06 Mar

.Net: Access to internal CLR methods

Messing around with Unity mono hooks I ran into an issue calling
[MethodImpl(MethodImplOptions.InternalCall)] declared methods.

If you haven’t encountered these before, they are references to unmanaged native (read C/C++ binary) methods.
Similar to how you might use one like this with “DLLImport”:

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern void OutputDebugString(string message);
Read More
13 Jul

Updated my IDA Pro plugins to 7.1

Found the time and motivation to update most of my plugins to IDA Pro 7.1 SDK.

Besides just updating them, I put some time into ExtraPass.
It should be better now at avoiding more embedded data, has more integrity at finding missing functions, and has a new feature that finds and fixes incorrectly defined noncontiguous functions (with tail blocks that should actually be defined as separate functions).

Read More

02 Jul

QCustomPlot for IDA Pro Qt C++ plug-ins

For a Windows executable exploratory data analysis project using IDA Pro I needed to display some graphs. As is my usual planed on doing this from a Windows IDA C/C++ plug-in.
I looked at doing this several ways.  One idea was to just dump out a text file in the Graphviz DOT language and using a Graphviz viewer to see it.  Couldn’t be much simpler than that, but then looking for possible Qt options I ran into the awesome QCustomPlot.

With a little work I got it going in IDA:

Read More

20 Jan

Qt 5.4 User Interfaces for IDA Pro C/C++ plug-in development – Part 1 of 2

This is a rough and dirty update for my series “Qt 4.8.4 on Windows for IDA Pro C/C++ plug-in development”.

With the new IDA Pro 6.9 comes the newer Qt 5.4.1. Luckily upgrading from Qt 4.8.4 to the 5.4.1 environment for plug-in development turned out to be pretty easy as it’s not that much different.

Later this Hex Rays IDA 6.9: Qt 5.4.1 configure options & patch blog post came out, then this somewhat relevant one too IDAPython: migrating PySide code to PyQt5.
Read More

18 Apr

Qt 4.8.4 on Windows for IDA Pro C/C++ plug-in development – Part 3 of 3

Back in part 2 I went over how to setup a Visual Studio 2013 IDA Pro plug-in project to use the Qt 4.8.4 framework.  Now we’ll discus the basics of creating custom user interfaces.

With the Qt environment there is a build setup with it’s own tool-chain (located in your “C:\Qt\4.8.4\bin” folder).
I’ll briefly cover the key components here:

The most basic C++ object  most everything is derived from is the “QObject” class, then from there the QWidget class is the base class of all user interface objects that you’ll see a lot of it.  Another key one is QApplication but since we’re making plug-ins we’ll only need to occasionally reference IDA’s own instance of this class.

When you work with UIs with Qt you’ll want to use the Qt designer.  It’s a UI design tool similar to what’s in VS (Visual Studio) with it’s dialog and forums editors.

Qt Designer Screenshot

Read More

16 Apr

Qt 4.8.4 on Windows for IDA Pro C/C++ plug-in development – Part 2 of 3

Back in part 1 I showed you the first step in setting up Qt 4.8.4 with Visual Studio 2013 so you can add Qt to your IDA Pro plug-ins.

Unfortunately Visual Studio extensions are version specific.  The one that comes with 4.8.4 is made for VS2010  and probably without doing some major work you won’t get it to build for VS2013.

Go to the page http://www.qt.io/download-open-source/#section-2 and under “Other Downloads”, download the the latest “Visual Studio Add-in 1.xx for Qt5”.  Note just this add-in download, not the whole large Qt5 package.

Install it and now a “QT5” menu should be added to visual studio.  From there you can launch the Qt designer to build custom UIs, etc.

Visual Studio QT5 menu example
Read More

05 Mar

Qt 4.8.4 on Windows for IDA Pro C/C++ plug-in development – Part 1 of 3

(Note this an advanced article.  It assumes you know advanced C++, IDA Pro and it’s plug-in environment, etc).

Now that IDA Pro has completely moved to Qt for it’s user interface you can really expand on it to make your own custom Qt user interfaces in IDA.  You’re not locked in to using just IDA’s varied but basic UI system.

If you want to use Python for IDA there is already a featured setup using PySide but then maybe you want to use Qt from IDA’s C/C++ plug-in SDK (for speed and resource control, etc.)

The development environment for IDA Qt is version 4.8.4 and Visual Studio 2010.
You can clearly see this looking at the DLLs in the IDA Pro folder:DLL image showing Qt 4.8.4

DLL image showing Visual Studio 2010

Read More