OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Saturday, July 22 2006 07:58.48 CDT

Modified: Saturday, July 22 2006 07:58.48 CDT

This is an imported entry. View original.

Printer Friendly ...

rublib 0.02

Author: sp

# Views: 1620

Did you ever sit in front of IDA thinking "Wow, I think this function would make more sense if all the lines were randomly shuffled". Thats not a problem anymore with rublib 0.02!

foo = file[0].map{|l| l.line}.sort_by{rand}
foo.length.times{|i| file[0][i].manual_line = foo[i]}

And you have the lines of the first function shuffled in random order!

OK, this might be a bit useless. But it shows one of the many improvements of rublib 0.02 over yesterdays version. In the new version its possible to modify values too. In the old version only read access to the IDB database was possible. There are many other improvements in the new version. Its now significantly longer (88 methods according to rdoc), it contains better code, Ive added quite a few bug fixes, theres an actual documentation for it, and Ive written unit tests to make sure I dont accidentally break things.

Lets see some more one-liners.

Heres what you do to get all function comments:

p file.map{|f| f.comment}.compact

Or if you want to get all comments from inside a function:

p file[0].map{|l| l.comment}.compact

Or if you want to add some TODO reminder to all functions you named but dont yet have a function comment:

file.select{|f| f[0].user_name? && f[0].auto_name? == false && f.comment == nil}.each{|f| f.comment = "TODO: Add comment"}

There are a few things that are on my list of things to do next.

First, I need a better name for rublib. I should stop naming my stuff after what it does. Many moons ago there was something on Slashdot that commercial products have names that appeal to the general population while open-source products have names for nerds (Exhibit A: Photoshop vs GIMP). Although I doubt that rublib is something for the general population Id like to move away from GIMP and towards Photoshop.

Second, besides the goal of allowing people to write IDA scripts in as few lines as possible I want to add something that the IDA SDK is missing: Consistency and decent names. Sometimes the IDA SDK names use camelCase and sometimes they_use_underscores, sometimes they use neither. Furthermore names like get_func_qty are not easy to remember compared to number_of_functions. Adding consistent names is relatively easy. Adding consistent behaviour is tricky because no two situations are 100% the same. Sometimes it makes more sense to throw an exception and sometimes it makes more sense to return nil. Theres another example. Negative indexes are OK for functions (file[-1] returns the last function in the file) whereas negative indexes are not OK for strings in the string list (file.string_list[-1] throws a RuntimeError).

Third, there are a few design issues. One of them is the question whether it would make sense to create a class hierarchy containing all string classes (ansi, unicode, pascal...)? It probably would.

Oh well, heres rublib 0.02. Enjoy.

If you wish to comment on this blog entry, please do so on the original site it was imported from.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit