OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: December 16, 2007 12:00 CST by Pnii .

Hello,

I need to access the Operand addresses of certain instructions.
The problem is that the IDA SDK doesn't seem to offer such functionalities.

I've already used Google to find a way to get the addresses and also found an approach on this forum: using the operand's "dtype" variable to get the size using a function that switches through the types and returns the size in bytes.
This doesn't seem to work for operands with o_displ or o_phrase as type.

igorsk		December 17, 2007 06:03.06 CST
What exactly do you need to retrieve? Some examples would help. Reading comments in ua.hpp might be useful. E.g. //o_phrase a memory reference using register contents. indexed, register based, // and other addressing modes can be represented with the operand type. // This addressing mode can not contain immediate values (use o_displ for them) // The phrase number should be stored in x.phrase. To denote the preincrement // and similar features please use additional operand fields like specflags. // Usually x.phrase contains the register number and additional information // is stored in x.specflags. Please note that this operand type can not // contain immediate values (except the scaling coefficients) //o_displ a memory reference using register contents with displacement. // The displacement should be stored in the x.addr field. The rest of information // is stored the same way as in o_phrase.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit