📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

 Forums >>  IDA Pro  >>  Automaticly Generating Functions in IDA

Topic created on: May 1, 2008 07:35 CDT by Soul12 .

Hi guys

im having a small problem here .. i dont use IDA scripting often , so i need some help.

im using IDA Pythong and what ive been trying todo is that ive dumped some Functions into a custom binary for easier analysing , i have all the Offsets of where in the file these are but IDA doesent recoqnise them as functions ..since theres no PE or no connectivity between them.

so what i wanna do  is to Have my Python script ..read from a file ( easy) ..and then in IDA do like MakeFunction(0ffsetOfFunction,0)

but this function only takes an EA ..which is where the mouse is atm which is well..not usefull to me in any way :/ so if you know of a way ...to either SET the mouse pointer or use an offset ..ill be very glad to hear about it

  aeppert     May 1, 2008 09:11.25 CDT
Basically you need to determine the base ea for the file - if it is in fact sans header, etc (in the case of embedded firmware this is often the case).  Once you do that the script below should basically do the trick.  

Caveat: I do not use IDAPython at the moment and I assume each offset is on a separate line for the code below.  So, use at your own risk.

--------------------
base_ea_offset = 0x0

infile = open("lines.txt", 'r')
lines = infile.readlines()
infile.close()

for offset in lines:
MakeFunction((base_ea_offset + int(offset.rstrip())), BADADDR)

  Soul12     May 1, 2008 09:34.45 CDT
hi many thnx for your response :) it works now ..many thnx

  nezumi     May 1, 2008 15:22.07 CDT
how about the native IDC-script? if you don't use Python, check it out:


// dump selected area (shift + arrow keys) to "dump" file
// if there is no selection, dump
// from current cursor position to the next function
#include <idc.idc>

static dump_sel()
{
      auto a1,a2,f;
      if ((a1=SelStart()) ==  BADADDR)  a1=ScreenEA();
      if ((a2=SelEnd())   ==  BADADDR)  a2=NextFunction(a1);
      if (a2==BADADDR) return Warning("no more functions!");

      if (f=fopen("dump","wb")) savefile(f, 0, a1, a2 - a1);
      return fclose(f);
}


how to use:
* write this code into file called "dump.idc" for example;
* call it (mean file, load file, idc-file);
* select the area to dump or move the cursor to the begin of a function;
* call idc-console (menu file IDC command) or simple press (shit-F4);
* write "dump_sel();" (without quoting) and then "OK" or "Ctrl-Enter";
* well done, you have binary file "dump" in the current directory;


how to move dump to the native address:
this is very simple!

* load dump file into IDA Pro as 32-bit file;
* use IDC-functions SegCreate() to create a new segment or SegBounds() to resize the current segment (you can call them right in the idc-console) or use user-interface to change current segment bounds/create a new one;
* use standard idc-script memcpy.idc (\IDA\IDC\memcpy.idc) to move dumped code.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit