
	Plugin  IDA Pro:  position independent code, v0.3
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
				by RedPlait
				~~~~~~~~~~~

  *ॡ 
  * ⠪ position independent code ? 
  *祬   ? 
  *  ࠡ⠥ 
  *   ⮩ ᨨ 
  * 訡 
  *FAQ 
  *뫪 
  *  । 


ॡ
~~~~~~~~~~
   ᥬ ஢ ᥬ⢠ Intel x86. , ᪮ 
ணࠬ ।⠢ ᮡ plugin  IDA Pro,     ⮣ 
⥫쭮 ᥬ (plugin  ᠭ  ᨨ 3.85b, , ᪮ 
  ᯮ 㣨 ﬨ, ন騬 plugins (⠪  
  ᨨ 3.84),     ࠭஢  ࠡᯮᮡ  
㣨  IDA). ᫨   ७ 짮 室 ,  㦭 
 C++ ,  ᡮન ॡ Borland C++ 5.02  Watcom 10,  ⠪ IDA 
SDK  襩 ᨨ IDA.

PS:  㦭   訢,   IDA Pro  SDK  . ஡ 
 ᠩ    www.datarescue.com. 㯨,   殢, ᫨ 
 墠⠥ 㬠 .   ⮨ 襭   ...  ⮬  
 짮⥫ IDA SDK ।⠢ ᯫ⭮
 

 ⠪ position independent code ?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 稫,   ࠡ뢠 ᥡ   ஢ UNIX ⥬. 
⢥⢥,   ६     UNIX ᪨ ⥩,  
㡮  Microsoft  ᯮ  ᪨ ਫ, 
ࠡ뢠 죨 ( ⮩ 稭    ࠬ ⠭ ""  
 墠 ᯮ,      ஬ 祣    
뫮  ⮩ ).      㤨⥫,   Unix 
⮦  ணࠬ,   ᪠  ᯮ.    
ணࠬ ⠪ 㦤   ᥬ஢. 稭 ⮣ ᪮쪮:
 
     Windoz,  ⢮ trial ਫ,  
 ஢ 㭪樮쭮  稭  죨 १ 
 ।񭭮 ६.   ࠭ Linux ⠪ ணࠬ ⠭  
   ,    㦥 ᮯ⠢  Windoz ( ਬ  ਢ 
   Oracle8). , ᪨ crack. 

    ࠢ  ।饩  -  exploits. UNIX 
 ᯮ  ࢥ,  ࠪ⨪ ࠧ࠭祭 㯠,  ᥣ 
  , 騥 ᥡ  ࠢ   易⥩. 筮  
  ணࠬ  Unix ࠭  室  (  ਬ 
 ᥩ  ணࠬ,   ⢨ ࢮ 㭪), .. 
 ⥮᪨   室 ᥩ 樮 ⥬   ⨫.   
  ࠡ⠥  ᪨ ᨩ Unix, ⨯ Unixware  OpenDesktop  
 㢠  Santa Cruz Operations.   ᥬ஢  
 ᫥騩 reverse engeneering -  ᫥ , 묨  
  訩 . 

 ᪨ 砨 -  ணࠬ, 室  ன 㯥,  
   ᥫ 㭪樮쭮. ,  ᨫ쭮  
 ,      , ਬ,    
 ᫥⥫쭮⥩ ioctl ࠢ  ன⢮  .. 

⢥,  Unix 㣨 ଠ ᯮ 䠩.  ᫥ ६  
Unix  ଥ Intel x86 襥 ࠭ 稫 ELF - 
Executable and Linking Format.  ଠ   ,   
  ,  ஬  㤥 믮 (   position 
independent code - ᮪񭭮 PIC). ⥫쭮 ᮢ  ।饥 
।   ᮧ ᪠.  ᮢ   ?  
   樥 ᪨  ? 襭 뫮  쭮 
⭮.   ।  ᮫  ,   ᬥ饭 
⭮⥫쭮 ன ।।񭭮 ⠭, ᮤঠ饩   ELF 
䠩.  뢠 _GLOBAL_OFFSET_TABLE_  㪠뢠 筮  砫 
ᥣ  樠஢묨 묨.   樨  묨 ந 
१  ,   ॣ ( ⢥ ⠪ ᯮ 
EBX) ᮤন  _GLOBAL_OFFSET_TABLE_. 㤠  ᫥ ?  
祭 :  砫  㭪樨 頥 ஫  :

    call $+5	; 맢 ᫥   㭪
A:  pop ebx	;  ebx -  A
    add ebx, _GLOBAL_OFFSET_TABLE_ - A
	; 祭 _GLOBAL_OFFSET_TABLE_ - A ⠭   
	; 砥  ॣ ebx
	; A + _GLOBAL_OFFSET_TABLE_ - A = _GLOBAL_OFFSET_TABLE_

 ࠧ, ᫨  㦭   , ᯮ  ᬥ饭 
Our_Data ⭮⥫쭮 _GLOBAL_OFFSET_TABLE_,    ᯮ짮 
樨  :

 push [ebx+Our_Data]
 call SomeFuc
 mov [ebx+Our_Data], eax

 ⭮,   㭪権  室  ᥬ x86  㦥  
 ᬥ饭.    ᪫祭 -    ⠡栬 室  
 몮 ᮪ ஢ ⨯ switch  "C" ?   筮  
⠪  (।,  reg1 ᮤন   ᨢ 室): 

 mov reg2, ebx
 sub reg2, [ebx+reg1*4+JMP_TABLE]
 ; JMP_TABLE - ᬥ饭  _GLOBAL_OFFSET_TABLE_   ⠡ 室
 jmp reg2

⢥ ⠡ 室 ᮤন ᬥ饭  ,  ஬ 室 
। ࠢ,  _GLOBAL_OFFSET_TABLE_.

室 ⬥,   易⥫쭮  䠩  ELF ଠ ᯮ PIC. 
 PICode   ஢ ⮫쪮 ࠧ塞 ⥪ ( DLL), 
ᥬ ⠫ ணࠬ ᯮ짮 PIC   易⥫쭮. 


祬   ?
~~~~~~~~~~~~~~~~
⢨⥫쭮, 祬 㦥  plugin,  IDA Pro  ⠪ 㬥 
ᥬ஢ 䠩  ELF ଠ ?

