How to build the .plw plug-in

[Дмитро]

How to build the .plw plug-in, which is the world's best disassembler of the ages for IDA, is there a plug-in in it? as the secret of all the correct settings?

[BlueHazzard]

I am not aware of any IDA  plugin for codeblocks. If you have found one can you give a link?

[Дмитро]

No, we probably did not understand each other exactly. I want to compile from the code the plugin. And the disassembler IDA will use our manufactured plug-ins. This is an electronic translator, which is not everything, and not always.

So I downloaded the book idapw.pdf, which explains, and is written broadly and fully, and I started reading it.
But I still do not understand how to set up the codeblocks environment for compilation, to exit the ready-made plugin .plw

[Дмитро]

2. The IDA SDK
IDA is a fantastic disassembler and comes with a variety of debuggers too. While IDA alone has
an amazing amount of functionality, there are always things you'll want to automate or do in some
particular way that IDA doesn't support. Thankfully, the guys at Hex-Rays have released the IDA
SDK: a way for you to hook your own desired functionality into IDA.
There are four types of modules you can write for IDA using the IDA SDK, plug-in modules being
the subject of this tutorial:
Module Type
Purpose
Processor
Adding support for different processor architectures. Also known as
IDP (IDa Processor) modules.
Plug-in
Extending functionality in IDA.
Loader
Adding support for different executable file formats.
Debugger
Adding support for debugging on different platforms and/or interacting
with other debuggers / remote debugging.
From here onwards, the term "plug-in" will be used in place of "plug-in module", unless otherwise
indicated.
The IDA SDK contains all the header and library files you need to write an IDA plug-in. It supports
a number of compilers on Linux, Mac and Windows platforms, and also comes with several
example plug-ins that illustrate a couple of basic features available.
Whether you're a reverse engineer, vulnerability researcher, malware analyst, or a combination of
them, the SDK gives you a tremendous amount of power and flexibility. You could essentially
write your own debugger/disassembler using it, and that's just scratching the surface. Here's a
tiny sample of some very straight-forward things you could do with the SDK:
➢
Automate the analysis and unpacking of packed binaries.
➢
Automate   the   process   of   finding   the   use   of   particular   functions   (for   example,
LoadLibrary()
,
strcpy(),
 and whatever else you can think of.)
➢
Analyse program and/or data flow, looking for things of interest to you.
➢
Binary diff'ing.
➢
Write a de-compiler.
➢
The list goes on..
To see a sample of what some people have written using the IDA SDK, check out the IDA Palace
website or the IDA download page (
http://www.hex-rays.com/idapro/idadown.htm
).
2.1 Installation

[Дмитро]

This is simple. Once you obtain the SDK (which should be in the form of a
.zip
 file), unzip it to a
location of your choice. My preference is creating an
sdk
 directory under the IDA installation and
putting everything in there, but it doesn't really matter.
2.2 Directory Layout
Rather than go through every directory and file in the SDK, I'm going to go over the directories
relevant to writing plug-ins, and what's in them.
Directory
Contains
/
Some makefiles for different environments as well as the
readme.txt
which you should read to get a quick overview of the SDK, in particular
anything that might've changed in recent versions.
include/
Header files, grouped into areas of functionality. I recommend going
through every one of these files and jotting down functions that look
applicable to your needs once you have gone through this tutorial.
libbor.wXX/
IDA library to link against when compiling with the Borland C compiler
libgccXX.lnx/
libgccXX.mac/
IDA library to link against when compiling with GCC under Linux and Mac
libgcc.wXX/
IDA library to link against when compiling with GCC under Windows
libvc.wXX/
IDA library to link against when compiling with Visual C++ under
Windows
plugins/
Sample plug-ins
XX
 is either 32(bit) or 64(bit), which will depend on the architecture you’re running on.
2.3 Header Files
Of the fifty-two header files in the
include
 directory, I found the following to be most relevant
when writing plug-ins. If you want information on all the headers, look at
readme.txt
 in the SDK
root directory, or in the header file itself. This listing is just here to provide a quick reference point
when looking for certain functionality – more detail will be revealed in the following sections.
File(s)
Contains
area.hpp
area_t
and
areacb_t
 classes, which represent “areas” of code,
and will be covered in detail later on.
bytes.hpp
Functions and definitions for dealing with individual bytes within a
disassembled file.
dbg.hpp & idd.hpp
Debugger classes and functions.
diskio.hpp & fpro.h
IDA equivalents to
fopen()
,
open()
, etc. as well as some misc.
file operations (getting free disk space, current working directory,
etc.)
entry.hpp
Functions for getting and manipulating executable entry point
information.
frame.hpp
Functions for dealing with the stack, function frames, local variables
and labels.

[Дмитро]

File(s)
Contains
funcs.hpp
func_t
 class and basically everything function related.
ida.hpp
idainfo
 struct, which holds mostly meta information about the file
being disassembled.
kernwin.hpp
Functions and classes for interacting with the IDA user interface.
lines.hpp
Functions and definitions that deal with disassembled text, colour
coding, etc.
loader.hpp
Mostly functions for loading files into and manipulating the IDB.
name.hpp
Functions and definitions for getting and setting names of bytes
(variable names, function names, etc.)
pro.h
Contains a whole range of misc. definitions and functions.
search.hpp
Various functions and definitions for searching the disassembled
file for text, data, code and more.
segment.hpp
segment_t
 class and everything for dealing with binary segments/
sections.
strlist.hpp
string_info_t
 structure and related functions for representing
each string in IDA's string list.
ua.hpp
insn_t
,
op_t
 and
optype_t
 classes representing assembly
instructions,  operands and operand types respectively as well as
functions for working with the IDA analyser.
xref.hpp
Functions for dealing with cross referencing code and data
references.
2.4 Using the SDK
Generally speaking, any function within a header file that is prefixed with 
ida_export
  is
available for your use, as well as global variables prefixed with
ida_export_data
. The rule of
thumb is to stay away from lower level functions (these are indicated in the header files) and stick
to using the higher level interfaces provided. Any defined class, struct and enum is available for
your use.

[Дмитро]

3. Setting up a Build Environment
Note for Borland users:
The only compiler supported by the IDA SDK that isn't covered in this
section is Borland's. You should read the
install_cb.txt
 and
makeenv_br.mak
 in the root
of the SDK directory to determine the compiler and linker flags necessary.
Before you start coding away, it's best to have a proper environment set up to facilitate the
development process. The more popular environments have been covered, so apologies if yours
isn't. If you're already set up, feel free to skip to the next section.
3.1 Windows, Using Visual Studio
The version of Visual Studio used for this example is Visual C++ 2008 Express Edition, but
almost everything should be applicable to older versions.
Once you have Visual Studio running, close any other solutions and/or projects you might have
open; we want a totally clean slate.
1
Go to
File->New->Project...
 (Ctrl-Shift-N)
2
Expand the
Visual C++
folder, followed by the
Win32
 sub-folder, and then select the
Win32 Project
icon. Name the project whatever you like and click
OK
.
3
The Win32 Application Wizard should then appear, click the
Application Settings
link on the left and make sure
Windows Application
 is selected, and then tick the
Empty Project
 checkbox. Click
Finish
.
4
In the
Solutions Explorer
 on the right hand side, right click on the
Source Files
folder and go to
Add->New Item...
5
Select
C++ File (.cpp
)
 under the
Templates
 section and name the file appropriately.
Click
Add
. Repeat this step for any other files you want to add to the project.
6
Go to
Project->
projectname
 Properties...
7
Change the following settings (some have been put there to reduce the size of the
resulting plug-in, as VS seems to bloat the output file massively):
Configuration
drop down in the top left: Select
Release
Configuration Properties->General
: Change
Configuration Type
 to
Dynamic Library (.dll)
C/C++->General
: Set
Detect 64-bit Portability Issues
 checks to
No
C/C++->General
: Set
Debug Information Format
 to
Disabled
C/C++->General
: Add the SDK include path to the
Additional Include
Directories
field. e.g.
C:\IDA\SDK\Include
C/C++->Preprocessor
: Add
__NT__;__IDP__
 to
Preprocessor Definitions
C/C++->Code Generation
: Turn off
Buffer Security Check
, set
Basic
Runtime Checks
 to
Default
 and set
Runtime Library
 to
Multi-threaded
C/C++->Advanced
:
Calling Convention
 is
__stdcall
Linker->General
: Change
Output File
 from a .
exe
 to a .
plw
 in the IDA
plugins
directory
Linker->General
: Add the path to your
libvc.wXX
to
Additional Library
Directories
.
e.g.
C:\IDA\SDK\libvc.w32
Linker->Input
: Add
ida.lib
 to
Aditional Dependencies
Linker->Debugging
:
No
 to
Generate Debug Info
Linker->Command Line
: Add
/EXPORT:PLUGIN
Build Events->Post-Build Event
: Set
Command-line
 to your
idag.exe
 to start
IDA after each successful build (Optional)
Click
OK
8
Go to
Build->Configuration Manager...
 and change the drop-down in the
Configuration
column for your plug-in project from
Debug
 to
Release
.
Click
OK
9
Move on to section 3.5

[Дмитро]

3.2 Windows, Using Dev-C++ with GCC and MinGW
You   can   obtain   a   copy   of   Dev-C++,   GCC   and   MinGW   as   one   package   from
http://www.bloodshed.net/dev/devcpp.html
. Installing and setting it up is beyond the scope of this
tutorial, so from here on, it'll be assumed that it's all in working order.
As before, start up Dev-C++ and ensure no project or other files are open; we want a clean slate.
1
Go to
File->New Project
, choose
Empty Project
, make sure
C++ Project
 is
selected and give it any name you wish, click
OK
2
Choose a directory to save the project file, this can be anywhere you wish.
3
Go to
Project->New File
, this will hold the source code to your plug-in. Repeat this
step for any other files you want to add to the project.
4
Go to
Project->Project Options
, click on the
Parameters
 tab.
5
Under
C++ compiler
, add:
-DWIN32 -D__NT__ -D__IDP__ -v -mrtd
6
Under
Linker
, add:
../path/to/your/sdk/libgcc.wXX/ida.a -Wl,--dll -shared
Just a note here - it's usually best to start with
../
, because msys seems to get confused
with just
 /
, and tries to reference it from the root of the msys directory.
7
Click on the
Directories
 tab, and
Include Directories
 sub-tab. Add the path to
your IDA SDK
include
 directory to the list.
8
Click on the
Build Options
 tab, set the
Executable
output directory
 to your
IDA
plugins
 directory, and Override the
o
utput filename
 to be a
.plw
 file. Click
OK
.
9
Move on to section 3.5

[Дмитро]

I do not know how Under
C ++ compiler
, add:
-DWIN32 -D__NT__ -D__IDP__ -v -mrtd

How to properly add this? How is this more correct?

[Дмитро]

Also Project-> Project Options I do not see, I will not find it for a long time.

[Дмитро]

When I add ../path/to/your/sdk/libgcc.wXX/ida.a -Wl, - dll -shared whether to place in one line, together the path and these -Wl, -dll -shared, or Otherwise to place them in other place?

[BlueHazzard]

Ok, now i think i know what you want. You want to build this IDA plugin with codeblocks?

Ok, so i think the best way is to go the dev c++ way...
You have to add the paths for libraries like

/path/to/your/sdk/libgcc.wXX/

to Project->Settings->Build options->Search directories->Linker

Libraries like

ida.a

you add to   Project->Settings->Build options->Linker settings->Link libraries

You can also place it combined in Project->Settings->Build options->Linker settings->Other linker options but then you have to add the "-l" for library:

Code

-lpath/to/your/sdk/libgcc.wXX/ida.a -Wl, - dll -shared

Linker options like

-Wl, - dll -shared

are set in Project->Settings->Build options->Linker settings->Other linker options
(you can distinguish linker and compiler settings the most time by the "-Wl," part. this means linker option)

Just a note here - it's usually best to start with
../
, because msys seems to get confused
with just
 /
, and tries to reference it from the root of the msys directory.

i would ignore this note...

I do not know how Under
C ++ compiler
, add:
-DWIN32 -D__NT__ -D__IDP__ -v -mrtd

this are mixed options...
-D is for defines. you can add all this  to other compiler options: Project->Build options->Compiler settings->Other compiler options:

Code

-DWIN32 -D__NT__ -D__IDP__ -v -mrtd

or you splitt the "-D" options to "#defines" Project->Build options->Compiler settings->#defines:

Code

WIN32 
__NT__
__IDP__

-v -mrtd

i don't know this options... But compiler options are always set in Project->Build options->Compiler settings->Other compiler options

I hope this helped a bit. If not i can try to write a more detailed guide, on the base of you instructions. But i can not test it because i have to IDA and i can not pay for it (it would be a cool tool...)
If you have problems compiling, please remember this link: http://wiki.codeblocks.org/index.php?title=FAQ-Compiling_(general)#Q:_How_do_I_report_a_compilation_problem_on_the_forums.3F and always post a full build log.

Greetings

[Дмитро]

If not i can try to write a more detailed guide, on the base of you instructions. But I can not test it because it has an IDA and I can not afford it
Thank you! Yes, this tool is cool, cool tool, but they need to be able to use. There are so many different possibilities, many buttons, but it takes a long time to get used to. Just do not know exactly which buttons to press and how to use it. And I, too, am still extremely poor at knowing how to use this tool.

[Дмитро]

E:\PL\PL1\pl1.cpp|70|error: 'init' was not declared in this scope|

extern "C" plugin_t PLUGIN = {
IDP_INTERFACE_VERSION,
0,
init,
term,
run,
comment,
help,
wanted_name,
wanted_hotkey
};

There are still errors, which indicates either my incorrect settings in the code blocks, or my incorrect IDA, or somewhere else wrong.

I also use my old familiar codeblocks, a good handy very familiar one, with the GNU GCC g ++ compiler, which is all good, and not any other tool or compiler.

[Дмитро]

In one box with IDA there are many examples. They are for self-compilation. These examples are all provided with a makefile. How is it better to open it with codeblocks? Is it really necessary to create a project? Perhaps it is enough to specify only the makefile, would that be better?

[BlueHazzard]

Yes you can use makefiles with codeblocks:
Project->Properties->This is a custom makefile
Then codeblocks is simply a editor....
Codeblocks does nothing. So if you add a file in the project you have to add it by yourself in the makefile. I can not help you with that...

There are still errors, which indicates either my incorrect settings in the code blocks, or my incorrect IDA, or somewhere else wrong.

You can post the build log for example?

E:\PL\PL1\pl1.cpp|70|error: 'init' was not declared in this scope|

this seems like you have forgotten a include file

Can you post the makefile? This would make things a lot easier...