// Search v0.5 beta
// Plugin module for IDA Pro v3.84
// written by Quine (quine@blacksun.res.cmu.edu)
// visit Quine's IDA Page at http://surf.to/quine_ida

#include <ida.hpp>
#include <idp.hpp>
#include <loader.hpp>
#include <kernwin.hpp>
#include <bytes.hpp>
#include <ua.hpp>
#include <nalt.hpp>
#include <funcs.hpp>
#include <enum.hpp>

ulong prev_imm;
int imm_opn = -1;

int init(void)
{
  return PLUGIN_OK;
}

void term(void)
{
}

ea_t find_code_imm(ea_t start_ea, ulong imm_val) {
    ea_t ea = start_ea;
    ea_t found_ea = BADADDR;
    func_t *pfn;

    do {

        // skip over any hidden functions
        if ( pfn = get_func(ea) ) {
            if ( !is_visible_func(pfn) ) {
                continue;
            }
        }

        // disassemble the current instruction
        ua_ana0(ea);

        // loop through all the operands in current insn to see if they
        // contain an immediate op with the value we're looking for
        for ( int i = 0; i<3; i++ ) {
            if ( cmd.Operands[i].type == o_imm ) {
                if ( cmd.Operands[i].value == imm_val ) {
                    found_ea = ea;
                    imm_opn = i;
                }
            }
        }

    } while ( (found_ea == BADADDR) && ((ea = nextThat(ea, isCode)) != BADADDR) );

    return found_ea;
}

void run(int arg)
{
    ulong imm = 0;
    imm_opn = -1;
    msg("arg: %i\n", arg);
    if ( arg == 0 ) {
        callui(ui_asklong, &imm, "Enter the immediate value to search for:");
        prev_imm = imm;
    } else if (arg == 1 ) {
        imm = prev_imm;
    } else {
        return;
    }
    ea_t ea = find_code_imm(nextThat(get_screen_ea(), isCode), imm);
    if ( ea != BADADDR ) {
        jumpto(ea, imm_opn);
        msg("Found immediate value 0x%x at %08X.\n", imm, ea);
    } else {
        beep();
        msg("Immediate value 0x%x not found.\n", imm);
    }
}

//--------------------------------------------------------------------------
char comment[] = "This implements some new search functions.";

char help[] =
        "A sample plugin module\n"
        "\n"
        "This module shows you how to create plugin modules.\n"
        "\n"
        "It does nothing useful - just prints a message that is was called\n"
        "and shows the current address.\n";


//--------------------------------------------------------------------------
// This is the preferred name of the plugin module in the menu system
// The preferred name may be overriden in plugins.cfg file

char wanted_name[] = "Search plugin";


// This is the preferred hotkey for the plugin module
// The preferred hotkey may be overriden in plugins.cfg file
// Note: IDA won't tell you if the hotkey is not correct
//       It will just disable the hotkey.

char wanted_hotkey[] = "Alt-F7";


//--------------------------------------------------------------------------
//
//      PLUGIN DESCRIPTION BLOCK
//
//--------------------------------------------------------------------------

extern "C" plugin_t PLUGIN = {
  IDP_INTERFACE_VERSION,
  0,                    // plugin flags
  init,                 // initialize

  term,                 // terminate. this pointer may be NULL.

  run,                  // invoke plugin

  comment,              // long comment about the plugin
                        // it could appear in the status line
                        // or as a hint

  help,                 // multiline help about the plugin

  wanted_name,          // the preferred short name of the plugin
  wanted_hotkey         // the preferred hotkey to run the plugin
};