27 Feb

Updates to my plug-ins, QT work around for segment selector, something new.

IDA plug-in updates:
Over the last month or so I’ve updated a lot of my plug-ins you can find HERE.
Also released the source for Class Informer that people had asking for:
https://sourceforge.net/projects/classinformer/.

IDA Multi-select segment dialog:
I’ve fixed some bugs and made my customized multi-select IDA segment dialog work again.
This where it allows you to select more then one segment, sometimes necessary for some
of my plug-ins, in particular for IDB cases with multiple “.text”, and, or, “.rdata” sections et al.

Here you can select one or more segments using the standard Windows CTRL or Shift Left clicks, etc.
Multi-select segment dialog example
Now in the log output it will show you what segment(s) you selected too, I.E. “Segments selected: ‘.data’, ‘.data’, ‘.rdata’.”

To do this little trick I sub-class the window directly, and read the final selection when the dialog is closed.
But I can’t do that for the IDA QT version since it’s windows are “owner draw”.
Eventually, since the non-QT version is considered “depreciated”, I’ll figure out how to do these and more in QT either using the IDA SDK or the QT libs directly.

What I added for QT at least for now is that you can still multi-select about the same but you must do an additional step by right clicking and selecting the “Select” popup before you click on “OK” (to make your selections final).
Multi-select QT segment dialog example

 

WhatAPIs Plug-in:
Released a new plug-in I call WhatAPIs to show contextual API (the calls via imports) information as function comments.
So at a quick glace you see what APIs a function contains if any.
Along the same lines as my Function String Associate and Mark reference counts plug-ins.

Alone it generates information like this:
WhatAPIs plug-in example 1
What you see here are three APIs (operator delete(void *)(), D3DXMatrixMultiply(), and operator new(uint)()) enclosed in a function named “KeyInput_Handler_Func00_01”.

All together with my other plug-ins Function String Associate, Mark reference counts, then WhatAPIs (they must be run in that order!) it will look something like this:
Context plug-ins example 1
As the above image but additionally first the ‘1’ showing the function has one reference count (usually as in this case indicates the child of another function) and some strings contained in within the function.
The idea being making the target easier to reverse with additional contextual info.

The simple dialog:
WhatAPIs Sample Dialog

Get WhatAPIs plug-in HERE.

Leave a Reply