    ࠧ ELF  IDA. ਬ,    ELF 䠩  
   ᨩ Linux (RedHat 4.1 & 5.0),  ⠪  FreeBSD ᨩ 2.0 & 2.1. 
  , ࠢ,  plugin ⮦  魨,  ⮣ 㦭  ᢮ 
  稪 (祬, -,  ᪮  ...) 

  IDA  ᥣ ᯮ ஫ 㭪権. ⨬    , 
   稪, , ,    ⥫⮬,   
  । ᫥⥫쭮 . , ᫥饣  ஫ 㦥  
  : 

  call $+5
  xor edx, edx	;   㣨 樨,
		;  騥 祭 㪠⥫ ⥪ ESP
  pop ebx
  mov eax, 1	;   㣨 樨, 
		;  ᯮ騥 ॣ ebx
  add ebx, const

   .    ⨫ 窨 ஥ (   - ⮣ 
  뫥),  ⠪   ᬮ   IDA, ⮡  樨 
 mov eax, [ebx+const]

     㦥 ⠭  ⮬ ᮡ⥩ PIC , த 
 mov eax, [addr]

     ᯮ ⠡ 室     稭 -  
  ,  ஥  ।ᬮ७.

  PS: 窨  ⠪:  㧪 ELF 䠩 ⠢   㭪 
  "Manual Load". , ᫨ 祣   -  , ᮮ 
  ୮  ᥣ. 


  ࠡ⠥
~~~~~~~~~~~~~~~~
Plugin ᠭ  뢠 ⮫쪮  Win32.    稭: 

  OS/2   ,   뫮,   ,  㤥.  ⮬  IBM 
  ⪠뢠 㡫 室  ⮣ 㯠...
 
     -  DOS, ,   ᪠, "樮 
  ⥬" ⨫⭥ ,     譮,  
    ஡,  ᫨ த,   稢 ஢ ᮬ. 
  ࣨ, ୮...

  ᫨  񧭮,     Watcom C 10, ⮫쪮 ⮩ ᨨ.  
   - ஢,     ᮧ plugins  IDA (  Borland 
  C++ Builder -    ।). 
    Unix  Linux IDA Pro  :-( 
    祣 ⠫ ? ࠢ쭮,  MustDie... 

⠪,  ⪮஢ plugin pic.plw  ⠫ plugins/ ୥ 
⠫ IDA Pro.  㧨 ELF 䠩  PI ,  砭 
⮠. ⥬ 롥 㭪  "Edit->Plugins".   㢨 祭 
 plugins,   ஢  㦥 䠩.  뢠 
"PIC analyzer plugin". , ᫨  ஡ ஢   , ᪠, 
 筮 Win32 PE-䠩,   ⪮ ࠧ஢ -     
 㯭 plugins.   ⮬,   㧪  । ⨯ 䠩  
⨯ ,   ࠡ⠥   ELF 䠩    Intel x86 ࠬ.

Plugin  ᫥饥: 

  砫  ⠥ 㦨 PIC ஫.  樨  ஫ 
  . 

    権,       ࠭ ᯮ  
     ⢥  ᯮ ॣ EBX, ⠢ 
  ਩ ( ॠ ᮬ)   뫪 ᮮ⢥饣 ⨯. 

   ⠢ ਩, ஢,   㦥 
  ⠢塞 ப  饬 ਨ,  ᫨ ,  ਩  
  ⠢.  ࠧ,   ᪠ plugin    ⮬  
   ᪮쪮 ࠧ  ᮡ ᫥⢨.
 
    ᢮ ᫠ ⥫  ⠪ ⠡ 室.  砥 
  㦥  ନ, ⠪  짮⥫᪨ 뫪   
  ⢫. . ⠪ ࠧ " 訡"

:plugin ࠡ⠥ ⮫쪮    㭪樨. ᫨  ⠥ 
   㭪樨,  뤠 ஧ ।०.

  ந plugin, ⮡   맮  ஢  
।  ⭮ 䠩 㭪樨.  ⮣ 㦭   䠩 
plugins/plugins.cfg ப :

  Analyze_all_PIC_functions	pic	0	1

 ଠ 䠩 plugins.cfg 뢠    ᠬ,  , 祣   
祬. ࢮ  - ,     plugin    
"Edit->Plugins",  ⮬  ᨬ ન    ஡. 
 ப -  䠩 plugin  ७.  ப -  
" ",    뢠 plugin (, -,  㦥 
 -  ⠪ 砥 뢠  plugin,  ⢨, ᠦ   
 ). 0 ⥮᪨   ⢨ " ", 
 IDA   ⭮ 뢠 0 :-). ᫥ ࠬ - ,   㦭. 
  ⮬,    䠩  ᮧ ⮫쪮  plugin,   
।  ࠬ int,  ஬   蠥,    ⢮. 
 ࠧ  㫨஢ ᪮쪮 plugins   䠩, ।   
 plugins.cfg ࠧ ࠬ.  plugin  ᥣ :

0 ( 㬮砭) - ஠஢  ⥪饩 㭪樨
1 - ஠஢  騥 㭪樨


   ᨨ 0.3 ?
~~~~~~~~~~~~~~~~~~~~~~~~~
  Plugin ९ᠭ  প  ⥪  ᥬ x86 - 室 
   ⠫  .  室 ⥪ ਫ. 

   প PIC prolog, ନ㥬 UDK C ஬  ଥ 
  UnixWare 7.  ஫  ⠪ : 

 function PROC
  jmp prolog_begin
 function_body:
  ᮡ⢥ ⥫ 㭪樨
  ret
 prolog_begin:
   PIC prolog
  jmp function_body
 ENDP

   ⢥,  IDA Pro  ᯮ ⠪ prolog. 


