So I recently purchase IDA 6.1 and quickly realized that the majority of plugins available online were simply compiled for windows, but no source!
One example was pattern maker that was originally posted here. Unfortunately the source was lost, so I decided to attempt to re-create it. It simply gives you patterns for the disassembly you have selected.
Enjoy!
Source:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
/* * Pattern Maker * * Want to create patterns? This plugin will do it! * */ #ifdef NO_OBSOLETE_FUNCS #undef NO_OBSOLETE_FUNCS #endif #include <ida.hpp> #include <idp.hpp> #include <auto.hpp> #include <entry.hpp> #include <bytes.hpp> #include <loader.hpp> #include <kernwin.hpp> #include <typeinf.hpp> #include <demangle.hpp> #include <ua.hpp> #include <stdio.h> //-------------------------------------------------------------------------- int idaapi init(void) { if ( get_entry_qty() == 0 ) return PLUGIN_SKIP; return PLUGIN_OK; } //-------------------------------------------------------------------------- void idaapi run(int /*arg*/) { if ( !autoIsOk() ){ msg( "Please wait until analysis is complete!\n" ); return; } // something is selected! ea_t start, end; if ( read_selection( &start, &end ) ){ char funcname[128];// = NULL; if ( get_func_name(start, funcname, 128) == NULL ){ funcname[0] = '\0'; } //int i = start; func_item_iterator_t fii; bool ok = fii.set_range(start, end); ea_t line = fii.current(); // generate our mask char mask[256] = {0}; init_output_buffer(mask, sizeof(mask)); while ( ok ){ // do we have an xref in this line? ea_t xref = get_first_dref_from(line); ea_t endLineAddress = get_item_end(line); if ( xref == -1 ){ xref = get_first_fcref_from(line); } // TODO: Find a method to locate how long the XREF is, and where it begins // xref found! int numInstructions = endLineAddress - line; if ( xref != -1 ){ // I can about guarantee this is stupid, but I don't know a better method if ( numInstructions == 2 ){ out_snprintf("x?"); } else if ( numInstructions == 5 ){ out_snprintf("x????"); } else if ( numInstructions == 6 ){ out_snprintf("xx????"); } else{ for(int x = 0; x < numInstructions; x++ ){ out_snprintf("x"); } } } else{ for(int x = 0; x < numInstructions; x++ ){ out_snprintf("x"); } } ok = fii.next_not_tail(); line = fii.current(); } term_output_buffer(); func_item_iterator_t fi; ok = fi.set_range(start, end); line = fi.current(); // generate the pattern char pattern[1024] = {0}; init_output_buffer(pattern, sizeof(pattern)); while ( ok ){ ea_t endLineAddress = get_item_end(line); for ( int x = line; x < endLineAddress; x++ ){ out_snprintf("/x%02X", get_byte(x)); } ok = fi.next_not_tail(); line = fi.current(); } term_output_buffer(); static const char form[] = "STARTITEM 0\n" "Pattern below!\n\n" "\n" "<~P~attern:A:4096:64::>\n" "<~M~ask:A:4096:64::>\n" "<~F~unction:A:256:64::>\n"; char buf[MAXSTR]; qstrncpy(buf, pattern, sizeof(buf)); AskUsingForm_c(form, buf, &mask, &funcname); } return; } //-------------------------------------------------------------------------- plugin_t PLUGIN = { IDP_INTERFACE_VERSION, 0, // plugin flags init, // initialize NULL, run, // invoke plugin "Generates patterns for the selected disassembly", "Generates patterns for the selected disassembly", "Pattern Maker", "Ctrl-F12", }; |