Code::Blocks
User forums => Using Code::Blocks => Topic started by: Дмитро on June 22, 2018, 10:50:59 pm
-
How to build the .plw plug-in, which is the world's best disassembler of the ages for IDA, is there a plug-in in it? as the secret of all the correct settings?
-
I am not aware of any IDA plugin for codeblocks. If you have found one can you give a link?
-
No, we probably did not understand each other exactly. I want to compile from the code the plugin. And the disassembler IDA will use our manufactured plug-ins. This is an electronic translator, which is not everything, and not always.
So I downloaded the book idapw.pdf, which explains, and is written broadly and fully, and I started reading it.
But I still do not understand how to set up the codeblocks environment for compilation, to exit the ready-made plugin .plw
-
2. The IDA SDK
IDA is a fantastic disassembler and comes with a variety of debuggers too. While IDA alone has
an amazing amount of functionality, there are always things you'll want to automate or do in some
particular way that IDA doesn't support. Thankfully, the guys at Hex-Rays have released the IDA
SDK: a way for you to hook your own desired functionality into IDA.
There are four types of modules you can write for IDA using the IDA SDK, plug-in modules being
the subject of this tutorial:
Module Type
Purpose
Processor
Adding support for different processor architectures. Also known as
IDP (IDa Processor) modules.
Plug-in
Extending functionality in IDA.
Loader
Adding support for different executable file formats.
Debugger
Adding support for debugging on different platforms and/or interacting
with other debuggers / remote debugging.
From here onwards, the term "plug-in" will be used in place of "plug-in module", unless otherwise
indicated.
The IDA SDK contains all the header and library files you need to write an IDA plug-in. It supports
a number of compilers on Linux, Mac and Windows platforms, and also comes with several
example plug-ins that illustrate a couple of basic features available.
Whether you're a reverse engineer, vulnerability researcher, malware analyst, or a combination of
them, the SDK gives you a tremendous amount of power and flexibility. You could essentially
write your own debugger/disassembler using it, and that's just scratching the surface. Here's a
tiny sample of some very straight-forward things you could do with the SDK:
➢
Automate the analysis and unpacking of packed binaries.
➢
Automate the process of finding the use of particular functions (for example,
LoadLibrary()
,
strcpy(),
and whatever else you can think of.)
➢
Analyse program and/or data flow, looking for things of interest to you.
➢
Binary diff'ing.
➢
Write a de-compiler.
➢
The list goes on..
To see a sample of what some people have written using the IDA SDK, check out the IDA Palace
website or the IDA download page (
http://www.hex-rays.com/idapro/idadown.htm
).
2.1 Installation
-
This is simple. Once you obtain the SDK (which should be in the form of a
.zip
file), unzip it to a
location of your choice. My preference is creating an
sdk
directory under the IDA installation and
putting everything in there, but it doesn't really matter.
2.2 Directory Layout
Rather than go through every directory and file in the SDK, I'm going to go over the directories
relevant to writing plug-ins, and what's in them.
Directory
Contains
/
Some makefiles for different environments as well as the
readme.txt
which you should read to get a quick overview of the SDK, in particular
anything that might've changed in recent versions.
include/
Header files, grouped into areas of functionality. I recommend going
through every one of these files and jotting down functions that look
applicable to your needs once you have gone through this tutorial.
libbor.wXX/
IDA library to link against when compiling with the Borland C compiler
libgccXX.lnx/
libgccXX.mac/
IDA library to link against when compiling with GCC under Linux and Mac
libgcc.wXX/
IDA library to link against when compiling with GCC under Windows
libvc.wXX/
IDA library to link against when compiling with Visual C++ under
Windows
plugins/
Sample plug-ins
XX
is either 32(bit) or 64(bit), which will depend on the architecture you’re running on.
2.3 Header Files
Of the fifty-two header files in the
include
directory, I found the following to be most relevant
when writing plug-ins. If you want information on all the headers, look at
readme.txt
in the SDK
root directory, or in the header file itself. This listing is just here to provide a quick reference point
when looking for certain functionality – more detail will be revealed in the following sections.
File(s)
Contains
area.hpp
area_t
and
areacb_t
classes, which represent “areas” of code,
and will be covered in detail later on.
bytes.hpp
Functions and definitions for dealing with individual bytes within a
disassembled file.
dbg.hpp & idd.hpp
Debugger classes and functions.
diskio.hpp & fpro.h
IDA equivalents to
fopen()
,
open()
, etc. as well as some misc.
file operations (getting free disk space, current working directory,
etc.)
entry.hpp
Functions for getting and manipulating executable entry point
information.
frame.hpp
Functions for dealing with the stack, function frames, local variables
and labels.
-
File(s)
Contains
funcs.hpp
func_t
class and basically everything function related.
ida.hpp
idainfo
struct, which holds mostly meta information about the file
being disassembled.
kernwin.hpp
Functions and classes for interacting with the IDA user interface.
lines.hpp
Functions and definitions that deal with disassembled text, colour
coding, etc.
loader.hpp
Mostly functions for loading files into and manipulating the IDB.
name.hpp
Functions and definitions for getting and setting names of bytes
(variable names, function names, etc.)
pro.h
Contains a whole range of misc. definitions and functions.
search.hpp
Various functions and definitions for searching the disassembled
file for text, data, code and more.
segment.hpp
segment_t
class and everything for dealing with binary segments/
sections.
strlist.hpp
string_info_t
structure and related functions for representing
each string in IDA's string list.
ua.hpp
insn_t
,
op_t
and
optype_t
classes representing assembly
instructions, operands and operand types respectively as well as
functions for working with the IDA analyser.
xref.hpp
Functions for dealing with cross referencing code and data
references.
2.4 Using the SDK
Generally speaking, any function within a header file that is prefixed with
ida_export
is
available for your use, as well as global variables prefixed with
ida_export_data
. The rule of
thumb is to stay away from lower level functions (these are indicated in the header files) and stick
to using the higher level interfaces provided. Any defined class, struct and enum is available for
your use.
-
3. Setting up a Build Environment
Note for Borland users:
The only compiler supported by the IDA SDK that isn't covered in this
section is Borland's. You should read the
install_cb.txt
and
makeenv_br.mak
in the root
of the SDK directory to determine the compiler and linker flags necessary.
Before you start coding away, it's best to have a proper environment set up to facilitate the
development process. The more popular environments have been covered, so apologies if yours
isn't. If you're already set up, feel free to skip to the next section.
3.1 Windows, Using Visual Studio
The version of Visual Studio used for this example is Visual C++ 2008 Express Edition, but
almost everything should be applicable to older versions.
Once you have Visual Studio running, close any other solutions and/or projects you might have
open; we want a totally clean slate.
1
Go to
File->New->Project...
(Ctrl-Shift-N)
2
Expand the
Visual C++
folder, followed by the
Win32
sub-folder, and then select the
Win32 Project
icon. Name the project whatever you like and click
OK
.
3
The Win32 Application Wizard should then appear, click the
Application Settings
link on the left and make sure
Windows Application
is selected, and then tick the
Empty Project
checkbox. Click
Finish
.
4
In the
Solutions Explorer
on the right hand side, right click on the
Source Files
folder and go to
Add->New Item...
5
Select
C++ File (.cpp
)
under the
Templates
section and name the file appropriately.
Click
Add
. Repeat this step for any other files you want to add to the project.
6
Go to
Project->
projectname
Properties...
7
Change the following settings (some have been put there to reduce the size of the
resulting plug-in, as VS seems to bloat the output file massively):
Configuration
drop down in the top left: Select
Release
Configuration Properties->General
: Change
Configuration Type
to
Dynamic Library (.dll)
C/C++->General
: Set
Detect 64-bit Portability Issues
checks to
No
C/C++->General
: Set
Debug Information Format
to
Disabled
C/C++->General
: Add the SDK include path to the
Additional Include
Directories
field. e.g.
C:\IDA\SDK\Include
C/C++->Preprocessor
: Add
__NT__;__IDP__
to
Preprocessor Definitions
C/C++->Code Generation
: Turn off
Buffer Security Check
, set
Basic
Runtime Checks
to
Default
and set
Runtime Library
to
Multi-threaded
C/C++->Advanced
:
Calling Convention
is
__stdcall
Linker->General
: Change
Output File
from a .
exe
to a .
plw
in the IDA
plugins
directory
Linker->General
: Add the path to your
libvc.wXX
to
Additional Library
Directories
.
e.g.
C:\IDA\SDK\libvc.w32
Linker->Input
: Add
ida.lib
to
Aditional Dependencies
Linker->Debugging
:
No
to
Generate Debug Info
Linker->Command Line
: Add
/EXPORT:PLUGIN
Build Events->Post-Build Event
: Set
Command-line
to your
idag.exe
to start
IDA after each successful build (Optional)
Click
OK
8
Go to
Build->Configuration Manager...
and change the drop-down in the
Configuration
column for your plug-in project from
Debug
to
Release
.
Click
OK
9
Move on to section 3.5
-
3.2 Windows, Using Dev-C++ with GCC and MinGW
You can obtain a copy of Dev-C++, GCC and MinGW as one package from
http://www.bloodshed.net/dev/devcpp.html
. Installing and setting it up is beyond the scope of this
tutorial, so from here on, it'll be assumed that it's all in working order.
As before, start up Dev-C++ and ensure no project or other files are open; we want a clean slate.
1
Go to
File->New Project
, choose
Empty Project
, make sure
C++ Project
is
selected and give it any name you wish, click
OK
2
Choose a directory to save the project file, this can be anywhere you wish.