   ᨨ 0.2 ?
~~~~~~~~~~~~~~~~~~~~~~~~~
     IDA Pro 祭    ᥬ x86 (⠪  
   491 !), .  ஡⥩ 䠩 x86.hpp 

   ४⭮ । ⨯ 뫪 (⥭//ᬥ饭).  , 
   ࠢ쭮 । ⨯ 뫮   権 486   
  ᮯ 80387. 

   । ࠧ୮ 뫮.  饥 ६ । 
  뫪  byte, word, dword, qword  tbyte. 

  ᫨ ⠡ 室 /  室 ᯮ  । , 
  祭 IDA  ⮠  ᨢ,  ନ஢뢠  ᨢ. 


 訡
~~~~~~~~~~~~~~~~
    樨, 騥 ᢮ ࠭, 㥬  PIC 奬, 
  ஦ 뫪   (⮫쪮  ⥭).  ⭮   
  MMX, , 訬  Pentium/Pentium Pro   SIMD.  
  몠砫  http://developer.intel.com Instruction Reference Set, ⠪   
  ᫥饩 ᨨ, ,  樨   ४⭮. 
  ᫨ ⠡ 室 /  室 室  㭪樨,   
  ࠡ뢠  ᠬ ⠡,   ⢫.  ਭ樯쭮 
  ࠭祭 -   ⮬,   ⮬ 砥    ࠭ 
  㭪樨,    ⢥砥 㦥  , 室  ண  
   㯥,      ७... 

  ୮ 뫮 double & float    ᮮ⢥饬 ⨯. 
     㨫䠭:  䠩  bytes.hpp ᠭ 㭪樨 doDouble 
  & doFloat,    ᯮ  ⥪ ! ਬ    
  doData  ᮮ⢥騬 䫠   祬  ਢ (. ᯮ짮 
  ᮢ NO_DO_DOUBLE & NO_DO_FLOAT ) 

      ⢫  ⠡ 室 - 稭 
  ⭠ (bug, m.b. ?).  饬- 祣 譮 -  믮 plugin 
   ࠧ.  .   - ࠧ...    ண ⮩ -   
  ⮯ࠬ. 

  猪  楫 讪 ... 


FAQ
~~~
  Q:     plugins  IDA Pro ? 

  A: ,    .   ᠬ ⥫   ⢥. . ࠧ 
  "뫪".  Use source, Luck !     㤥  ,  
  ᫨  㤥  ᨫ쭮 , , ,  ஡ ᢥ  
   ⤥쭮 . 

  Q: 㤠  祭 opcodes  童  op_t, ᯮ㥬  
  樥 ? 

  A: 筮  䠪  :-). ।  PIC_SHOW  室 䠩 -  
  樨  뢠  䠩 .  ॡ ᥣ   
   ࠧ⥫⢠.  ᮢ    㭪樨 exists_XXX  
  䠩 pic.cpp. 

  Q:  , ᫨ ⠡ 室 /  ⢫ ᯮ  
  । 㭪樨 ? 

  A:  祬   㪨   ( , ) ?  ⠭  ( 
  ᫥, ࠢ)   㭪樨   plugin  ࠧ.   
  殢,    ᥬ ! 


뫪
~~~~~~
    IDA Pro: www.datarescue.com
     ࠭窠: www.unibest.ru/~ig/index.html 

  ࠭窠 Quine  ᮧ plugins  IDA Pro: 
  http://skyscraper.fortunecity.com/epson/928/menu.htm 

  - 㬥  ELF ଠ (  ५ How-To, ⠪  
    ࠡ):
  ftp://tsx-11.mit.edu/pub/linux/packages/GCC/ELF.doc.tar.gz
  ftp://tsx-11.mit.edu/pub/linux/packages/GCC/elf.latex.tar.gz
   筮 Wotsit 


  ।
~~~~~~~~~~~~~~~~~~~~
 ࠢ    redplait@usa.net.    ⨯ " 
   -⠪  IDA Pro"  "  ⠪ UNIX"   ⢥. ᫨ 
  諨 bug,  ⨢   㢥७   ࠢ - 
ᥣ   饭.   졠 -  뫠  
⨬ (⮬ ᦠ) 䠩  ⢥ ⥫⢠ 祣   
 뫮. ᫨    - ணࠬ  plugin  ᥡ -  
⠪,  ᮮ  ᨬ⮬,  ⥬ ᠬ ,     .
஬ ⮣,    ⢥⢥  ᫥⢨ ࠡ  ணࠬ... 

(c) by RedPlait 
