OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: July 23, 2007 06:08 CDT by luckiejacky .

get_func_name(ea, true_name, sizeof(true_name));

since APIs aren't regarded as functions, how do I get the true_name of the APIs from the above function or there are some other ways to get it?
When IDA scans thru the program, only trunks and static functions are recognized, the APIs which are out of range and located outside the code segment, get_func_name returns with an empty string... don't know how to get it... could anybody help me out please?
Thanks
Jack

dennis		July 23, 2007 09:12.54 CDT
this is what I am using (f is an object of my own function class): get_true_name(BADADDR, f->getFunctionEA(), buf, sizeof(buf))

luckiejacky		July 23, 2007 09:35.05 CDT
Hello Dennis, Can I also get the comments and function type from name.hpp after I get the name of the API? Thanks Jack

dennis		July 23, 2007 09:49.27 CDT
Hi, yes you can (from bytes.hpp): `// Get an indented comment // ea - linear address. may point to tail byte, the function // will find start of the item // rptble - get repeatable comment? // buf - output buffer, may be NULL // bufsize - size of output buffer // Returns: size of comment or -1 idaman ssize_t ida_export get_cmt(ea_t ea, bool rptble, char *buf, size_t bufsize);` which type field are you talking about?

luckiejacky		July 24, 2007 03:03.06 CDT
Hello Dennis, Thanks for the prompt reply... I actually meant the prototype of the function. For example, When I get this API DWORD GetVersion(void); I want to get "DWORD" and "void" from the prototype... BTW.... Hv u checked out the new IDA Pro 5.1 plugin called Hex-rays,It's real cool... I really want to pay for it :) although it hasn't been released yet.... Thanks Jack

dennis		July 24, 2007 04:34.58 CDT
Hi, > luckiejacky: Hello Dennis, > Thanks for the prompt reply... > I actually meant the prototype of the function. > For example, > When I get this API > DWORD GetVersion(void); > > I want to get \"DWORD\" and \"void\" from the prototype... I'm sorry, I don't know how to retrieve it. However, I think Nevar has answered this question: http://www.openrce.org/forums/posts/527 > BTW.... Hv u checked out the new IDA Pro 5.1 plugin called Hex-rays,It\'s real cool... I really want to pay for it :) Yeah, the screenshots definitely look interesting!

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit