Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Runing PIN in IDA 6.4?

Questions concerning tools (other than OllyDbg) - IDA Pro, SoftIce, member contributions, etc.
<b>NOTE:</b> You must <b>always</b> make sure you cannot find what you are looking for in our <a href="/collaborative/tools">Collaborative RCE Tool Library</a> before asking for <b>any</b> tools that can do this or that though!
User avatar
Aimless
Senior Member
Posts: 869
Joined: Thu Sep 13, 2001 3:11 am

Post by Aimless »

'[yAtEs wrote:]lol :) i dont have any further suggestions at this point :P
But your willingness to engage was HIGHLY appreciated.

Have Phun.
Blame Microsoft, get l337 !!
deepzero
Member
Posts: 35
Joined: Sun Oct 30, 2011 6:27 am

Post by deepzero »

It looks like you did not link to the winsock library properly.
Try adding it in the project settings or dump this under the relevant include file:
#pragma comment(lib, "wsock32.lib")
Inliferty
Junior Member
Posts: 4
Joined: Wed Jun 05, 2013 6:08 pm

Post by Inliferty »

deepzero wrote:It looks like you did not link to the winsock library properly.
Try adding it in the project settings or dump this under the relevant include file:
This problem would cause the Linker to fail, and since he gets a .dll-File this is not the case.

A few Ideas after looking at the SDK:
.) Attach a debugger to IDA and check if CreateProcess is failing
.) Get some network monitoring tool and check if IDA is listening on port 23946, maybe try to connect with a dummy client to check that it is working.
-> If the port is closed attach a debugger again and break on listen() and see why it fails? (or try another Port Number)
User avatar
Aimless
Senior Member
Posts: 869
Joined: Thu Sep 13, 2001 3:11 am

Post by Aimless »

deepzero wrote:It looks like you did not link to the winsock library properly.
Try adding it in the project settings or dump this under the relevant include file:
Inliferty wrote:This problem would cause the Linker to fail, and since he gets a .dll-File this is not the case.

A few Ideas after looking at the SDK:
.) Attach a debugger to IDA and check if CreateProcess is failing
.) Get some network monitoring tool and check if IDA is listening on port 23946, maybe try to connect with a dummy client to check that it is working.
-> If the port is closed attach a debugger again and break on listen() and see why it fails? (or try another Port Number)

Thank you for your contribution. I tried these things out, including shutting down the Win XP default firewall, disabling the AV, (hell, I installed an XP VM without an AV, just for this) and many other things. Just...nothing.

Worse, PIN on it's own works. PINLOG, from Dereko (hey D, hello, again!) works. Just the one from IDA is not working.

Well, will keep on trying. If something new pops up, I'll update this thread again. Or unless someone has a wonderful idea. :)


Have Phun
Blame Microsoft, get l337 !!
zadow
Junior Member
Posts: 10
Joined: Mon Feb 03, 2014 3:58 pm

Post by zadow »

wont you need the pin_user.plw as stated in the plugins.cfg

Code: Select all

;       plugin_name                 filename    hotkey  arg  flags
;       --------------------------- ----------  ------  ---  --------

        ; Debugger plugins
        Windbg_debugger             windbg_user 0       0  DEBUG
        Local_Windows_debugger      win32_user  0       0  DEBUG
        Remote_Windows_debugger     win32_stub  0       0  DEBUG
        Local_Bochs_debugger        bochs_user  0       0  DEBUG
        Local_Linux_debugger        linux_user  0       0  DEBUG
        Remote_Linux_debugger       linux_stub  0       0  DEBUG
        Remote_ARMLinux/Android_debugger armlinux_stub 0 0 DEBUG ; only remote
        Remote_WinCE_debugger       wince_stub  0       0  DEBUG ; only remote
        Local_Mac_OS_X_debugger     mac_user    0       0  DEBUG
        Remote_Mac_OS_X_debugger   mac_stub    0       0  DEBUG
        Remote_Symbian_debugger     epoc_user   0       0  DEBUG ; only remote
        Remote_iPhone_v1.x_debugger iphone_stub 0       0  DEBUG ; only remote
        Remote_GDB_debugger         gdb_user    0       0  DEBUG ; only remote
        PIN_debugger                     pin_user      0       0  DEBUG
the source only build the idadbg.dll
i tried building it for the ida 64 demo but then i noticed that it needed the pin_user, and all the other debuggers uses there own binary(plw) to launch the debugger.
I could be wrong :confused:
by the way setting project option to Multi-threaded (/MT) correct the building error.!
User avatar
Aimless
Senior Member
Posts: 869
Joined: Thu Sep 13, 2001 3:11 am

Post by Aimless »

Well, nice to see a reply after so long.

Yes, the plugin is also compiled and put in the correct place.

But I've stopped using PIN now. Something more homegrown works fine for me, these days.

Have phun
Blame Microsoft, get l337 !!
zadow
Junior Member
Posts: 10
Joined: Mon Feb 03, 2014 3:58 pm

Post by zadow »

They only released the source for idadbg.dll not the pin_user.plw.
I cant seem to find the source for the plugin.
roocoon
Member
Posts: 58
Joined: Sun Apr 20, 2003 11:48 am

Post by roocoon »

Trying to get over the frustration by being unable to get rid of the damn irs_recv timeout error that kills IDA, I surfed a bit.
I came across another site with a small IDA section that had a discussion on PIN and its successful compilation.
No point repeating what they said so here's the link:
http://techbliss.org/threads/help-with-plugin-pin-debugger.478/

Interesting threads there too about IDA and Python.
zadow
Junior Member
Posts: 10
Joined: Mon Feb 03, 2014 3:58 pm

Post by zadow »

lol thats my site.
I just didnt wanna do any promosion for my own site, on this one.
roocoon
Member
Posts: 58
Joined: Sun Apr 20, 2003 11:48 am

Post by roocoon »

zadow wrote:lol thats my site.
I just didnt wanna do any promosion for my own site, on this one.
Really? I guess I did it for you now :)
I liked the detailed write-ups in those threads and that's a plus in my book.
zadow
Junior Member
Posts: 10
Joined: Mon Feb 03, 2014 3:58 pm

Post by zadow »

roocoon wrote:Really? I guess I did it for you now :)
I liked the detailed write-ups in those threads and that's a plus in my book.
To bad im the only Ida freak there :D
Do you have the compiled pin_user
roocoon
Member
Posts: 58
Joined: Sun Apr 20, 2003 11:48 am

Post by roocoon »

zadow wrote:To bad im the only Ida freak there :D
Do you have the compiled pin_user
Sorry, I don't.
I haven't looked for it either. Too preoccupied trying to avoid irs_recv errors in vanilla IDA x64.
zadow
Junior Member
Posts: 10
Joined: Mon Feb 03, 2014 3:58 pm

Post by zadow »

Connection error/timeout
not sure what Vanilla is ?
IF you mean mac os i made an good thread on remote debugging .via WMware

http://techbliss.org/threads/ida-pro-de ... #post-1130
roocoon
Member
Posts: 58
Joined: Sun Apr 20, 2003 11:48 am

Post by roocoon »

zadow wrote:Connection error/timeout
not sure what Vanilla is ?
Vanilla as in "I haven't modified any IDA code".

irs_recv is a connection timeout (RPC probably) caused either by some tasks in the system (maybe some protected software), or a signature problem having to do with running IDA Remote x64 on the same machine as IDA.
Pretty obscure problem and not much info around.
zadow
Junior Member
Posts: 10
Joined: Mon Feb 03, 2014 3:58 pm

Post by zadow »

what operating system are you using, and does it do it everytime.
Locked