Hi All,

I was going to post this handy little IDC script I found, then I thought we might be able to expand it into a thread where people could add any useful scripts they've created, found, adapted, ripped off, or otherwise made use of.

If not, then consider it a chance to get the creative reversing juices working and come up with a new one! Could be for a one-off use situation, but that doesn't matter, it's just to throw around some ideas.


Here's one I found recently by "deobfuscated" which adds a hot key to simplify colorizing lines in IDA. I may adapt it to add a couple of different colors for different uses, making it a little easier to keep track of important lines as you scroll around a disassembly.

http://deobfuscated.blogspot.com/2011/06/coloring-junk-code-in-ida-pro.html


Coloring junk code in IDA Pro

Especially when reversing malware, junk code is always a pain.
For the sake of readability, I often color junk code with some dark color.
This makes the disassembly much more readable as shown below.

However, coloring instructions in IDA Pro is not very handy.
One has to go through menus ("Edit"->"Other"->"Color instruction...") and pick up a color for every single block to be colored.

That's why I wrote a very simple IDC script which can help with this and save some time. It simply colors the current instruction (at the cursor location) or the selected instructions, if any.
Running the script on an instruction that's been colored already sets its color back to the default value.
Also, a new hotkey ("j" in this case) is defined.
PHP Code:
#include <idc.idc>  
  
#define JUNK_COLOR 0x7f5555  
  
static ColorJunkCode()  
{  
 
auto startend;  
 if ((
start SelStart()) == BADADDR)  
  
start end ScreenEA();  
 else  
  
end SelEnd();  
 do {  
  if (
GetColor(startCIC_ITEM) == JUNK_COLOR)  
   
SetColor(startCIC_ITEMDEFCOLOR);  
  else  
   
SetColor(startCIC_ITEMJUNK_COLOR);  
  
start NextAddr (start);  
 } while (
start end);  
 
Refresh();  
}  
  
static 
main()  
{  
 
AddHotkey ("j""ColorJunkCode");  


Run the script in IDA ("File"->"Script file...") and you're ready to go.
Hitting <j> will now color current/selected instructions.

If you want IDA to load this script automatically, follow these steps:
- Store this script in IDA/idc (not mandatory but it makes sense to keep all scripts in the same directory)
- Edit IDA/idc/ida.idc:

Add the line "#include <colorjunk.idc>" (or whatever filename you like) at the top of the file
Copy/paste the AddHotkey instruction into the function "main"

- Remove the function "main" from colorjunk.idc

Any other good IDC scripts?

Cheers,
Kayaker