📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

 Forums >>  Brainstorms - General  >>  IDAPython v0.9 bug?

Topic created on: June 18, 2007 14:35 CDT by frankboldewin .

hi all,

i'm currently fixing my classandinterfacetonames.py, because it seems that IDA sometimes doesn't create the structures IID and CLSID even if there are GUIDs in the code.

the thing that happens with my script is, that it indeed finds and sets the IID and CLSID names, but it isn't able to set the structure by using do_struct, as it doesn't exist in some cases. so i've decided to check this case in my script and tried to add the structures by myself.

        id=GetStrucIdByName("IID")
        if id == 0xffffffff:
          id = AddStrucEx(-1,"IID",0)
          id = GetStrucIdByName("IID");
          AddStrucMember(id,"Data1",0x0,0x20000400, -1,4);
          AddStrucMember(id,"Data2",0x4,0x10000400, -1,2);
          AddStrucMember(id,"Data3",0x6,0x10000400, -1,2);
          AddStrucMember(id,"Data4",0x8,0x00000400, -1,8);

but the first thing that happens is:

Reading c:\programme\ida\interfaces.txt into memory...
Scanning for interface UUIDs...
Traceback (most recent call last):
  File "<string>", line 1, in ?
  File "c:\programme\ida\python\init.py", line 55, in runscript
    execfile(script, globals())
  File "C:/Programme/IDA/ClassAndInterfaceToNames.py", line 171, in ?
    main()
  File "C:/Programme/IDA/ClassAndInterfaceToNames.py", line 96, in main
    id = AddStrucEx(-1,"IID",0)
  File "c:\programme\ida\python\idc.py", line 4492, in AddStrucEx
    return idaapi.add_struc(index, name, is_union)
  File "c:\programme\ida\python\idaapi.py", line 5675, in add_struc
    return _idaapi.add_struc(*args)
OverflowError: in method 'add_struc', argument 1 of type 'uval_t'


the same code as IDC script:

auto id;
id = AddStrucEx(-1,"IID",0);
id = GetStrucIdByName("IID");
AddStrucMember(id,"Data1",0x0,0x20000400, -1,4);
AddStrucMember(id,"Data2",0x4,0x10000400, -1,2);
AddStrucMember(id,"Data3",0x6,0x10000400, -1,2);
AddStrucMember(id,"Data4",0x8,0x00000400, -1,8);

works fine. and if i set the first parameter of AddStrucMember to 0 it's fine too, but then next bug occures:

Reading c:\programme\ida\interfaces.txt into memory...
Scanning for interface UUIDs...
Traceback (most recent call last):
  File "<string>", line 1, in ?
  File "c:\programme\ida\python\init.py", line 55, in runscript
    execfile(script, globals())
  File "C:/Programme/IDA/ClassAndInterfaceToNames.py", line 171, in ?
    main()
  File "C:/Programme/IDA/ClassAndInterfaceToNames.py", line 98, in main
    AddStrucMember(id,"Data1",0x0,0x20000400, -1,4);
  File "c:\programme\ida\python\idc.py", line 4606, in AddStrucMember
    raise HELL
NameError: global name 'HELL' is not defined


this time an exception called HELL was raised and again the same code as IDC works fine.

any comments?

  jms     June 18, 2007 22:24.17 CDT
What version of IDA/IDAPython are you using? I have been having some issues as well with the latest code patched into my IDA 5.1

  frankboldewin     June 19, 2007 06:02.31 CDT
ida 5.0
python 2.4
idapython 0.9

i send a mail to dyce already. maybe he'll write a fix for these 2 issues.

  Dyce     June 19, 2007 07:02.19 CDT
Hi,

> frankboldewin: hi all,
>
> i\'m currently fixing my classandinterfacetonames.py, because it seems that IDA sometimes doesn\'t create the structures IID and CLSID even if there are GUIDs in the code.
>
> the thing that happens with my script is, that it indeed finds and sets the IID and CLSID names, but it isn\'t able to set the structure by using do_struct, as it doesn\'t exist in some cases. so i\'ve decided to check this case in my script and tried to add the structures by myself.
>
>         id=GetStrucIdByName(\"IID\")
>         if id == 0xffffffff:
>           id = AddStrucEx(-1,\"IID\",0)
>           id = GetStrucIdByName(\"IID\");
>           AddStrucMember(id,\"Data1\",0x0,0x20000400, -1,4);
>           AddStrucMember(id,\"Data2\",0x4,0x10000400, -1,2);
>           AddStrucMember(id,\"Data3\",0x6,0x10000400, -1,2);
>           AddStrucMember(id,\"Data4\",0x8,0x00000400, -1,8);
>
> but the first thing that happens is:
>
> Reading c:\\programme\\ida\\interfaces.txt into memory...
> Scanning for interface UUIDs...
> Traceback (most recent call last):
>   File \"<string>\", line 1, in ?
>   File \"c:\\programme\\ida\\python\\init.py\", line 55, in runscript
>     execfile(script, globals())
>   File \"C:/Programme/IDA/ClassAndInterfaceToNames.py\", line 171, in ?
>     main()
>   File \"C:/Programme/IDA/ClassAndInterfaceToNames.py\", line 96, in main
>     id = AddStrucEx(-1,\"IID\",0)
>   File \"c:\\programme\\ida\\python\\idc.py\", line 4492, in AddStrucEx
>     return idaapi.add_struc(index, name, is_union)
>   File \"c:\\programme\\ida\\python\\idaapi.py\", line 5675, in add_struc
>     return _idaapi.add_struc(*args)
> OverflowError: in method \'add_struc\', argument 1 of type \'uval_t\'

One of those situations when you have to give -1 as an unsigned argument.
C/C++ eats it fine, SWIG is not too happy about it. I will have to check if
there is a proper way of fixing it or will just kludge the idc wrapper to translate
-1 to 0xffffffff.

>   File \"C:/Programme/IDA/ClassAndInterfaceToNames.py\", line 98, in main
>     AddStrucMember(id,\"Data1\",0x0,0x20000400, -1,4);
>   File \"c:\\programme\\ida\\python\\idc.py\", line 4606, in AddStrucMember
>     raise HELL
> NameError: global name \'HELL\' is not defined
>
> this time an exception called HELL was raised and again the same code as IDC works fine.

This one is caused by the 0x400 bit in the flags. I will check if the 0x400 (FF_DATA)
is needed there or not. If IDC takes it I think I will just have to start filtering the
unknown bits out.

The following modified snippet works for me:


id=GetStrucIdByName("IID")

if id == 0xffffffff:
    id = AddStrucEx(0xffffffff,"IID",0)
    id = GetStrucIdByName("IID")
    print id
    print AddStrucMember(id,"Data1",0x0,0x20000000, -1,4)
    print AddStrucMember(id,"Data2",0x4,0x10000000, -1,2)
    print AddStrucMember(id,"Data3",0x6,0x10000000, -1,2)
    print AddStrucMember(id,"Data4",0x8,0x00000000, -1,8)



Gergo

  frankboldewin     June 20, 2007 10:42.41 CDT
thanx gergo. i've update my script now.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit