OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Store Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: September 4, 2009 20:44 CDT by sweetlie .

Hi,

I am writing IDA Pro plugin to automate debugging.
How can I get stack tracing information - especially, all callers -?
It seems that no related api is provided.
Regards.

detlef		September 5, 2009 10:16.40 CDT
You can use the IDA-SDK itself. A documentation is implicitly given by the header files. IDA Plug-In writing in c/c++ is a rather good introduction. In combination with the IDA-SDK it should be sufficient to enable you to write your own plugins. If I remember correctly even a debugger plugin is given as an example.

sweetlie		September 5, 2009 21:33.06 CDT
Thanks, detlef. I mean I cannot find any useful api to get call stack in IDA-SDK. I have to analyze the stack information manually in IDA plugin?

detlef		September 6, 2009 09:27.30 CDT
instead of starting from scratch you can use the cross referencing functionality of IDA. Just lookup 6.1 of the above mentioned manual (page 101). This does of course not take advantage of dynamically calculated jumps and calls and you will miss them. But it might be sufficient for you.

detlef		September 6, 2009 10:17.42 CDT
ups, i've just mixed up two different things. Take a look at the frame.hpp file. There you will find information about how to analyse the current stack frame. And yes, I think you have to analyse the stack manually.

sweetlie		September 6, 2009 20:44.42 CDT
thanks, detlef. It's frame.hpp that I wanna find.

Hanumaan		January 26, 2010 08:56.21 CST
Hey, i am trying write a plugin which would track for any memory wtite operation. can it be done and if yes how. thanx in advance.

Note: Registration is required to post to the forums.

There are 21,677 total registered users.

Recently Created Topics
PyEmu error when cal...	Sep/02
Restore Themida/Winl...	Sep/02
Anti-olly technique	Aug/30
RAR Password	Aug/29
Heap protection on W...	Aug/23
Why Inline asm in C+...	Aug/20
Bypassing OllyAdvance	Aug/17
Error in logic for g...	Aug/17
Has anyone seen this...	Aug/17
ARM Executable - Pat...	Aug/16

Recent Forum Posts
reverse engineering ...	raiden56
pydbg, memory breakp...	Researc...
RAR Password	Ineedhelp
RAR Password	cod
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	psylocn
Why Inline asm in C+...	ronnie2...

Recent Blog Entries
	meshmesh	Sep/01
Is it legal??
	waleedassar	Aug/30
Anti-olly technique
	QvasiModo	Aug/24
WinAppDbg 1.4 is out!
	artemblagodarenko	Aug/18
Dataflow-0.2.0 released. Ne...
	grzonu	Aug/17
Bypassing OllyAdvanced
More ...

Recent Blog Comments
	tosanjay on:	Sep/02
PyEmu 0.0.2
	GynvaelColdwind on:	Sep/01
Is it legal??
	PeterFerrie on:	Aug/31
Anti-olly technique
	dennis on:	Aug/26
Dr. Gadget IDAPython plugin
	halsten on:	Aug/19
Dataflow-0.2.0 released. Ne...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit