Index
> Main > debugger to filter certain instruction sets |
| Author |
|
|
baldr 16 Jan 2009, 08:00
adnimo,
IDA + IDC script? |
|||
16 Jan 2009, 08:00 |
|
|
adnimo 19 Jan 2009, 05:19
Hi, I have IDA Free but I never tried IDC scripting, any pointers?
Thanks. |
|||
|
19 Jan 2009, 05:19 |
|
|
vid 19 Jan 2009, 11:12
I think you can also search by mnemonics in IDA. But IDC script is probably easier - just take a look at *.idc files in IDA directory, and look up IDC reference in IDA help.
|
|||
|
19 Jan 2009, 11:12 |
|
|
HyperVista 19 Jan 2009, 11:58
adnimo - give the 30-day free trail version of PE Explorer a try. It has a fairly nice disassembler and handles SSE# instructions. PE Explorer is a nice general purpose tool. You can go to the disassembler and then search for the SSE2, or whatever, instruction mnemonics you are looking for.
as for IDA scripting, i got a little bored today (it's a national holiday), so here are two example IDA scripts. the first enumerates functions and provides some information about each function found. to give it a try, copy this code to your favorite ascii editor and save it with a .idc file extension. open a test file in IDA and select "File/IDC File/... the messages are piped to the IDA message window. the second example uses pop-up messages to tell you how many instructions are in the sub-routine your curser is at and gives you the mnuemonic of the first instruction in the sub-routine. you may find the second example more interesting because it uses the built-in GetMnem() function. certainly, it's a silly script because if you're curser is at the sub-routine, you can look to see what the first instruction is, but i wanted to show you that there is a GetMnem() function you can use to find the instruction you are seeking. hopefully, these will give you a "hint" of how to write a script to find what you are looking for. Code: //example IDA script for adnimo #include <idc.idc> static main() { auto addr, end, args, locals, frame, firstArg, name, ret; addr = 0; for(addr = NextFunction(addr); addr != BADADDR; addr = NextFunction(addr)) { name = Name(addr); end = GetFunctionAttr(addr, FUNCATTR_END); locals = GetFunctionAttr(addr, FUNCATTR_FRSIZE); frame = GetFrame(addr); ret = GetMemberOffset(frame, " r"); if (ret == -1) continue; firstArg = ret + 4; args = GetStrucSize(frame) - firstArg; Message("Function: %s, starts at %x, ends at %x\n", name, addr, end); Message(" Local variable area is %d bytes\n", locals); Message(" Arguments occupy %d bytes (%d args)\n", args, args / 4); } } Code: // example IDA script for adnimo // demonstrates GetMnem() built-in function #include <idc.idc> static main() { auto addr, func, frame, end, count, inst, mnem; func = GetFunctionAttr(ScreenEA(), FUNCATTR_START); if (func != -1) { end = GetFunctionAttr(func, FUNCATTR_END); count = 0; inst = func; while (inst < end) { count++; inst = FindCode(inst, SEARCH_DOWN | SEARCH_NEXT); mnem = GetMnem(inst); } Warning("%s contains %d instructions, the first instruction mnemonic in this sub-routine is %s\n" Name(func), count, mnem); } else { Warning("No functions found at location %x", ScreenEA()); } } |
|||
|
19 Jan 2009, 11:58 |
|
|
IceStudent 03 Feb 2009, 22:29
WinDbg + script?
|
|||
|
03 Feb 2009, 22:29 |
|
< Last Thread | Next Thread > |
Forum Rules:
|