Flag: Tornado!
Hurricane!
|
|
Topic created on: June 10, 2008 06:33 CDT by thuanghai  .
Hello folks!
There are many instructions which is followed by commentary such as the code below, and I want to get the commentary without searching character string. Or how to get the answer that whether there is comment in the current instruction?
......
00401523 push eax ; lpRect
00401524 push ecx ; hWnd
......
// Get any indented comment (regular or repeatable indented or function)
// This function is used to display an indented comment for an item.
// It looks for a regular comment and calls get_rpt_cmt() if it is not found.
// ea - linear address
// cmttype - will contain color of the comment. The color depends on
// the type of the comment.
// returns: comment or NULL. The caller must qfree() the result.
char *get_any_indented_cmt(ea_t ea, color_t *cmttype);
|
|
I would recommend starting to read the header files prior to asking. There are decent comments throughout and simply running grep on them will, generally, answer the average question in a very timely manner and, more importantly, allow you to learn the location of information on your own accord.
|
|
I find browsing and searching the IDAPython docs helpful as well, and looking at the source of other IDC scripts.
|
> aeppert: I would recommend starting to read the header files prior to asking. There are decent comments throughout and simply running grep on them will, generally, answer the average question in a very timely manner and, more importantly, allow you to learn the location of information on your own accord.
Yes, you are right. I will pay attention to it next time, and study english more better.
|
thuanghai: No worries about the english - I should pick up another language myself. What you are asking for is absolutely understood. It is just my firm belief that the only way to learn any material (underwater basketweaving, differential equations, english literature, reverse engineering, etc.) is to immerse yourself in the information and explore as much as you can. This in no way means asking questions is wrong, quite the opposite, but you should exhaust your own personal resources before you do so.
In the end, you will only be better at whatever your undertaking involves and as an added benefit, you will have the ability to help others too.
|
> igorsk: // Get any indented comment (regular or repeatable indented or function)
> // This function is used to display an indented comment for an item.
> // It looks for a regular comment and calls get_rpt_cmt() if it is not found.
> // ea - linear address
> // cmttype - will contain color of the comment. The color depends on
> // the type of the comment.
> // returns: comment or NULL. The caller must qfree() the result.
> char *get_any_indented_cmt(ea_t ea, color_t *cmttype);
>
Just as you say, I check the bytes.hpp file again. There are three functions which can get comments:
idaman ssize_t ida_export get_cmt();
char *get_repeatable_cmt();
char *get_any_indented_cmt();
I do the test for these three functions. The first one is ok before I ask the question, but it do not help me. And when I use the second one with MS Vitrual Studio 2005, it complie successfully, but link error:
error LINK2019 : unresolved external symbol "char* __stdcall get_repeatable_cmt(unsigned long)" referenced in function "void __stdcall IDAP_run (int)"
my code below:
#include <ida.hpp>
#include <idp.hpp>
#include <loader.hpp>
#include <bytes.hpp>
#include <lines.hpp>
#pragma comment(lib, "ida.lib")
int IDAP_init(void)
{
return PLUGIN_KEEP;
}
void IDAP_term(void)
{
return;
}
void IDAP_run(int arg)
{
char cmt_buf[512];
memset(cmt_buf, 0, sizeof(cmt_buf));
char *pcmtbuf = cmt_buf;
pcmtbuf = get_repeatable_cmt(get_srceen_ea());
msg("comment : %s\n", cmt_buf);
return;
}
char IDAP_comment[] = "This is my test plug-in";
char IDAP_help[] = "";
char IDAP_name[] = "T-InstrCMT";
char IDAP_hotkey[] = "";
extern "C" plugin_t PLUGIN =
{
IDP_INTERFACE_VERSION,
0,
IDAP_init,
IDAP_term,
IDAP_run,
IDAP_comment,
IDAP_help,
IDAP_name,
IDAP_hotkey
};
In the develop environment I also add the ida.lib, but it also failed.
Please give me some ideas that how can I solve this.
|
Three things:
1) get_screen_ea() is misspelled :)
2) get_repeatable_cmt() is not exported by ida.lib - not sure why, but that is why you are getting the linking error. (Incidentally, "dumpbin /exports ida.lib" will enumerate the available exported functions within ida.lib or any other library.)
3) Have a go at using "get_cmt()" as it likely will suit your needs:
// Get an indented comment
// ea - linear address. may point to tail byte, the function
// will find start of the item
// rptble - get repeatable comment?
// buf - output buffer, may be NULL
// bufsize - size of output buffer
// Returns: size of comment or -1
idaman ssize_t ida_export get_cmt(ea_t ea, bool rptble, char *buf, size_t bufsize);
|
I check the sdk functions, and I found the last two function above:
char *get_repeatable_cmt();
char *get_any_indented_cmt();
there is not key work "ida_export" in their function. So I agree with aeppert, they are not exported by ida.lib, but the function without "ida_export" can used by other export function which use them.
But unluckly, I can not found any functions which use the above two. May be get the comment is not possible.
And the function get_cmt() can not help me.
|
Why won't get_cmt help you? The parameter types/names in the comments in your original post are implemented using standard indented comments?
char *cmt;
ssize_t len = get_cmt(get_screen_ea(), false, NULL, 0);
if (len != -1) {
cmt = (char*)qalloc(len + 1);
if (cmt) {
len = get_cmt(get_screen_ea(), false, cmt, len + 1);
}
}
Chris
|
Thanks chris, I made a mistake - the second parameter in the get_cmt() is true, which made me disappointed.
But the comment with the gray color can not be get using that function, do you have some suggestion?
|
Gray comments are repeatable comments "inherited" from another location. The location is usually a location to which the instruction refers via a cross reference, so you could walk the list of data and code cross references from the instruction to look for targets that have a repeatable comment set.
Unfortunately, the majority of "gray" comments represent the contents of strings, and these comments do not register as either regular or repeatable comments, so you may need to test the data type of the target location in such instances to determine whether the data is a string and if so, read the contents to derive your own comment. Such comments appear to be the first 39 characters of the string.
Chris
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 31,328 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}