_ACTIVE_LOC", 1665 | "IF_OPENSUB_ACTIVE_OBJ", 1666 | "IF_CLOSESUB", 1667 | "IF_MOVESUB", 1668 | "IF_SETEVENTS", 1669 | "IF_SETTARGETPARAM", 1670 | "IF_SETTEXT", 1671 | "IF_SETHIDE", 1672 | "IF_SETGRAPHIC", 1673 | "IF_SET_HTTP_IMAGE", 1674 | "IF_SETPLAYERMODEL_OTHER", 1675 | "IF_SETPLAYERMODEL_SELF", 1676 | "IF_SETPLAYERMODEL_SNAPSHOT", 1677 | "IF_SETMODEL", 1678 | "IF_SETANIM", 1679 | "IF_SETNPCHEAD", 1680 | "IF_SETPLAYERHEAD", 1681 | "IF_SETPLAYERHEAD_OTHER", 1682 | "IF_SETPLAYERHEAD_IGNOREWORN", 1683 | "IF_SETOBJECT", 1684 | "IF_SETTEXTFONT", 1685 | "IF_SETCOLOUR", 1686 | "IF_SETRECOL", 1687 | "IF_SETRETEX", 1688 | "IF_SETCLICKMASK", 1689 | "IF_SETTEXTANTIMACRO", 1690 | "TRIGGER_ONDIALOGABORT", 1691 | "IF_SETANGLE", 1692 | "UNKNOWN_IF_1", 1693 | "UNKONWN_IF_2_930", 1694 | "UNKONWN_IF_3_930", 1695 | 1696 | /* Inventories */ 1697 | "UPDATE_INV_PARTIAL", 1698 | "UPDATE_INV_FULL", 1699 | "UPDATE_INV_STOP_TRANSMIT", 1700 | "UPDATE_STOCKMARKET_SLOT", 1701 | 1702 | /* Lobby */ 1703 | "NO_TIMEOUT", 1704 | "CREATE_CHECK_EMAIL_REPLY", 1705 | "CREATE_ACCOUNT_REPLY", 1706 | "CREATE_CHECK_NAME_REPLY", 1707 | "CREATE_SUGGEST_NAME_ERROR", 1708 | "CREATE_SUGGEST_NAME_REPLY", 1709 | "LOBBY_APPEARANCE", 1710 | "CHANGE_LOBBY", 1711 | 1712 | /* Misc */ 1713 | "SEND_PING", 1714 | "MINIMAP_TOGGLE", 1715 | "SHOW_FACE_HERE", 1716 | "EXECUTE_CLIENT_CHEAT", 1717 | "DO_CHEAT", 1718 | "SETDRAWORDER", 1719 | "JS5_RELOAD", 1720 | "WORLDLIST_FETCH_REPLY", 1721 | 1722 | /* NPC Info */ 1723 | "NPC_INFO", 1724 | "NPC_HEADICON_SPECIFIC", 1725 | 1726 | /* Player Groups */ 1727 | "PLAYER_GROUP_FULL", 1728 | "PLAYER_GROUP_DELTA", 1729 | "PLAYER_GROUP_VARPS", 1730 | 1731 | /* Player Info */ 1732 | "LAST_LOGIN_INFO", 1733 | "PLAYER_INFO", 1734 | "SET_PLAYER_OP", 1735 | "UPDATE_RUNENERGY", 1736 | "UPDATE_RUNWEIGHT", 1737 | "UPDATE_UID192", 1738 | "SET_TARGET", 1739 | "REDUCE_PLAYER_ATTACK_PRIORITY", 1740 | "REDUCE_NPC_ATTACK_PRIORITY", 1741 | "PLAYER_SNAPSHOT", 1742 | "CLEAR_PLAYER_SNAPSHOT", 1743 | "UPDATE_DOB", 1744 | 1745 | /* Server Reply */ 1746 | "SERVER_REPLY", 1747 | 1748 | /* Telemetry */ 1749 | "TELEMETRY_GRID_FULL", 1750 | "TELEMETRY_GRID_VALUES_DELTA", 1751 | "TELEMETRY_GRID_ADD_GROUP", 1752 | "TELEMETRY_GRID_REMOVE_GROUP", 1753 | "TELEMETRY_GRID_ADD_ROW", 1754 | "TELEMETRY_GRID_REMOVE_ROW", 1755 | "TELEMETRY_GRID_SET_ROW_PINNED", 1756 | "TELEMETRY_GRID_MOVE_ROW", 1757 | "TELEMETRY_GRID_ADD_COLUMN", 1758 | "TELEMETRY_GRID_REMOVE_COLUMN", 1759 | "TELEMETRY_GRID_MOVE_COLUMN", 1760 | "TELEMETRY_CLEAR_GRID_VALUE", 1761 | 1762 | /* Variables */ 1763 | "RESET_CLIENT_VARCACHE", 1764 | "VARP_SMALL", 1765 | "VARP_LARGE", 1766 | "VARBIT_SMALL", 1767 | "VARBIT_LARGE", 1768 | "CLIENT_SETVARC_SMALL", 1769 | "CLIENT_SETVARC_LARGE", 1770 | "CLIENT_SETVARCBIT_SMALL", 1771 | "CLIENT_SETVARCBIT_LARGE", 1772 | "CLIENT_SETVARCSTR_SMALL", 1773 | "CLIENT_SETVARCSTR_LARGE", 1774 | "STORE_SERVERPERM_VARCS_ACK", 1775 | "VARCLAN_DISABLE", 1776 | "VARCLAN_ENABLE", 1777 | "VARCLAN", 1778 | "UPDATE_STAT", 1779 | "UNKNOWN_VAR_1_930", 1780 | "UNKNOWN_VAR_2_930", 1781 | 1782 | /* Web Page */ 1783 | "UPDATE_SITESETTINGS", 1784 | "URL_OPEN", 1785 | "SOCIAL_NETWORK_LOGOUT", 1786 | 1787 | /* Zone Updates */ 1788 | "UPDATE_ZONE_PARTIAL_FOLLOWS", 1789 | "UPDATE_ZONE_FULL_FOLLOWS", 1790 | "UPDATE_ZONE_PARTIAL_ENCLOSED", 1791 | "LOC_ADD_CHANGE", 1792 | "LOC_CUSTOMISE", 1793 | "LOC_DEL", 1794 | "LOC_ANIM", 1795 | "MAP_PROJANIM", 1796 | "MAP_PROJANIM_HALFSQ", 1797 | "MAP_ANIM", 1798 | "OBJ_ADD", 1799 | "OBJ_DEL", 1800 | "OBJ_REVEAL", 1801 | "OBJ_COUNT", 1802 | "SOUND_AREA", 1803 | "____WAT____", 1804 | "LOC_PREFETCH", 1805 | "TEXT_COORD" 1806 | }; 1807 | 1808 | public static final int NUM_PACKETS = 200; 1809 | 1810 | private ServerProtInfo[] packets = new ServerProtInfo[NUM_PACKETS]; 1811 | 1812 | static class ServerProtInfo { 1813 | boolean done = false; 1814 | public int opcode; 1815 | public int size; 1816 | public String name; 1817 | public Address addr; 1818 | public Address vtable; 1819 | 1820 | @Override 1821 | public String toString() { 1822 | return "ServerProt[opcode=" + opcode + ", size=" + size + ", name=" + name + ", addr= " + addr + " ]"; 1823 | } 1824 | } 1825 | } 1826 | --------------------------------------------------------------------------------