From Collaborative RCE Tool Library
Code Snippet Creator
| Tool name: | Code Snippet Creator |
|
||
|---|---|---|---|---|
| Author: | servil | |||
| Website: | https://code.google.com/p/idaplugs/downloads/list | |||
| Current version: | 0.989 beta | |||
| Last updated: | 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Freeware | |||
| Description: | ------------------------------------------------------------------------------- code snippet creator plugin for ida pro by servil version 0.989 beta (Feb 2008) supported ida versions: 4.9 and above till API change (tested on 5.2 without backward compatibility enforcement) ------------------------------------------------------------------------------- basic ida plugin to automate migration of one or more functions from host program to custom assembly project (primarily masm targetted). some effort was put to be generic and able to process any processor and format based on function model using basic assembler data types (byte, word, dword...), however focussed and only properly tested on 32-bit borland and msvc code and is expected to give best results for these compilers (generally the more actual format is distant from pe-32 the less functionality you may expect), also all runtime features only are available for pe-32 formats. major features: * static code and data flowgraph traversal * static data formatting and bounds determining * code and data integrity care * integrated runtime evaluated addressing resolver (orig. executable required) * integrated process data dumping with emulation of accessed virtual data and stack variables (orig. executable required) * iat address translation for dynamic runtimes build (pe-32 only) * lexical compatibility adjustments, name conflicts resolving and basic output garbage cleanup * final flowgraph (kernel version 5.1 and newer) plugin is designed to cover all possible address ranges the root function(s) can access in real. the plugin is not click and go solution, only benefit csc gives is reduction of boring uphill work - in most cases output will need manual adjustments to pass compiler. plugin always builds reportlist hiliting warnings, problems, unsure places, etc..., beside it doubtful lines are commented in the sourcecode also. code traversal is based on x-refs, not raw operand values, so that mutual linkage of related ranges can be flexibly adjusted by user offsets or x-refs manager (see below). the plug got 4 components: 1. code ripper self this is the main component: basic (optionally) recursive deadcode traversal and creating output source file. additional options and adjustments are available from startup dialog. most obvious enough, two run-time features explained here: * runtime evaluated addressing resolver is useful for discovering indirect or runtime-evaluated jump/call targets (eg. call dword ptr [edx+08h], jmp eax, etc.): while targets are evaluated and reached at run-time in host application naturally, they are invisible at export time from deadcode, thus they wouldn't be expectingly not even exported. the resolver cares of tracing real targets and including targets to output - recommended for images written by OOP language. * process data dumper recognizes offsets to image range and to a known heap block. currently these dynamic block types are recognized: msvc malloc, delphi/cbuilder getmem, bcc malloc, gnu gcc malloc, virtualalloc, stack variables. relaxing the rules for offset recognition may increase amount of false offsets rapidly. runtime engines can process both standalone executables and dll`s on certain conditions (a loader directly executable by createprocess is present, loads the dll at some time and executes desired code there). 2. indirect flow resolver from external debugger (deprecated) 3. flirt names matching (a helper for code ripper) comparing libnames recognized by flirt to real library names is helpful to prevent later linking problems (unmatched names get library flag removed), worx in conjunctin with code ripper's 'include library functions` option turned off. 4. xrefs manager (plugin call parameter 3) view/create/remove user links between any two places of disassembly. two samples of usage: for code ripper to cover code or data ranges not referred from any of collected static areas or to change anchor point of non-head memory operands (o_mem). |
|||
| Related URLs: | No related URLs have been submitted for this tool yet | |||
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)
You are welcome to add your own useful notes about this tool, for others to see!