User forums > Using Code::Blocks

How to build the .plw plug-in

(1/4) > >>

Дмитро:
How to build the .plw plug-in, which is the world's best disassembler of the ages for IDA, is there a plug-in in it? as the secret of all the correct settings?

BlueHazzard:
I am not aware of any IDA  plugin for codeblocks. If you have found one can you give a link?

Дмитро:
No, we probably did not understand each other exactly. I want to compile from the code the plugin. And the disassembler IDA will use our manufactured plug-ins. This is an electronic translator, which is not everything, and not always.

So I downloaded the book idapw.pdf, which explains, and is written broadly and fully, and I started reading it.
But I still do not understand how to set up the codeblocks environment for compilation, to exit the ready-made plugin .plw

Дмитро:
2. The IDA SDK
IDA is a fantastic disassembler and comes with a variety of debuggers too. While IDA alone has
an amazing amount of functionality, there are always things you'll want to automate or do in some
particular way that IDA doesn't support. Thankfully, the guys at Hex-Rays have released the IDA
SDK: a way for you to hook your own desired functionality into IDA.
There are four types of modules you can write for IDA using the IDA SDK, plug-in modules being
the subject of this tutorial:
Module Type
Purpose
Processor
Adding support for different processor architectures. Also known as
IDP (IDa Processor) modules.
Plug-in
Extending functionality in IDA.
Loader
Adding support for different executable file formats.
Debugger
Adding support for debugging on different platforms and/or interacting
with other debuggers / remote debugging.
From here onwards, the term "plug-in" will be used in place of "plug-in module", unless otherwise
indicated.
The IDA SDK contains all the header and library files you need to write an IDA plug-in. It supports
a number of compilers on Linux, Mac and Windows platforms, and also comes with several
example plug-ins that illustrate a couple of basic features available.
Whether you're a reverse engineer, vulnerability researcher, malware analyst, or a combination of
them, the SDK gives you a tremendous amount of power and flexibility. You could essentially
write your own debugger/disassembler using it, and that's just scratching the surface. Here's a
tiny sample of some very straight-forward things you could do with the SDK:

Automate the analysis and unpacking of packed binaries.

Automate   the   process   of   finding   the   use   of   particular   functions   (for   example,
LoadLibrary()
,
strcpy(),
 and whatever else you can think of.)

Analyse program and/or data flow, looking for things of interest to you.

Binary diff'ing.

Write a de-compiler.

The list goes on..
To see a sample of what some people have written using the IDA SDK, check out the IDA Palace
website or the IDA download page (
http://www.hex-rays.com/idapro/idadown.htm
).
2.1 Installation

Дмитро:
This is simple. Once you obtain the SDK (which should be in the form of a
.zip
 file), unzip it to a
location of your choice. My preference is creating an
sdk
 directory under the IDA installation and
putting everything in there, but it doesn't really matter.
2.2 Directory Layout
Rather than go through every directory and file in the SDK, I'm going to go over the directories
relevant to writing plug-ins, and what's in them.
Directory
Contains
/
Some makefiles for different environments as well as the
readme.txt
which you should read to get a quick overview of the SDK, in particular
anything that might've changed in recent versions.
include/
Header files, grouped into areas of functionality. I recommend going
through every one of these files and jotting down functions that look
applicable to your needs once you have gone through this tutorial.
libbor.wXX/
IDA library to link against when compiling with the Borland C compiler
libgccXX.lnx/
libgccXX.mac/
IDA library to link against when compiling with GCC under Linux and Mac
libgcc.wXX/
IDA library to link against when compiling with GCC under Windows
libvc.wXX/
IDA library to link against when compiling with Visual C++ under
Windows
plugins/
Sample plug-ins
XX
 is either 32(bit) or 64(bit), which will depend on the architecture you’re running on.
2.3 Header Files
Of the fifty-two header files in the
include
 directory, I found the following to be most relevant
when writing plug-ins. If you want information on all the headers, look at
readme.txt
 in the SDK
root directory, or in the header file itself. This listing is just here to provide a quick reference point
when looking for certain functionality – more detail will be revealed in the following sections.
File(s)
Contains
area.hpp
area_t
and
areacb_t
 classes, which represent “areas” of code,
and will be covered in detail later on.
bytes.hpp
Functions and definitions for dealing with individual bytes within a
disassembled file.
dbg.hpp & idd.hpp
Debugger classes and functions.
diskio.hpp & fpro.h
IDA equivalents to
fopen()
,
open()
, etc. as well as some misc.
file operations (getting free disk space, current working directory,
etc.)
entry.hpp
Functions for getting and manipulating executable entry point
information.
frame.hpp
Functions for dealing with the stack, function frames, local variables
and labels.

Navigation

[0] Message Index

[#] Next page

Go to full version