OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: September 4, 2009 20:44 CDT by sweetlie .

Hi,

I am writing IDA Pro plugin to automate debugging.
How can I get stack tracing information - especially, all callers -?
It seems that no related api is provided.
Regards.

detlef		September 5, 2009 10:16.40 CDT
You can use the IDA-SDK itself. A documentation is implicitly given by the header files. IDA Plug-In writing in c/c++ is a rather good introduction. In combination with the IDA-SDK it should be sufficient to enable you to write your own plugins. If I remember correctly even a debugger plugin is given as an example.

sweetlie		September 5, 2009 21:33.06 CDT
Thanks, detlef. I mean I cannot find any useful api to get call stack in IDA-SDK. I have to analyze the stack information manually in IDA plugin?

detlef		September 6, 2009 09:27.30 CDT
instead of starting from scratch you can use the cross referencing functionality of IDA. Just lookup 6.1 of the above mentioned manual (page 101). This does of course not take advantage of dynamically calculated jumps and calls and you will miss them. But it might be sufficient for you.

detlef		September 6, 2009 10:17.42 CDT
ups, i've just mixed up two different things. Take a look at the frame.hpp file. There you will find information about how to analyse the current stack frame. And yes, I think you have to analyse the stack manually.

sweetlie		September 6, 2009 20:44.42 CDT
thanks, detlef. It's frame.hpp that I wanna find.

Hanumaan		January 26, 2010 08:56.21 CST
Hey, i am trying write a plugin which would track for any memory wtite operation. can it be done and if yes how. thanx in advance.

Note: Registration is required to post to the forums.

There are 28,212 total registered users.

Recently Created Topics
Reverse Engineering ...	Jan/23
Career: DoD Agency I...	Jan/22
"Disappearing&q...	Jan/17
Career: Software Sec...	Jan/11
Where is the call st...	Jan/07
IDA Pro 6.1 Breakpoi...	Jan/01
How to create data s...	Dec/30
can i search all mod...	Dec/23
IDA symbol table exp...	Dec/20
An anti-attach trick	Dec/17

Recent Forum Posts
Reverse Engineering ...	NirIzr
"Disappearing&q...	NirIzr
Reverse Engineering ...	charlie
"Disappearing&q...	charlie
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
Looking for value in...	NirIzr

Recent Blog Entries
	Ludwig	Feb/04
chi on sale
	Ludwig	Feb/04
Monster In The Vicinity Of ...
	Ludwig	Feb/04
Supra footwear Online
	waleedassar	Jan/31
Yet Another Anti-Debug Trick
	RolfRolles	Jan/22
Finding Bugs in VMs with a ...
More ...

Recent Blog Comments
	waleedassar on:	Feb/01
Yet Another Anti-Debug Trick
	NirIzr on:	Jan/31
Yet Another Anti-Debug Trick
	jackchen on:	Jan/10
nike mercurial vapor iii
	waleedassar on:	Dec/27
A new Anti-Olly trick.
	PeterFerrie on:	Dec/27
A new Anti-Olly trick.
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit