Topic created on: May 19, 2008 10:07 CDT by thuanghai  .
Hello folks!
I am making a IDA's plugin, and I want to get the some comment in the view form, just like below:
;_onexit_t __cdecl _onexit(_onexit_t Func)
__onexit proc near
var_24 = dword ptr -20h
var_20 = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
Func = dword ptr 8
......
This one often appeared with the function comment. And now how can I get it using idasdk, please give me some advice or some important reference sdk function.
Sorry!I want some other things, and edit again (2007.05.21)
|
get_func_cmt(func_t *fn ,bool repeatable) returns function comments, but local variables aren't comments, see frame.hpp and funcs.hpp, they describe how to deal with local variables, the key word is: frame.
|
> nezumi: get_func_cmt(func_t *fn ,bool repeatable) returns function comments, but local variables aren\'t comments, see frame.hpp and funcs.hpp, they describe how to deal with local variables, the key word is: frame.
thank you for your reply!
I have used get_func_cmt(),but got nothing.
|
use get_frame(func_t *pfn) or get_frame(ea_t ea) to get pointer to struc_t, use get_struc_first_offset()/get_struc_next_offset() to enumerate the members, in essence, struc_t*, returned by get_frame(), is a normal structure (see struct.hpp).
just remember: stack variables have negative offset, meanwhile normal structure members is always positive and say thanks to Iouri Kharon, who knows IDA-Pro better than anyone :=)
|
> nezumi: use get_frame(func_t *pfn) or get_frame(ea_t ea) to get pointer to struc_t, use get_struc_first_offset()/get_struc_next_offset() to enumerate the members, in essence, struc_t*, returned by get_frame(), is a normal structure (see struct.hpp).
> just remember: stack variables have negative offset, meanwhile normal structure members is always positive and say thanks to Iouri Kharon, who knows IDA-Pro better than anyone :=)
Just as you said, I try to use the functions you said, but only get the offset. Would you please give me some adivces more particularly.
And in this days, I find some arg_?? and var_?? which IDA identified in the stack, but there are more holes which do not use to store anythings. So how can I get the arg?? and var_??
:)
|
> thuanghai:
> Just as you said, I try to use the functions you said, but only get the offset. Would you please give me some adivces more particularly.
> And in this days, I find some arg_?? and var_?? which IDA identified in the stack, but there are more holes which do not use to store anythings. So how can I get the arg?? and var_??
> :)
Shameless plug for my forthcmoing book which contains the following example that may help
func_t *func = get_func(get_screen_ea()); //get function at cursor location
msg("Local variable size is %d\n", func->frsize);
msg("Saved regs size is %d\n", func->frregs);
struc_t *frame = get_frame(func); //get pointer to stack frame
if (frame) {
size_t ret_addr = func->frsize + func->frregs; //offset to return address
for (size_t m = 0; m < frame->memqty; m++) { //loop through members
char fname[1024];
get_member_name(frame->members[m].id, fname, sizeof(fname));
if (frame->members[m].soff < func->frsize) {
msg("Local variable ");
}
else if (frame->members[m].soff > ret_addr) {
msg("Parameter ");
}
msg("%s is at frame offset %x\n", fname, frame->members[m].soff);
if (frame->members[m].soff == ret_addr) {
msg("%s is the saved return address\n", fname);
}
}
}
Regards,
Chris
|
|
Oh, thanks cseagle, I got the answer by using your example. Thanks a lot.
|
Note: Registration is required to post to the forums.
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}