About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> ohjeongwook's Blog

Created: Friday, June 19 2009 19:35.45 CDT Modified: Friday, June 19 2009 19:37.08 CDT
Direct Link, View / Make / Edit Comments
Exporting IDA function for IDC Script Usage
Author: ohjeongwook # Views: 1930

Sometimes you want to specify additional options or to call internal function of IDA plugin that you wrote. You can use "set_idc_func" API to achive this. Here's a sample skeleton code that is showing how to make a custom function that idc script can call.
char *OutputFilename;
static const char SendDiassemblyInfoArgs[]={VT_STR,0 };
static error_t idaapi SendDiassemblyInfo(value_t *argv,value_t *res)
{
msg("%s is called with arg0=%s\n",argv[0].str);
OutputFilename=strdup(argv[0].str);
run(2);
res->num=1;
return eOk;
}

int idaapi init(void)
{
if ( inf.filetype == f_ELF ) return PLUGIN_SKIP;

set_idc_func("SendDiassemblyInfo",SendDiassemblyInfo,SendDiassemblyInfoArgs);
return PLUGIN_KEEP;
}

void idaapi term(void)
{
set_idc_func("SendDiassemblyInfo",NULL,NULL);
}
From idc script, you can call the defined function as if it's a builtin API like following.
static main()
{
RunPlugin("DarunGrim2",1);
SendDiassemblyInfo("disassembly.info");
Exit(0);
}
Simple!

Created: Saturday, February 7 2009 19:03.18 CST Modified: Saturday, February 7 2009 19:05.28 CST
Direct Link, View / Make / Edit Comments
DarunGrim2 is up
Author: ohjeongwook # Views: 2054

Check this out: http://www.darungrim.org/
I also setup google groups to talk about darungrim and binary diffing related topics.

Created: Wednesday, December 31 2008 15:43.57 CST Modified: Thursday, January 1 2009 13:28.58 CST
Direct Link, View / Make / Edit Comments
DarunGrim2 is coming!
Author: ohjeongwook # Views: 3481

I'm preparing DarunGrim2 release these days.
It's in C++ so using less memory and CPU than original DarunGrim which is implemented in Python. The original DarunGrim is always available at origianl page(http://research.eeye.com/html/tools/RT20060801-1.html). And it's stable and opensource.

During the time you can evaluate Binary Differ(http://code.google.com/p/binarydiffer/), which is opensource and implemented in C and has no external GUI. It's been there for few months and it's in GPL, so you can do whatever you want with it.

Here's some screenshots from Binary Differ.
http://lh5.ggpht.com/_WcidANaFFi4/RZXSkUB6pJI/AAAAAAAAAHE/9shuhWqEQHA/s800/MS06-070.jpg


BTW, DarunGrim2 will be provided as binary only. Basically the only differences between DarunGrim2 and "Binary Differ" are the language used(C/C++) and GUI parts, and also whether they are opensource or not.

Enjoy diffing and happy new year!

PS. I'm giving you some Korean tips here.
    DarunGrim=Darun+Grim
        Darun=Different
        Grim=Pictures


Archived Entries for ohjeongwook
Subject # Views Created On
No archived blog entries found.

There are 28,212 total registered users.


Recently Created Topics
Reverse Engineering ...
Jan/23
Career: DoD Agency I...
Jan/22
"Disappearing&q...
Jan/17
Career: Software Sec...
Jan/11
Where is the call st...
Jan/07
IDA Pro 6.1 Breakpoi...
Jan/01
How to create data s...
Dec/30
can i search all mod...
Dec/23
IDA symbol table exp...
Dec/20
An anti-attach trick
Dec/17


Recent Forum Posts
Reverse Engineering ...
NirIzr
"Disappearing&q...
NirIzr
Reverse Engineering ...
charlie
"Disappearing&q...
charlie
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
Looking for value in...
NirIzr


Recent Blog Entries
Ludwig
Feb/04
chi on sale
Ludwig
Feb/04
Monster In The Vicinity Of ...
Ludwig
Feb/04
Supra footwear Online
waleedassar
Jan/31
Yet Another Anti-Debug Trick
RolfRolles
Jan/22
Finding Bugs in VMs with a ...
More ...


Recent Blog Comments
waleedassar on:
Feb/01
Yet Another Anti-Debug Trick
NirIzr on:
Jan/31
Yet Another Anti-Debug Trick
jackchen on:
Jan/10
nike mercurial vapor iii
waleedassar on:
Dec/27
A new Anti-Olly trick.
PeterFerrie on:
Dec/27
A new Anti-Olly trick.
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit