Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Post your favorite IDC scripts here

Questions concerning tools (other than OllyDbg) - IDA Pro, SoftIce, member contributions, etc.
<b>NOTE:</b> You must <b>always</b> make sure you cannot find what you are looking for in our <a href="/collaborative/tools">Collaborative RCE Tool Library</a> before asking for <b>any</b> tools that can do this or that though!
Locked
User avatar
Kayaker
Posts: 4169
Joined: Thu Oct 26, 2000 11:00 am

Post your favorite IDC scripts here

Post by Kayaker »

Hi All,

I was going to post this handy little IDC script I found, then I thought we might be able to expand it into a thread where people could add any useful scripts they've created, found, adapted, ripped off, or otherwise made use of.

If not, then consider it a chance to get the creative reversing juices working and come up with a new one! Could be for a one-off use situation, but that doesn't matter, it's just to throw around some ideas.


Here's one I found recently by "deobfuscated" which adds a hot key to simplify colorizing lines in IDA. I may adapt it to add a couple of different colors for different uses, making it a little easier to keep track of important lines as you scroll around a disassembly.

http://deobfuscated.blogspot.com/2011/0 ... a-pro.html

Coloring junk code in IDA Pro

Especially when reversing malware, junk code is always a pain.
For the sake of readability, I often color junk code with some dark color.
This makes the disassembly much more readable as shown below.

However, coloring instructions in IDA Pro is not very handy.
One has to go through menus ("Edit"->"Other"->"Color instruction...") and pick up a color for every single block to be colored.

That's why I wrote a very simple IDC script which can help with this and save some time. It simply colors the current instruction (at the cursor location) or the selected instructions, if any.
Running the script on an instruction that's been colored already sets its color back to the default value.
Also, a new hotkey ("j" in this case) is defined.
[php]
#include <idc.idc>

#define JUNK_COLOR 0x7f5555

static ColorJunkCode()
{
auto start, end;
if ((start = SelStart()) == BADADDR)
start = end = ScreenEA();
else
end = SelEnd();
do {
if (GetColor(start, CIC_ITEM) == JUNK_COLOR)
SetColor(start, CIC_ITEM, DEFCOLOR);
else
SetColor(start, CIC_ITEM, JUNK_COLOR);
start = NextAddr (start);
} while (start < end);
Refresh();
}

static main()
{
AddHotkey ("j", "ColorJunkCode");
}
[/php]

Run the script in IDA ("File"->"Script file...") and you're ready to go.
Hitting <j> will now color current/selected instructions.

If you want IDA to load this script automatically, follow these steps:
- Store this script in IDA/idc (not mandatory but it makes sense to keep all scripts in the same directory)
- Edit IDA/idc/ida.idc:

Add the line "#include <colorjunk.idc>" (or whatever filename you like) at the top of the file
Copy/paste the AddHotkey instruction into the function "main"

- Remove the function "main" from colorjunk.idc

Any other good IDC scripts?

Cheers,
Kayaker
Locked