6.6
Selective Tracing (Phương pháp 2)
|
//
// snaptrace2.cpp
//
#include <ida.hpp>
#include <idp.hpp>
#include
<loader.hpp>
#include <dbg.hpp>
ea_t start_ea = 0;
ea_t end_ea = 0;
// Handler for
HT_DBG events
int idaapi
trace_handler(void *udata, int dbg_event_id, va_list
va)
{
regval_t esp, eip;
// Get ESP
register value
get_reg_val("esp",
&esp);
// Get EIP
register value
get_reg_val("eip",
&eip);
// We'll also
receive debug events unrelated to tracing,
// make sure
those are filtered out
if
(dbg_event_id == dbg_trace) {
// Make sure
EIP is between the user-specified range
if
(eip.ival > start_ea && eip.ival < end_ea)
msg("ESP =
%a\n", esp.ival);
}
return 0;
}
int
IDAP_init(void)
{
// Receive
debug event notifications
hook_to_notification_point(HT_DBG, trace_handler, NULL);
return
PLUGIN_KEEP;
}
void
IDAP_term(void)
{
// Unhook from
the notification point on exit
unhook_from_notification_point(HT_DBG, trace_handler, NULL);
return;
}
void
IDAP_run(int arg)
{
// Ask the user
for a start and end address
askaddr(&start_ea,
"Start Address:");
askaddr(&end_ea,
"End Address:");
// Queue the
following
// Run to the
binary entry point
request_run_to(inf.startIP);
// Enable step
tracing
request_enable_step_trace();
// Run queued
requests
run_requests();
}
char
IDAP_comment[] = "Snap Tracer 2";
char
IDAP_help[] = "Allow tracing only between user "
"specified addresses\n";
char
IDAP_name[] = "Snap Tracer 2";
char
IDAP_hotkey[] = "Alt-I";
plugin_t PLUGIN =
{
IDP_INTERFACE_VERSION,
0,
IDAP_init,
IDAP_term,
IDAP_run,
IDAP_comment,
IDAP_help,
IDAP_name,
IDAP_hotkey
};
|
6.7
Sao chép & Dán nhị phân
|
//
// copypaste.cpp
//
#include <ida.hpp>
#include <idp.hpp>
#include
<loader.hpp>
#define
MAX_COPYPASTE 1024
// This will hold
our copied buffer for pasting
char
data[MAX_COPYPASTE];
// Bytes copied
into the above buffer
ssize_t filled = 0;
// Insert the
following two lines into your plugins.cfg file
// Replace
pluginname with the filename of your plugin minus
// the extension.
//
// Copy_Buffer
pluginname Alt-C 0
// Paste_Buffer
pluginname Alt-V 1
//
int
IDAP_init(void)
{
return
PLUGIN_KEEP;
}
void
IDAP_term(void)
{
return;
}
void
copy_buffer() {
ea_t saddr, eaddr;
ssize_t size;
// Get the
boundaries of the user selection
if
(read_selection(&saddr, &eaddr)) {
// Work out
the size, make sure it doesn't exceed the buffer
// we have
allocated.
size = eaddr -
saddr;
if (size
> MAX_COPYPASTE) {
warning("You
can only copy a max of %d bytes\n", MAX_COPYPASTE);
return;
}
// Get the
bytes from the file, store it in our buffer
if
(get_many_bytes(saddr, data, size)) {
filled = size;
msg("Successfully copied %d bytes from %a into memory.\n",
size,
saddr);
} else {
filled = 0;
}
} else {
warning("No
bytes selected!\n");
return;
}
}
void
paste_buffer() {
// Get the
cursor position. This is where we will paste to
ea_t curpos =
get_screen_ea();
// Make sure
the buffer has been filled with a Copy operation first.
if (filled)
{
// Patch the
binary (paste)
patch_many_bytes(curpos, data, filled);
msg("Patched
%d bytes at %a.\n", filled, curpos);
} else {
warning("No
data to paste!\n");
return;
}
}
void
IDAP_run(int arg) {
// Based on the
argument supplied in plugins.cfg,
// we can use
the one plug-in for both the copy
// and paste
operations.
switch(arg)
{
case 0:
copy_buffer();
break;
case 1:
paste_buffer();
break;
default:
warning("Invalid usage!\n");
return;
}
}
// These are
actually pointless because we'll be overriding them
// in plugins.cfg
char
IDAP_comment[] = "Binary Copy and Paster";
char
IDAP_help[] = "Allows the user to copy and paste binary\n";
char
IDAP_name[] = "Binary Copy and Paster";
char
IDAP_hotkey[] = "Alt-I";
plugin_t PLUGIN =
{
IDP_INTERFACE_VERSION,
0,
IDAP_init,
IDAP_term,
IDAP_run,
IDAP_comment,
IDAP_help,
IDAP_name,
IDAP_hotkey
};
|
No comments:
Post a Comment