Простой пример плагина для IDA на fasm

Код (Text):

1.  
2. format PE GUI 4.0 DLL on 'STUB'
3. entry DllEntryPoint
4.  
5.  
6. include '%fasminc%\win32a.inc'
7.  
8. macro .code { section '.code' code readable executable }
9. macro .data { section '.data' data readable writeable }
10.  
11. macro .CODE { .code }
12. macro .DATA { .data }
13.  
14. ;inline ea_t get_screen_ea(void)            { ea_t ea; callui(ui_screenea, &ea); return ea; }
15. ;typedef ulong ea_t;       // effective address
16.  
17.  
18. PLUGIN_KEEP             =   2   ; Plugin agrees to work with the current database
19.                                 ; and wants to stay in the memory
20. IDP_INTERFACE_VERSION   =  70   ; для IDA 4.7
21.  
22.  
23. .CODE
24.  
25.  
26. ;BOOL WINAPI DllEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
27.  
28. DllEntryPoint:
29.     mov eax, 1
30.     retn (4*3)
31.  
32.  
33. proc get_screen_ea
34. .ea  dd  ?
35. enter
36.     mov eax,[_callui]
37.     lea edx,[.ea]
38.     push edx
39.     push 10
40.     call DWORD [eax]
41.     add esp,4*2
42.     mov eax,[.ea]
43.     return
44. endp
45. ;---------------------------------------------------------------------    -----
46. ;
47. ;      Initialize.
48. ;
49. ;      IDA will call this function only once.
50. ;      If this function returns PLUGIN_SKIP, IDA will never load it again.
51. ;      If this function returns PLUGIN_OK, IDA will unload the plugin but
52. ;      remember that the plugin agreed to work with the database.
53. ;      The plugin will be loaded again if the user invokes it by
54. ;      pressing the hotkey or selecting it from the menu.
55. ;      After the second load the plugin will stay on memory.
56. ;      If this function returns PLUGIN_KEEP, IDA will keep the plugin
57. ;      in the memory. In this case the initialization function can hook
58. ;      into the processor module and user interface notification points.
59. ;      See the hook_to_notification_point() function.
60. ;
61. ;      In this example we check the input file format and make the decision.
62. ;      You may or may not check any other conditions to decide what you do:
63. ;      whether you agree to work with the database or not.
64. ;
65. ;int idaapi init(void)
66.  
67. init:
68.     mov eax, PLUGIN_KEEP
69.     retn
70.  
71.  
72. ;---------------------------------------------------------------------    -----
73. ;      Terminate.
74. ;      Usually this callback is empty.
75. ;      The plugin should unhook from the notification lists if
76. ;      hook_to_notification_point() was used.
77. ;
78. ;      IDA will call this function when the user asks to exit.
79. ;      This function won't be called in the case of emergency exits.
80.  
81. ;void idaapi term(void)
82.  
83. term:
84.     retn
85.  
86.  
87. ;---------------------------------------------------------------------    -----
88. ;
89. ;      The plugin method
90. ;
91. ;      This is the main function of plugin.
92. ;
93. ;      It will be called when the user selects the plugin.
94. ;
95. ;              arg - the input argument, it can be specified in
96. ;                    plugins.cfg file. The default is zero.
97. ;
98. ;
99.  
100. ;void idaapi run(int arg)
101.  
102. run:
103.     call get_screen_ea
104.     invoke ua_code, eax
105.     retn 4
106.  
107.  
108. .DATA
109.  
110.  
111. ;---------------------------------------------------------------------    -----
112. ;char comment[] = "This is a sample plugin. It does nothing useful";
113.  
114. comment  db  'Sample plugin on fasm',0
115.  
116.  
117. ;char help[] =
118. ;        "A sample plugin module\n"
119. ;        "\n"
120. ;        "This module shows you how to create plugin modules.\n"
121. ;        "\n"
122. ;        "It does nothing useful - just prints a message that is was called\n"
123. ;        "and shows the current address.\n";
124.  
125. help  db  0
126.  
127.  
128. ;---------------------------------------------------------------------    -----
129. ; This is the preferred name of the plugin module in the menu system
130. ; The preferred name may be overriden in plugins.cfg file
131.  
132. ;char wanted_name[] = "Sample plugin";
133.  
134. wanted_name  db  'Plugin on fasm',0
135.  
136.  
137.  
138. ; This is the preferred hotkey for the plugin module
139. ; The preferred hotkey may be overriden in plugins.cfg file
140. ; Note: IDA won't tell you if the hotkey is not correct
141. ;       It will just disable the hotkey.
142.  
143. ;char wanted_hotkey[] = "Alt-0";
144.  
145. wanted_hotkey  db  'F11',0
146.  
147.  
148. ;---------------------------------------------------------------------    -----
149. ;
150. ;      PLUGIN DESCRIPTION BLOCK
151. ;
152. ;---------------------------------------------------------------------    -----
153.  
154.  
155. PLUGIN  dd  IDP_INTERFACE_VERSION, 0, init, term, run, comment, help, wanted_name, wanted_hotkey
156.  
157.  
158. section '.idata' import data readable
159.  
160. library ida,'IDA.WLL'
161. import ida,\
162.        _callui,168,\
163.        ua_code,1022
164.  
165.  
166. section '.edata' export data readable
167.  
168.   export 'My_plugin.plw',\
169.          PLUGIN,'PLUGIN'
170.  
171.  
172. section '.reloc' fixups data discardable

в аттаче inc файл со всеми функциями для IDA 4.7



904962683__import.inc

 

функции это хорошо, а как с остальными структурами ?

 

infern0

вручную, по мере необходимости в той или иной структуре, так же как с функцией get_screen_ea в этом примере



с функциями конечно проще, perl - рулит