Flag: Tornado!
Hurricane!
|
|
Topic created on: October 13, 2007 11:44 CDT by indiv007  .
Hi folks,
I was wondering if there is some way one could develop plugins for IDA freeware version? Is there a freeware SDK?
Thanks in advance.
|
I did a SDK for IDA freeware few years ago using retail SDK and two days of reversing work, but it wasn't much tested. Anyway if you want to try it mail me but I'm afraid I've lost it :(.
|
you may use integrated IDA-C script language. it less powerful than plug-in, but it allows to do _almost_ everything you want to. IDA-C is pretty bad documented, but using help and *.idc examples you may handle it. I wrote a book about it, but unfortunately there is no English translation, however, some part of the book had been included into my other books, for example: http://nezumi.org.ru/Hacker.Disassembling.Uncovered.eng.LiB.chm.
anyway, ask me if you need a help.
|
> nezumi: you may use integrated IDA-C script language. it less powerful than plug-in, but it allows to do _almost_ everything you want to. IDA-C is pretty bad documented, but using help and *.idc examples you may handle it. I wrote a book about it, but unfortunately there is no English translation, however, some part of the book had been included into my other books, for example: http://nezumi.org.ru/Hacker.Disassembling.Uncovered.eng.LiB.chm.
> anyway, ask me if you need a help.
Hi Quasar and Nezumi,
Thanks for the reply. I am actually trying to get IDA freeware to read .PDB files. There are some plugin sources which do it and I wish to compile them for the freeware version.
Quasar: You got mail :)
Nezumi: I will refer to the file you have mentioned. Also, I was wondering if within a script you can call an external program? Maybe I can use a script call the external program to give me the symbols and use ths script to update it in the disassembly? A book on scripting in IDA would be great? anyway you can translate your book into english using some translation engine???? :D
Thanks again both of you!
|
|
Hmm...I am unable to open the .chm file, it says "navigation cancelled" for all the pages :p
|
|
Ok. got the chm running, but am wondering where the IDC specific parts are within the book?
|
see the chapter "Step Five: IDA Emerges onto the Scene".
it shows how to use scripts to decrypt crypted file.
scripts are very useful to manipulate IDA-database.
they can do almost everything that IDA can do.
yes, of course, it's absolute possible to run external program,
but I prefer to code everything in pure IDA-C.
by the way, you may find many IDA-scripts in the Net,
best of them mentioned on the official IDA site.
this is Russian version of the book, described how to use IDA-scripts,
including many internal aspect of the IDA-database and IDA memory.
http://nezumi.org.ru/ida.full.zip
use any rus-eng translator and feel free to ask me questions.
|
Hi Nezumi,
Thanks a ton! Phew thats a huge book :D...Now to get the translation done..hehe... Thanks again!
|
by the way, to solve your particular task you may use any of many PDB2MAP tools (most of them are free). IDA allows you to load map file.
also, you may write your own PDB2MAP converter based on dbghelp.lib library (MS places it into DDK and SDK). it's well documented (see Symbol Handling on the MSND. so, it's easy to write an external utility gets .pdb and outs .map or even .idc file. keep in mind, that the whole IDA-database can be saved as a IDC-script and you can modify this script like an ordinal text file and load into IDA after it.
you don't need in plug-in nor IDA-C, the whole project can be written in _any_ language (ANSI C, C++, Java, DELHI, Perl, wow! I think Perl is the best choice to do that).
|
well, take a look. this is free PDBdump utility http://www.wasm.ru/baixado.php?mode=tool&id=205 and its alternative location http://pdbdump.sourceforge.net/. it uses Microsoft's DIA SDK (I mentioned it above), so it's absolute portable and works with any Windows, including 64-bit editions.
PDBdump outputs text log, you can convert it into map with your own C/Perl utility or use IDA-C script to load symbols into IDA database. anyway, it will not take much time.
|
|
wow! never knew that IDA-C scripting was so powerful. Always thought the plugin had more capabilities :D, but guess I was wrong! Thanks for all the help..will bug you more if I land into any trouble (which I am sure I will :D)...
|
|
feel free to ask for a help, I sent you mail with my direct address.
|
> indiv007: wow! never knew that IDA-C scripting was so powerful. Always thought the plugin had more capabilities :D, but guess I was wrong! Thanks for all the help..will bug you more if I land into any trouble (which I am sure I will :D)...
Just to clarify -- your thought was correct. Plugins can be far more powerful than IDC scripts, but you can do a lot with IDC. Where that leaves off, plugins and/or IDAPython (i.e., the IDA SDK) take over.
|
|
the main difference between plug-ins and IDA-C scripts is: the plug-ins give you access to more internal IDA functions than IDA-C scripts, so, there is a few things that scripts can't do. for example: IDA-C doesn't support integrated debugger well. but who cares?! back in the old days I wrote emulated debugger using only IDA-C and it worked well until I updated my IDA and... alas! some IDA-C functions changed their prototypes. it was a disaster! but plug-ins have the same problem - bad computably, however, as far as I know in the last versions of IDA Ilfak solved this problem, but I'm not 100% sure. I don't use plug-in, well, almost don't use them.
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 31,328 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}