OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: October 21, 2011 19:17 CDT by luckiejacky .

Hello guys,
[IDA SDK]
When I have a function pointer, how can I get the full function name with argument types?
Thanks

prot0man		March 5, 2012 19:39.03 CST
This question doesn't make much sense. Do you mean an effective address for the function? You can get the function name using the effective address (EA) by using the GetFunctionName function in idc.py. Figuring out the argument types of a function is not an easy task, but what you might try doing is iterating each instruction in the function from function start to end looking for mov/lea instructions that index ebp as the second operand (e.g. mov eax, [ebp+c]). So iterate all instructions looking for the highest ebp index and then divide it by 4 to get the number of arguments that are used in a function. To figure out the actual types of the arguments, you'll have to make inferences about how those arguments are used. If you find an easier way to do this, definitely let me know. I've been wondering if you can access attributes in the decompiled version of a given function (then all you could at least more easily use what IDA is telling you what type a function argument is), but i've not seen any example code that invoked the decompiler on a given effective address or anything like that.

Note: Registration is required to post to the forums.

There are 29,896 total registered users.

Recently Created Topics
Decompiling raw bina...	May/22
Incorrect bitness wh...	May/20
PaiMei stalker modul...	May/19
Attach to program us...	May/13
IDA PRO how to make ...	May/12
FACT: OpenRCE is dead.	May/08
Int 3 anti debug?	May/05
help needed - Beginn...	May/03
Attaching IDA Pro to...	Apr/27
File type	Apr/21

Recent Forum Posts
Ollydbg 2.0 - Plugin...	openrce...
IDA PRO how to make ...	codeinject
FACT: OpenRCE is dead.	codeinject
IDA Resource Viewer ...	r2x64
FACT: OpenRCE is dead.	djnemo
FACT: OpenRCE is dead.	codeinject
FACT: OpenRCE is dead.	pedram
help needed - Beginn...	araujo
Attaching IDA Pro to...	codeinject
Int 3 anti debug?	codeinject

Recent Blog Entries
	lowpriority	Apr/13
OllyMigrate Plugin for Olly...
	everdox	Mar/08
2 anti-trace mechanisms spe...
	everdox	Mar/07
Advanced debugging techniques
	everdox	Mar/06
Branch tracing and LBR acce...
	everdox	Mar/05
Using pre-paged in virtual ...
More ...

Recent Blog Comments
	clarisonic on:	Apr/03
New version of Ollydbg!
	clarisonic on:	Apr/03
New version of Ollydbg!
	trackerx90 on:	Mar/04
SuppressDebugMsg As Anti-De...
	coachfactory on:	Feb/25
Portable Executable Format ...
	coachfactory on:	Feb/25
A new Anti-Olly trick.
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit