import struct import sys import io import os import subprocess import csv class LuaConst(object): "Stand for Lua constants" def __init__(self, value): self.value = value def __repr__(self): return "<%s %s>" % (self.__class__, self.value) class LuaConstNil(LuaConst): pass class LuaConstByte(LuaConst): pass class LuaConstNumber(LuaConst): pass class LuaConstString(LuaConst): pass class LuaFunc(object): "Converter" index_stream = 0 def read_byte(self): self.index_stream += 1 return struct.unpack("B", self.stream.read(1))[0] def read_int(self): self.index_stream += 4 return struct.unpack("*?") : return ''.join([c for c in sourcestring if c not in removestring]) index = 0 decompile_files = 0 error_files = 0 infile = sys.argv[1] print("Parsing \"%s\" ..." % infile) indir = os.path.dirname(infile) csv.field_size_limit(100000000) with open(infile, 'r') as file: csvreader = csv.reader(file) for row in csvreader: if index == 0: index += 1 continue threat = cleanFilename(row[0]) attr = row[1] catagory = cleanFilename(row[2]) size = row[3] data = bytes.fromhex(row[4]) out_dir = os.path.join(indir, "lua", threat, catagory) os.makedirs(out_dir, exist_ok=True) out_file = os.path.join(out_dir, "0x%08x_luac" % index) if (convert_lua(out_file, data)): out_script = os.path.join(out_dir, "0x%08x_script.lua" % index) decompile(out_file, out_script) decompile_files += 1 else: error_files += 1 if (len(os.listdir(out_dir)) == 0): os.rmdir(out_dir) index += 1 print("Total: %d lua script" % (index-1)) print("Decompiled: %d" % (decompile_files)) print("error convert: %d" % (error_files)) # lua_sig_parser_decompile.py # from https://github.com/commial/experiments/blob/master/windows-defender/lua/parse.py