/* this script will attempt to comment the [eax+2342] type relatively offsets
   with the actual location (either by name, if available, or by address).
   
   this script works by trying to find the following sequence of bytes:
   
   call $+5
   pop <register>
   add/sub <register>, <some offset>
   
   if that sequence of instructions is not found, the results are undefined
*/

#include <idc.idc>

static main() {
	auto curr;
	auto funcName;
	auto startaddr, endaddr;
	auto foundCall5, saveCall5Addr, foundPop, foundOffset;
	auto i;
	auto disasm;
	auto baseAddr, baseReg;
	auto realAddr;
	auto comment;
	auto opPosition;
	
	
	curr = ScreenEA();
	
	funcName = GetFunctionName(curr);
	if (funcName == 0)
	{
	 Message("Unable to find function name for current address (0x%08x)", curr);
	 return;
	}
	
	startaddr = LocByName(funcName);
	if (startaddr == BADADDR)
	{
	 Message("Unable to find function by the name of '%s'\n", funcName);
	 return;
	}
	
	endaddr = FindFuncEnd(startaddr);
	if (endaddr == BADADDR)
	{
	 Message("Unable to find function's end\n");
	 return;
	}
	
	Message("start addr = 0x%08x, end addr = 0x%08x\nfuncName = %s\n", startaddr, endaddr, funcName);
	
	
	saveCall5Addr = foundOffset = 0;
	foundCall5 = foundPop = 0;
	i = startaddr;
	
	while (i < endaddr && i != BADADDR)
	{
	 
	 disasm = GetDisasm(i);
	
	 /* if the last loop needed us to save the current address, save it...*/
	 if (saveCall5Addr == 1)
	 {
	  Message("setting base address = 0x%08x\n", i);
	  baseAddr = i;
	  saveCall5Addr = 0;
	 }
	 
	 /* if we have found all the necessary components to construct the addresses, start processing those */
	 if (foundCall5 && foundPop && foundOffset)
	 {
	   opPosition = -1;	/* indicate that the operand was not found in either position */
	   /* do some real processing here! */
	   if (strstr(GetOpnd(i, 1), baseReg) != -1) opPosition = 1;
	   if (strstr(GetOpnd(i, 0), baseReg) != -1) opPosition = 0;
	   
	   if (opPosition != -1)
	   {
	     Message("%s ->(%d) %x\n", GetOpnd(i, 1), GetOpType(i, 1), GetOperandValue(i, 1));
	     if (GetOpType(i, opPosition) == 4) /* displacement + base + offset */
	     {
	       realAddr = baseAddr + GetOperandValue(i, opPosition);
	       Message("at 0x%08x, reference to 0x%08x (%s)\n", i, realAddr, GetTrueName(realAddr));
	       
	       comment = GetTrueName(realAddr);	/* use the label, if available */
	       if (comment == 0)
	       {
	        comment = ltoa(realAddr, 16);	/* otherwise, use the address */
	       }
	       MakeComm(i, comment);
	     }
	   }
	   
	   
	 }
	
	 /* if we have found the call $+5 and the pop <reg>, then find the offset value */
	 if (foundCall5 == 1 && foundPop == 1 && foundOffset == 0)
	 {
	 	 /* if the offset is being added...*/
	   if (GetOpnd(i, 0) == baseReg && strstr(disasm, "add") != -1)
	   {
	     OpHex(i, 1);  /* make 2nd operand a number */
	     baseAddr = baseAddr + xtol(GetOpnd(i, 1));
	     Message("(+)Base address = 0x%08x\n", baseAddr);
	     foundOffset = 1;
	   }
	
	
	   /* if the offset is being subtracted ... */
	   if (GetOpnd(i, 0) == baseReg && strstr(disasm, "sub") != -1)
	   {
	     OpHex(i, 1);  /* make 2nd operand a number */
	     baseAddr = baseAddr - xtol(GetOpnd(i, 1));
	     Message("(-)Base address = 0x%08x\n", baseAddr);
	     foundOffset = 1;
	   }
	
	 }
	
	 /* this checks for the call $+5 ... I should have probably put a check in place to keep
	    multiple instances of this in the same function from triggering this conditional */
	 if (strstr(disasm, "call") != -1 && strstr(disasm, "$+5") != -1)
	 {
	  Message("Found call $+5 at 0x%08x\n", i);
	  foundCall5 = 1;
	  saveCall5Addr = 1;
	  baseAddr = i;
	 }
	 
	 /* we have the call $+5, check for the first pop <reg> to follow this..*/
	 if (foundCall5 == 1 && foundPop == 0 && strstr(disasm, "pop") != -1)
	 {
	  Message("found base register %s\n", GetOpnd(i, 0));
	  baseReg = GetOpnd(i, 0);
	  foundPop = 1;
	 }

   /* get the next instruction */
	 i = FindCode(i, SEARCH_DOWN);
	}
	
	Message("Completed\n");
}