//---------------------------------------------------------------------- static void get_input_and_sym_path( const char *input_file, const char *user_spath, qwstring &winput, qwstring &wspath) { char env_sympath[4096]; char temp_path[QMAXPATH]; char spath[sizeof(spath_prefix)+sizeof(temp_path)+sizeof(spath_suffix)]; // no symbol path passed? let us compute default values if ( user_spath == NULL || user_spath[0] == '\0' ) { // no env var? if ( GetEnvironmentVariable("_NT_SYMBOL_PATH", env_sympath, sizeof(env_sympath)) == 0 || GetLastError() == ERROR_ENVVAR_NOT_FOUND ) { if ( !GetTempPath(sizeof(temp_path), temp_path) ) temp_path[0] = '\0'; else qstrncat(temp_path, "ida", sizeof(temp_path)); qsnprintf(spath, sizeof(spath), "%s%s%s", spath_prefix, temp_path, spath_suffix); user_spath = spath; } else { user_spath = env_sympath; } } c2ustr(user_spath, &wspath); c2ustr(input_file, &winput); }
char* construct_output_filename(char *prefix) { //char result[MAXSTR]; char *result = (char*)qalloc(MAXSTR); get_root_filename(result, MAXSTR); qstrncat(result, prefix, MAXSTR); return result; }
void out(void) { char buf[MAXSTR]; char postfix[MAXSTR]=""; init_output_buffer(buf, sizeof(buf)); /* if we have a load or store instruction, flags are used a bit different */ if (cmd.itype<=ARC_store_instructions) { switch ((cmd.auxpref&6)>>1) { case 0: qstrncat(postfix, "", sizeof(postfix)); break; case 1: qstrncat(postfix, "b", sizeof(postfix)); break; case 2: qstrncat(postfix, "w", sizeof(postfix)); break; default: qstrncat(postfix, "?", sizeof(postfix)); break; } if (cmd.auxpref&1) qstrncat(postfix, ".x", sizeof(postfix)); if (cmd.auxpref&8) qstrncat(postfix, ".a", sizeof(postfix)); if (cmd.auxpref&32) qstrncat(postfix, ".di", sizeof(postfix)); } else if (cmd.auxpref&31)
//-------------------------------------------------------------------------- // get path+name from a mapped file in the debugged process bool win32_debmod_t::get_mapped_filename(HANDLE process_handle, ea_t imagebase, char *buf, size_t bufsize) { if ( _GetMappedFileName != NULL ) { TCHAR name[QMAXPATH]; name[0] = '\0'; if ( !can_access(imagebase) ) imagebase += MEMORY_PAGE_SIZE; if ( _GetMappedFileName(process_handle, (LPVOID)imagebase, name, qnumber(name)) ) { // translate path with device name to drive letters. // based on http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base/obtaining_a_file_name_from_a_file_handle.asp TCHAR szTemp[MAX_PATH]; szTemp[0] = '\0'; if ( GetLogicalDriveStrings(sizeof(szTemp), szTemp) ) { char szName[MAX_PATH]; char szDrive[3] = " :"; bool bFound = FALSE; char *p = szTemp; do { // Copy the drive letter to the template string szDrive[0] = *p; // Look up each device name if ( QueryDosDevice(szDrive, szName, MAX_PATH) ) { size_t uNameLen = strlen(szName); if ( uNameLen < MAX_PATH ) { bFound = strnicmp(name, szName, uNameLen) == 0; if ( bFound ) { // Reconstruct pszFilename using szTemp // Replace device path with DOS path qstrncpy(name, szDrive, sizeof(name)); qstrncat(name, name+uNameLen, sizeof(name)); } } } // Go to the next NULL character. while ( *p++ ); } while ( !bFound && *p ); // end of string } wcstr(buf, name, bufsize); return true; } } return false; }