3
Go to
Project->New File
, this will hold the source code to your plug-in. Repeat this
step for any other files you want to add to the project.
4
Go to
Project->Project Options
, click on the
Parameters
tab.
5
Under
C++ compiler
, add:
-DWIN32 -D__NT__ -D__IDP__ -v -mrtd
6
Under
Linker
, add:
../path/to/your/sdk/libgcc.wXX/ida.a -Wl,--dll -shared
Just a note here - it's usually best to start with
../
, because msys seems to get confused
with just
/
, and tries to reference it from the root of the msys directory.
7
Click on the
Directories
tab, and
Include Directories
sub-tab. Add the path to
your IDA SDK
include
directory to the list.
8
Click on the
Build Options
tab, set the
Executable
output directory
to your
IDA
plugins
directory, and Override the
o
utput filename
to be a
.plw
file. Click
OK
.
9
Move on to section 3.5
-
I do not know how Under
C ++ compiler
, add:
-DWIN32 -D__NT__ -D__IDP__ -v -mrtd
How to properly add this? How is this more correct?
-
Also Project-> Project Options I do not see, I will not find it for a long time.
-
When I add ../path/to/your/sdk/libgcc.wXX/ida.a -Wl, - dll -shared whether to place in one line, together the path and these -Wl, -dll -shared, or Otherwise to place them in other place?
-
Ok, now i think i know what you want. You want to build this IDA plugin with codeblocks?
Ok, so i think the best way is to go the dev c++ way...
You have to add the paths for libraries like
/path/to/your/sdk/libgcc.wXX/
to Project->Settings->Build options->Search directories->Linker
Libraries like
ida.a
you add to Project->Settings->Build options->Linker settings->Link libraries
You can also place it combined in Project->Settings->Build options->Linker settings->Other linker options but then you have to add the "-l" for library:
-lpath/to/your/sdk/libgcc.wXX/ida.a -Wl, - dll -shared
Linker options like
-Wl, - dll -shared
are set in Project->Settings->Build options->Linker settings->Other linker options
(you can distinguish linker and compiler settings the most time by the "-Wl," part. this means linker option)
Just a note here - it's usually best to start with
../
, because msys seems to get confused
with just
/
, and tries to reference it from the root of the msys directory.
i would ignore this note...
I do not know how Under
C ++ compiler
, add:
-DWIN32 -D__NT__ -D__IDP__ -v -mrtd
this are mixed options...
-D is for defines. you can add all this to other compiler options: Project->Build options->Compiler settings->Other compiler options:
-DWIN32 -D__NT__ -D__IDP__ -v -mrtd
or you splitt the "-D" options to "#defines" Project->Build options->Compiler settings->#defines:
WIN32
__NT__
__IDP__
-v -mrtd
i don't know this options... But compiler options are always set in Project->Build options->Compiler settings->Other compiler options
I hope this helped a bit. If not i can try to write a more detailed guide, on the base of you instructions. But i can not test it because i have to IDA and i can not pay for it (it would be a cool tool...)
If you have problems compiling, please remember this link: http://wiki.codeblocks.org/index.php?title=FAQ-Compiling_(general)#Q:_How_do_I_report_a_compilation_problem_on_the_forums.3F and always post a full build log.
Greetings
-
If not i can try to write a more detailed guide, on the base of you instructions. But I can not test it because it has an IDA and I can not afford it
Thank you! Yes, this tool is cool, cool tool, but they need to be able to use. There are so many different possibilities, many buttons, but it takes a long time to get used to. Just do not know exactly which buttons to press and how to use it. And I, too, am still extremely poor at knowing how to use this tool.
-
E:\PL\PL1\pl1.cpp|70|error: 'init' was not declared in this scope|
extern "C" plugin_t PLUGIN = {
IDP_INTERFACE_VERSION,
0,
init,
term,
run,
comment,
help,
wanted_name,
wanted_hotkey
};
There are still errors, which indicates either my incorrect settings in the code blocks, or my incorrect IDA, or somewhere else wrong.
I also use my old familiar codeblocks, a good handy very familiar one, with the GNU GCC g ++ compiler, which is all good, and not any other tool or compiler. :)
-
In one box with IDA there are many examples. They are for self-compilation. These examples are all provided with a makefile. How is it better to open it with codeblocks? Is it really necessary to create a project? Perhaps it is enough to specify only the makefile, would that be better?
-
Yes you can use makefiles with codeblocks:
Project->Properties->This is a custom makefile
Then codeblocks is simply a editor....
Codeblocks does nothing. So if you add a file in the project you have to add it by yourself in the makefile. I can not help you with that...
There are still errors, which indicates either my incorrect settings in the code blocks, or my incorrect IDA, or somewhere else wrong.
You can post the build log for example?
E:\PL\PL1\pl1.cpp|70|error: 'init' was not declared in this scope|
this seems like you have forgotten a include file
Can you post the makefile? This would make things a lot easier...