Reversing It Out
12-02-2007, 12:40 AM
Recently, IDA 5.2 has been released, bearing as usual a lot of cool features and bugfixes. One of the most interesting additions was the so-called scriptable debugger. Today, I had a bit of free time, and decided to experiment with that.
In a very limited time, I coded a simple API monitor to spy over file-write operations on executable files (for example done by some malware). For the curious ones, I have uploaded the script to my repository (https://www.openrce.org/repositories/users/Paolo/IdcDebuggerTest.idc): the code is just an experiment and is not all that useful - but it shows anyway how easy it is to use the new IDC commands.
http://bp2.blogger.com/_Iq20R_ym4vY/R1G3DWKqKgI/AAAAAAAAABo/xa5E1tuZsuI/s320/SpyOutput.PNG (http://bp2.blogger.com/_Iq20R_ym4vY/R1G3DWKqKgI/AAAAAAAAABo/2bYhXX0_6U8/s1600-R/SpyOutput.PNG)
http://reversingitout.blogspot.com/2007/12/experimenting-with-ida-52s-scriptable.html
In a very limited time, I coded a simple API monitor to spy over file-write operations on executable files (for example done by some malware). For the curious ones, I have uploaded the script to my repository (https://www.openrce.org/repositories/users/Paolo/IdcDebuggerTest.idc): the code is just an experiment and is not all that useful - but it shows anyway how easy it is to use the new IDC commands.
http://bp2.blogger.com/_Iq20R_ym4vY/R1G3DWKqKgI/AAAAAAAAABo/xa5E1tuZsuI/s320/SpyOutput.PNG (http://bp2.blogger.com/_Iq20R_ym4vY/R1G3DWKqKgI/AAAAAAAAABo/2bYhXX0_6U8/s1600-R/SpyOutput.PNG)
http://reversingitout.blogspot.com/2007/12/experimenting-with-ida-52s-scriptable.html