//firstly sear //ea_t loc - address of import //size - len of array //returns list of xrefs to, and size of list array ea_t* find_function_xref(char *name, int *size) { //*size = 0; int count = 0, i = 0; *size = 0; xrefblk_t xb; char funcname_incode[MAXSTR]; ea_t *list; ea_t func_addr = find_import_loc(name); // msg("%s in import = %a\n", name, func_addr); if(func_addr == BADADDR){ qstrncpy(funcname_incode, name, MAXSTR-2); qstrncat(funcname_incode, "(", MAXSTR-1); //msg("name:%s func_name:%s = \n", name, funcname_incode); //malloc_addr = find_function_EA_by_name(f, "ExAllocatePoolWithTag"); func_addr = find_function_EA_by_name(funcname_incode); //msg("%s in import = %a\n", name, func_addr); } if(func_addr == BADADDR)return NULL; for(bool ok = xb.first_to(func_addr, XREF_ALL); ok; ok = xb.next_to()) { //msg("Caller to ExAllocatePoolWithTag %a \n", xb.from); count++; } // msg("find_import_xref %d \n", count); list = (ea_t*)qalloc(sizeof(ea_t) * count); if(!list){ msg("qalloc failed: bytes %a \n", count); return NULL; } for (bool ok = xb.first_to(func_addr, XREF_ALL); ok; ok = xb.next_to()) { //*list++ = xb.from; list[i] = xb.from; i++; } // msg("find_import_xref for %s : %d \n", name, i); *size = count; return list; }
void idaapi run(int arg) { char buf[MAXSTR]; char cmt[MAXSTR]; char *valid_cmt = NULL; char ext[0x20]; FILE *f = NULL; short checkboxes = OPTION_NAMES | OPTION_COMMENTS; sval_t bank = 1; // default bool first = true; bool hasName = false; flags_t flags; ea_t ea = 0x0; if( AskUsingForm_c( madnes_options, &checkboxes, &bank ) != 1 || checkboxes == 0 ) return; // prepare filename for namelist (.nl) file get_input_file_path( buf, sizeof( buf ) ); qsnprintf( ext, sizeof( ext ),".%X.nl",--bank ); qstrncat( buf, ext, sizeof( buf )-strlen( buf ) ); // (always) create file f = qfopen( buf, "w" ); if( f == NULL ) { warning( "%s could not be created!", buf ); return; } msg( "Writing to file %s..", buf ); while( ea <= 0xFFFF ) { hasName = false; // get flags if( isCode( getFlags( ea ) ) ) flags = getFlags( ea ); else flags = getFlags( get_item_head( ea ) ); // if user either chose to export names or anynames if( ( ( checkboxes & OPTION_NAMES ) && has_name( flags ) ) || ( ( checkboxes & OPTION_ANYNAME ) && has_any_name( flags ) ) ) { // if current item is code or if current item is head of item if( isCode( flags ) || ea==get_item_head( ea ) ) { // get name get_name( ea, ea, buf, sizeof( buf ) ); // write to file qfprintf( f, "$%04X#%s#", ea, buf ); } else // if not code or not head of item (must be an array) { // get name of item start get_name( get_item_head( ea ), get_item_head( ea ), buf, sizeof( buf ) ); // calc displacement, write to file (example: "password+$04") qfprintf( f, "$%04X#%s+$%X#", ea, buf, ea-get_item_head( ea ) ); } hasName = true; } // if user chose to export cross references if( checkboxes & OPTION_XREFS ) { xrefblk_t xb; first = true; // cycle through all xrefs except ordinary flow xrefs for ( bool ok=xb.first_to( ea, XREF_FAR/*XREF_ALL*/); ok; ok=xb.next_to() ) { if( first ) // if first xref { if( !hasName ) // if this location hasn't a name yet, add symbol stub { qfprintf( f, "$%04X##", ea ); hasName = true; } qfprintf( f, "XREFS:\n\\"); // append XREFS first = false; } qfprintf( f, " $%04X\n\\", xb.from ); } } // if user chose to export comments if( checkboxes & OPTION_COMMENTS ) { if( has_cmt( flags ) ) // if current item has comment { // get comment // workaround for get_any_indeted_cmt() // -> unresolved external symbol "char * __stdcall get_any_indented_cmt(unsigned long,unsigned char *)" (?get_any_indented_cmt@@YGPADKPAE@Z) if( get_cmt( ea, false, cmt, sizeof( cmt ) ) == -1 ) get_cmt( ea, true, cmt, sizeof( cmt ) ); // validate comment (replace invalid chars, add room for additional chars) valid_cmt = validate_comment( cmt ); if( valid_cmt != NULL ) { if( !hasName ) { qfprintf( f, "$%04X##", ea ); // add symbol stub if no name yet hasName = true; } qfprintf( f, "%s", valid_cmt ); // write comment to file qfree( valid_cmt ); } } } if( hasName) qfprintf( f, "\n" ); ea++; // get name of each byte } qfclose( f ); msg( "done.\n" ); }
inline void get_cfg_filename(char *buf, size_t bufsize) { inf.get_proc_name(buf); strlwr(buf); qstrncat(buf, ".cfg", bufsize); }