Flag: Tornado!
Hurricane!
|
|
Topic created on: June 18, 2005 02:08 CDT by hoglund  .
Some of you may have noticed that IDA plugins do not appear to be thread-safe. I often use a separate thread to manage a dialog box or other separate UI component in my plug-ins. The multi-threaded nature of the access to the main IDA database can cause problems. For example, I have noticed weird behavior when I drag the sizing bar between the the log window and the main window - a "bTree errror". This has to be due to lack of locking or multi-threaded protection on the core IDA database.
|
Yes indeed. The first issue I came across when using a seperate thread to handle my UI component is that none of the IDA hot-keys work while the thread/UI is running. I've since learned my lesson and stick to IDA's GUI routines or export data from IDA into a GUI.
|
Greg, your assumption is pretty much accurate. IDA is fairly strictly single threaded. All my attempts at multi-threaded stuff have resulted in hair loss.
JCR
|
Could this be worked around by having one thread that accesses the IDA database and other threads that post requests to it via APCs (assuming you're using it on Windows) or through some other message passing mechanism. A little clumsy to be certain, but nevertheless it may lend itself well to working around the thread safety issues. You can make it less of a pain to deal with by having it so that your interactions with the database from the context of other threads are all performed asynchronously (such as by having callbacks issued from the context of the database thread). If you build a nice abstraction you can design it in such a way that should IDA ever get around to making the existing API thread safe, you wont have to change a single line of database interaction code and can simply rip out your message passing scheme and call into the database directly.
Anyway, assuming it's possible, this is something that most have probably already considered or implemented, but if not, someone may find it worthwhile to consider. Or I could just be full of it... :)
|
I wonder how safe it is to spawn a single apartment threaded COM object such as a vb6 dll, then in the dll open an async socket which is used to send/receive intermittant commands.
I have this type of setup running with a VBscript IDA plugin, which has the main script UI running in a seperate process, sending commands and pulling data over the socket.
Threading Guru i am not, it works, I assume COM handles the thread syncronization and that since vb6 only supports single apt thread that it should be realtivly safe?
|
|
Spoonm's IDARub simulates mutli-threaded processing of network events by using window messages. I don't remember the url for the IDArub page though. His presentation should be up at http://recon.cx when they update the site.
|
Here's the IDARub URL: http://www.metasploit.com/users/spoonm/idarub/
The source code for the plugin is not yet available though.
|
I was also going to point to IDARub. From what I understood, they are sending messages to IDA's main window, and they hook the WindowProc (which is quite likely hookable with IDA's API, given IDA's "hookability").
And then, I do have a plugin using multiple threads and never have a problem, however, the structure of my plugin may be a little bit different: It's a debugger plugin, where the main thread (IDA's) sets, clears and respondes to breakpoints gathering information that it feeds into some Sets and then triggers a redraw event to the other thread. The second thread is responsible for controlling an OpenGL window, and only pulls information from the Sets, never accessing IDA's database. However, this second thread logs messages to IDA's system/log pane, and I never had a problem with this.
|
I just pushed out an updated copy of IdaRub with source code, so you can check out how it's doing the async communication.
It creates it's own hidden window (and associated window handler). It doesn't use IDA's window, there is no hooking going on.
I have some much more cracked out ideas for doing synchronization between the main IDA thread (the only one really safe for calling the SDK) and any other threads, involving messages handlers and some synchronization trickery, but I'll have to try to prototype it out.
Anyway, source code is up now at:
http://www.metasploit.com/users/spoonm/idarub
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 31,328 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}