📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> ohjeongwook's Blog

Created: Friday, June 19 2009 19:35.45 CDT Modified: Friday, June 19 2009 19:37.08 CDT
Direct Link, View / Make / Edit Comments
Exporting IDA function for IDC Script Usage
Author: ohjeongwook # Views: 3142

Sometimes you want to specify additional options or to call internal function of IDA plugin that you wrote. You can use "set_idc_func" API to achive this. Here's a sample skeleton code that is showing how to make a custom function that idc script can call.
char *OutputFilename;
static const char SendDiassemblyInfoArgs[]={VT_STR,0 };
static error_t idaapi SendDiassemblyInfo(value_t *argv,value_t *res)
{
msg("%s is called with arg0=%s\n",argv[0].str);
OutputFilename=strdup(argv[0].str);
run(2);
res->num=1;
return eOk;
}

int idaapi init(void)
{
if ( inf.filetype == f_ELF ) return PLUGIN_SKIP;

set_idc_func("SendDiassemblyInfo",SendDiassemblyInfo,SendDiassemblyInfoArgs);
return PLUGIN_KEEP;
}

void idaapi term(void)
{
set_idc_func("SendDiassemblyInfo",NULL,NULL);
}
From idc script, you can call the defined function as if it's a builtin API like following.
static main()
{
RunPlugin("DarunGrim2",1);
SendDiassemblyInfo("disassembly.info");
Exit(0);
}
Simple!

Created: Saturday, February 7 2009 19:03.18 CST Modified: Saturday, February 7 2009 19:05.28 CST
Direct Link, View / Make / Edit Comments
DarunGrim2 is up
Author: ohjeongwook # Views: 3152

Check this out: http://www.darungrim.org/
I also setup google groups to talk about darungrim and binary diffing related topics.

Created: Wednesday, December 31 2008 15:43.57 CST Modified: Thursday, January 1 2009 13:28.58 CST
Direct Link, View / Make / Edit Comments
DarunGrim2 is coming!
Author: ohjeongwook # Views: 5499

I'm preparing DarunGrim2 release these days.
It's in C++ so using less memory and CPU than original DarunGrim which is implemented in Python. The original DarunGrim is always available at origianl page(http://research.eeye.com/html/tools/RT20060801-1.html). And it's stable and opensource.

During the time you can evaluate Binary Differ(http://code.google.com/p/binarydiffer/), which is opensource and implemented in C and has no external GUI. It's been there for few months and it's in GPL, so you can do whatever you want with it.

Here's some screenshots from Binary Differ.
http://lh5.ggpht.com/_WcidANaFFi4/RZXSkUB6pJI/AAAAAAAAAHE/9shuhWqEQHA/s800/MS06-070.jpg


BTW, DarunGrim2 will be provided as binary only. Basically the only differences between DarunGrim2 and "Binary Differ" are the language used(C/C++) and GUI parts, and also whether they are opensource or not.

Enjoy diffing and happy new year!

PS. I'm giving you some Korean tips here.
    DarunGrim=Darun+Grim
        Darun=Different
        Grim=Pictures


Archived Entries for ohjeongwook
Subject # Views Created On
No archived blog entries found.

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit