带有 Visual Studio C++ 2019 的 IDA 插件

逆向工程 ida插件
2021-07-03 14:17:20

大家好,抱歉我的英语不好

我正在尝试使用本书中的 IDA 测试在 C++ 中开发插件的示例:

http://www.binarypool.com/idapluginwriting/idapw.pdf

我正在使用 Visual c++ 2019。

插件示例源是:

#include <ida.hpp>
#include <idp.hpp>
#include <loader.hpp>


int IDAP_init(void)
{
    // Do checks here to ensure your plug-in is being used within
    // an environment it was written for. Return PLUGIN_SKIP if the
    // checks fail, otherwise return PLUGIN_KEEP.
    return PLUGIN_KEEP;
}

void IDAP_term(void)
{
    // Stuff to do when exiting, generally you'd put any sort
    // of clean-up jobs here.
    return;
}

// The plugin can be passed an integer argument from the plugins.cfg
// file. This can be useful when you want the one plug-in to do
// something different depending on the hot-key pressed or menu
// item selected.
void IDAP_run(int arg)
{
    // The "meat" of your plug-in
    msg("Hello world!");
    return;
}
// There isn't much use for these yet, but I set them anyway.
char IDAP_comment[] = "This is my test plug-in";
char IDAP_help[] = "My plugin";

// The name of the plug-in displayed in the Edit->Plugins menu. It can
// be overridden in the user's plugins.cfg file.
char IDAP_name[] = "My plugin";

// The hot-key the user can use to run your plug-in.
char IDAP_hotkey[] = "Alt-X";

// The all-important exported PLUGIN object

plugin_t PLUGIN =
{
    IDP_INTERFACE_VERSION, // IDA version plug-in is written for
    0, // Flags (see below)
    IDAP_init, // Initialisation function
    IDAP_term, // Clean-up function
    IDAP_run, // Main plug-in body
    IDAP_comment, // Comment – unused
    IDAP_help, // As above – unused
    IDAP_name, // Plug-in name shown in
    // Edit->Plugins menu
    IDAP_hotkey // Hot key to run the plug-in
};

编译时,我有两个错误:

Error C2440 'initializing': cannot convert from 'int (__cdecl *)(void)' to 'plugmod_t *(__cdecl *)(void)'   Sdk75Project1   F:\Developpement\IDA\Sdk75Project\Sdk75Project1\Sdk75Project1\main.cpp  48  
Error C2440 'initializing': cannot convert from 'void (__cdecl *)(int)' to 'bool (__cdecl *)(size_t)'   Sdk75Project1   F:\Developpement\IDA\Sdk75Project\Sdk75Project1\Sdk75Project1\main.cpp  50

在此处输入图片说明

我在网上一无所获......有人可以告诉我出了什么问题吗?

非常感谢你。

我已经使用 readme.txt 中给出的信息来配置 VC++ :

How to set up Visual C++ 2017 for IDA Plugins
---------------------------------------------

This guide will help you set up a Visual C++ project that targets both ida32 and ida64 plugins.
Remember that, even though ida32 is used to work on 32-bit files, it is also an x64 application.
Therefore, both plugins (ida32 and ida64) must be built for the x64 platform.

1. File | New | Project From Existing Code...

2. What type of project would you like to create: Visual C++
   <next>

3. Project file location: <folder where you have your files>
   Project name: <your plugin's name>
   <finish>

Once the project is initialized, right-click on the project name and pick Properties.

4. Configuration Manager...
     Active solution platform: select "x64"
   <Close>

5. General | Project Defaults | Configuration Type
     Dynamic Library (.dll)
   <apply>

6. C/C++ | General | Additional Include Directories
     Enter the SDK's include folder in "Include search paths (/I)": eg. C:\idasdk\include;
   <apply>

7. C/C++ | Code Generation | Runtime library (visible only after you add one .cpp file to the project)
     Multi-threaded DLL (/MD)
   <apply>

8. Linker | Command Line | Additional options
     - for processor modules: /EXPORT:LPH
     - for plugins: /EXPORT:PLUGIN
     - for loaders: /EXPORT:LDSC
   <apply>

The steps above constituted the common configuration for both ida32 and ida64 configurations.

We will now create the separate configurations.

9. Still under "Configuration Manager..."

     - under the "Configuration" column, click on "Debug"
     - click "<Edit...>"
     - click "Rename"
     - add an "ida32" prefix to the configuration name, such as "ida32 Debug"
     - <Enter>
     - <Yes>
     - <Close>

     - under "Active solution configuration", click on "Debug"
     - click "<Edit...>"
     - click "Rename"
     - add an "ida32" prefix to the configuration name, such as "ida32 Debug"
     - <Enter>
     - <Yes>
     - <Close>

     - under "Active solution configuration", click on the new configuration name "ida32 Debug"
     - click "<New...>"
     - use a similar name, but with the "ida64" prefix, such as "ida64 Debug"
     - Copy settings from: "ida32 Debug"
     - <Ok>
     - <Close>

In the "Property Page", under "Configuration", select "ida32 Debug".

10. Debugging | Command
      - for ida32: C:\Program Files\IDA 7.2\ida.exe
      - for ida64: C:\Program Files\IDA 7.2\ida64.exe
    <apply>

11. C/C++ | Preprocessor | Preprocessor Definitions
      - for ida32: __NT__;
      - for ida64: __NT__;__EA64__;
    <apply>

12. Linker | General | Output File:
      - for ida32: $(OutDir)\$(ProjectName).dll
      - for ida64: $(OutDir)\$(ProjectName)64.dll
    <apply>

13. Linker | Input | Additional Dependencies
      - for ida32: C:\idasdk\lib\x64_win_vc_32\ida.lib
      - for ida64: C:\idasdk\lib\x64_win_vc_64\ida.lib
    <apply>

In the "Property Page", under "Configuration", select "ida64 Debug" and repeat the last three steps.


You should now be capable to easily switch between the "ida32 Debug" and "ida64 Debug" configurations and build your project.
3个回答

几十年来,IDA 的插件界面保持不变。你的插件必须导出一个plugin_t名为结构PLUGIN,其中包含函数指针的initrun和可选的term功能。您可以在上面的代码段中看到这一点。

IDA 7.5 为 C++ 插件引入了一个新的插件接口,基于plugmod_t接口的继承,似乎是因为 IDA 的未来版本将支持同时加载多个数据库。下载 IDA SDK 并查看其plugins子目录。所有现有的示例插件都已更新为使用新界面。

TL;为低于 7.5 版本开发的 DR 插件源代码不再适用于 7.5 及更高版本;需要对其进行修改才能使用新plugmod_t界面。

PS 不要将更新添加到您的帖子作为评论,也不要对您的原始帖子进行重大编辑。一次问一个问题。如果您有不同的问题,请创建一个新帖子。

好的,我更改了返回值,现在出现了其他错误:

错误 LNK2001 未解析的外部符号 LDSC Sdk75Project1 F:\Developpement\IDA\Sdk75Project\Sdk75Project1\Sdk75Project1\LINK 1
错误 LNK2001 未解析的外部符号 LPH Sdk75Project1 F:\Developpement\IDA\Sdk75LINKProject1Sdk75LINKProject1Sdk75LinkProject1S

我修改后的代码是:

#include <ida.hpp>
#include <idp.hpp>
#include <loader.hpp>


plugmod_t* IDAP_init(void)
{
    // Do checks here to ensure your plug-in is being used within
    // an environment it was written for. Return PLUGIN_SKIP if the
    // checks fail, otherwise return PLUGIN_KEEP.
    return PLUGIN_KEEP;
}

void IDAP_term(void)
{
    // Stuff to do when exiting, generally you'd put any sort
    // of clean-up jobs here.
    return;
}

// The plugin can be passed an integer argument from the plugins.cfg
// file. This can be useful when you want the one plug-in to do
// something different depending on the hot-key pressed or menu
// item selected.
bool IDAP_run(size_t arg)
{
    // The "meat" of your plug-in
    msg("Hello world!");
    return true;
}
// There isn't much use for these yet, but I set them anyway.
char IDAP_comment[] = "This is my test plug-in";
char IDAP_help[] = "My plugin";

// The name of the plug-in displayed in the Edit->Plugins menu. It can
// be overridden in the user's plugins.cfg file.
char IDAP_name[] = "My plugin";

// The hot-key the user can use to run your plug-in.
char IDAP_hotkey[] = "Alt-X";

// The all-important exported PLUGIN object

plugin_t PLUGIN =
{
    IDP_INTERFACE_VERSION,              // IDA version plug-in is written for
    0,                                  // Flags (see below)
    IDAP_init,                          // Initialisation function
    IDAP_term,                          // Clean-up function
    IDAP_run,                           // Main plug-in body
    IDAP_comment,                       // Comment – unused
    IDAP_help,                          // As above – unused
    IDAP_name,                          // Plug-in name shown in
                                        // Edit->Plugins menu
    IDAP_hotkey                         // Hot key to run the plug-in
};

PS:现在可以了,我删除了 EXPORTs ..

此外,只要NO_OBSOLETE_FUNCS未定义,您就可以将返回结果强制转换为PLUGIN_SKIP, PLUGIN_OK,或者PLUGIN_KEEP就像原始的 C 回调习惯用法一样。或者使用已NO_OBSOLETE_FUNCS定义,您可以#define PLUGIN_OK ((plugmod_t *)1)在包含 IDA 后定义(从“loader.hpp”复制粘贴),然后回到旧版本return PLUGIN_KEEP;以绕过他们添加的疯狂。

其它你可能感兴趣的问题
上一篇使用ida python查找二进制程序集 下一篇如何在 IDA Pro 7.5 中将十六进制值转换为 16 位 Unicode?