Topic created on: July 1, 2007 12:59 CDT by
fara 
.
I'm new to IDA Pro and 'am planing to do some analysis using my own IDC scripts. The analysis should be done on whole program packages (including multiple binaries and even more DLL's).
How would one approach this problem? Does IDC come with some features for analyzing multiple files at once? Hints to other projects/scripts which do this kind of thing would be even more welcome...
Thanks for any hints
Hi,
I did a little python script some time ago that may help you and that could be easily modified according to your needs.
I usually do binary difference analisys on microsoft black tuesday and I created this script to avoid repetitive work.
How to use it:
--------------
I use to have a folder called 'C:\Projects\Windows\MS0n-mmm' (n is the year and mmm is the patch number according to microsoft) and inside it there are two folders: 'Patched' and 'Unpatched' (both of them have the same number of files, of course).
I this way i obtain a folder structure like:
Projects -> Windows -> MS07-020 -> WinXP SP1 |-> Patched
|-> Unpatched
-> WinXP SP2 |-> Patched
|-> Unpatched
...etc...
Then I execute the script and i pass it every folder as parameters:
python autoanal.py "c:\projects\windows\MS07-020\WinXP SP1\Patched"
"c:\projects\windows\MS07-020\WinXP SP1\Unpatched"
"c:\projects\windows\MS07-020\WinXP SP2\Patched"
"c:\projects\windows\MS07-020\WinXP SP2\Unpatched"
Here is how it works:
---------------------
Before it starts the analisis, the script moves the files to a folder maned '<filename> - <Upper folder name>' for every file in the specified folders and you will get something like this:
... -> MS07-020 -> WinXP SP1 |-> Patched
|-> somefile1.dll - Patched
|-> somefile1.dll - Unpatched
...etc...
-> WinXP SP2 |-> Unpatched
|-> somefile1.dll - Patched
|-> somefile1.dll - Unpatched
...etc...
Well... it is really easy to modify since it is python and you could add some actions once the batch analisis script has finished running IDA with the following parameter: -Opluginname:param1:param2:...etc...
If you have any question, frop me an e-mail.
#---------------- Begin of python script -----------------#
#
# Author: Topo <[email protected]>
#
from os import listdir, path, system, makedirs
from sys import argv, exit
from threading import Thread, Lock
from shutil import copy
import Queue
IDA_PATH = 'c:\\program files\\ida\\idag.exe'
IDA_PARAMS = '-c -A -Sanalysis.idc'
WORKER_THREADS = 2 # set this number to the number of processors
g_files_queue = Queue.Queue() # global queue of files to process
#
# Name: IDAExecutor
#
class IDAExecutor(Thread):
def __init__(self):
Thread.__init__(self)
def run(self):
file = ''
while 1:
try:
file = g_files_queue.get(False)
except Queue.Empty:
return
else:
cmd = 'cmd /c \"\"%s\" %s \"%s\"\"' % (IDA_PATH, IDA_PARAMS, file)
system(cmd)
#
# Name: get_files_list
#
def getFilesList(params, verbose):
# Get file g_files_queue accross multiple directories
for currpath in params:
if verbose: print '[=] Searching files in directory: %s' % currpath
# Normalize path
currpath = path.abspath(currpath) + '\\'
upperdir = path.abspath(currpath + '..\\')
currdir = path.basename(currpath[:-1])
# Get file g_files_queue and prepend it's path before saving them
templist = listdir(currpath)
for file in templist:
if not path.isdir(currpath + file):
# create the new directory for the current file
newdir = '%s\\%s - %s' % (upperdir, file, currdir)
makedirs(newdir)
# copy the file to it's new directory
copy(currpath + file, newdir)
# queue the file full path to process
g_files_queue.put(newdir + '\\' + file)
# Print the g_files_queue of files
if verbose:
print '[+] Added file: %s' % file
#
# Name: process_files
#
def processFiles():
print '\n[+] Starting files processing. This will take some minutes...\n'
# Start the worker threads that initiate the IDA analisis
IDA_threads = []
for i in range(WORKER_THREADS):
IDA_threads.append(IDAExecutor())
IDA_threads[-1].start()
# Wait for the worker threads to finish their jobs and exit
for thread in IDA_threads:
thread.join()
if __name__ == "__main__":
if len(argv) == 1:
print ' Invalid parameter\n'\
' usage: python %s <first path to modules> <second> ...' % argv[0]
exit(-1)
getFilesList(argv[1:], 1)
processFiles()
#----------------- End of python script ------------------#
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}