OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: November 2, 2005 20:06 CST by pedram .

Recently, I was setting up a new installation of IDA and decided to document all of my customizations for ease of portability. I am curious to hear about what other customizations people use / have come across. Should make for an interesting dialog. Here are the customizations I use:

----- ida.idc -----



#include <idc.idc>

#include <pedram_function_tagger.idc>

#include <pedram_jump_to_func_top.idc>

#include <pedram_export_disassembly.idc>



static main(void) {



//

//      This function is executed when IDA is started.

//

//      Add statements to fine-tune your IDA here.

//



    AddHotkey("Ctrl-Shift-X",     "export_disassembly");

    AddHotkey("Ctrl-Shift-J",     "jump_to_func_top");

    AddHotkey("Ctrl-Shift-Enter", "track_follow");

    AddHotkey("Ctrl-Shift-N",     "track_name");

...

----- ida.cfg -----
Some of these customizations were gleaned from Nicolas Brulez



ASCII_PREFIX      = "str->"       // This prefix is used when a new

                                  // name is generated

                                  // changed this from 'a' to 'str->'

MAX_NAMES_LENGTH  = 128           // Maximal length of new names

                                  // (you may specify values up to 511)

                                  // increased this to 128

NameChars         = "$?@->"       // asm specific character, added '-' and '>'

SHOW_XREFS        = 4

SHOW_BASIC_BLOCKS = YES

SHOW_SP           = YES

----- idagui.cfg -----



HELPFILE = "c:\\OPCODES.HLP"



// changed both to yes

DISPLAY_PATCH_SUBMENU = YES        // Display the Edit,Patch submenu

DISPLAY_COMMAND_LINE  = YES        // Display the expressions/IDC command line



// added the following hotkeys

"ChartXrefsTo"   = "Ctrl-Shift-T"  // display referenced items

"ChartXrefsFrom" = "Ctrl-Shift-F"  // display referencing items

"LockHighlight"  = "Ctrl-H"        // lock the current highlighted text

All of the above referenced files are available from my file respository.

-pedram

itsme		November 3, 2005 00:48.29 CST
I added several hotkeys to my ida: - shift-I: repeat current manual IDC script. - shift-O: change selection to offsets - shift-G: change selection to guids - shift-A: change selection to unicode + ascii strings * tries to automatically find out what is ascii, what is unicode, what is alignment padding. - shift-D: change selection to dwords - shift-P: parse selection as p-data section - shift-U: summarize selection of '?' unknowns - shift-X: swap 2 instructions - fixing relative offsets in arm + x86. * very useful to reorder instructions to clear up code. - shift-T: set this struct. .. function needs to be named as "objname_methodname" .. the object itself needs to be named "struc_objname" then it finds all references to the 'this' ptr, and changes them to structure references. - shift-H: help + info on current line. and i created a function 'Table' which takes a format pattern, and can then changes the current selection according to that pattern, ... like 'wwdal' to create {short, short, dword, ascii, align) .. and more see http://nah6.com/~itsme/cvs-xdadevtools/ida/idcscripts/ and http://www.xs4all.nl/~itsme/projects/disassemblers/ida.html willem

peter		November 3, 2005 10:26.03 CST
To keep in the spirit of this post. I posted a quick little script that will rename ja to ja_unsigned. It does with all jxx instructions. This makes for quicker analysis in some areas. You can download the script from my file repository.

pedram		November 3, 2005 11:08.03 CST
Another customization ... in large graphs it's difficult to tell where the current node you are standing on in IDA lies. I added a highlight feature and recompiled pGRAPH for IDA 4.9: http://www.openrce.org/downloads/details/4/pGRAPH

JCRoberts		November 7, 2005 03:38.39 CST
ASCII_PREFIX = "str->" // This prefix used when a new // name is generated // changed from 'a' to 'str->' MAX_NAMES_LENGTH = 128 // Maximal length of new names // (specify values up to 511) // increased this to 128 NameChars = "$?@->" // asm chars, added '-' and '>' Pedram, Though you may have gotten the "str->" string identifier modification from Nicolas Brulez, the first time I saw it suggested was in 98/99 by a cracker named Mammon_ (it might be "_Mammon" -I don't quite remember the exact text of the pseudonym). As far as I know, Mammon_ wrote the very first flow graphing software used with IDA. JCR

pedram		November 7, 2005 09:33.16 CST
JCR: ahhh, interesting to see where that little customization originated from. I recently decided I no longer like it actually and have switched to 'str.' ;-)

Note: Registration is required to post to the forums.

There are 31,312 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
hi!	Jul/01
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

View Gallery (11) / Submit