dumpinfo.idc

《加密与解密》随书光盘(三)工具 本书在第一版的基础上,更新了第一版中的过时内容。 本书共分三个部分。 第一部分介绍与加密和解密技术相关的基础知识。 第二部分全面讲述各种最新的软件加密与解密技

/*哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪
哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
DumpInfo.IDC  v0.0.0                      By: J.C. Roberts                                <freeware>                          
哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪
    The idea behind DumpInfo was to dump only _user_ created information from the disassembly into 
    text a file for your notes or into and IDC script for porting to a new disassembly. Since the
    accuracy of IDA is constantly improving, sometimes the only thing I've wanted to save are my 
    comments and names from an old disassembly and just let a newer version of IDA do what it does
    best when creating a new disassembly.

    Unfortunately, a lot of automatically created names, comments and such are maked as _user_ 
    created rather than auto-generated. I've worked around this where possible by using filters.

    I hope you find it useful.
    
    -JCR

----------------------------------------------------------------------------------------------------
Features:    

--> The scope of operation is user defined.
        1.) The Entire Disassembly.         
        2.) Currently Selected Area.              
        3.) A Single Segment.           //If you've ever screwed up your segmentation...
        4.) A Single Function.

--> It can export the following types of IDA information:
        1.) Regular Function Comments
        2.) Repeatable Function Comments
        3.) Regular Indented Comments
        4.) Repeatable Indented Comments
        5.) Anterior Lines
        6.) Posterior lines
        7.) User Defined Names
        8.) Code String References      (Not Exported To IDC Format)
        9.) Data String References

--> It can write the output to either a file or the message window in case you just want
    to quicky see what's in an area rather than save the information.

--> It can create two different types of output, either simple text or an IDC script for 
    reimporting the information into a new disassembly.
    
--> Since dumping information from the entire data base can take some time, I've incorporated a
    simple progress meter, so you know what's happening. Even the IDC files that this produces for
    porting your info into a new disassembly have a progress indicator of sorts. 
    
--> I've done what I can for the speed of this thing but it's just a first draft. I'll probably 
    optimize it further in future revisions.

----------------------------------------------------------------------------------------------------
Usage:
    There are defined options (OPT_...) and defined types (TYP_...). The OPTions are used to either
    allow of disallow specific info from being written as well as where (file or message window) and
    how (as IDC or simple text).  You can control the options in main() by commenting out the info
    you don't want. On the other hand, the TYPes are used during the program execution to tell the
    writeLine() function _WHAT_ kind of info it's supposed to write so it can decide _HOW_ it will
    be written.
    
    Decide if you want a file written                                 -    OPT_MAK_FILE
    Decide the if you want an IDC script or a text file               -    OPT_IDC_FILE
    Decide what kind of info you want dumped                          -    All the rest :)
    
        Comments:
            OPT_REG_FCOM   -   Regular Function Comments                        (Reg FCom)
            OPT_RPT_FCOM   -   Repeatable Function Comments                     (Rpt FCom)
            OPT_REG_ICOM   -   Regular Indented Comments                        (Reg ICom)
            OPT_RPT_ICOM   -   Repeatable Indented Comments                     (Rep ICom)

        Lines:
            OPT_ANT_LINE   -   Anterior Lines                                   (AntLn#X)
            OPT_POS_LINE   -   Posterior Lines                                  (PosLn#X)
        
        Names:
            OPT_USR_NAME   -   User Names (Non-Autogenerated)                   (UserName)

        Strings:
            OPT_STR_CODE   -   String References From Code (Operand = Offset)   (StrCodeX)
            OPT_STR_DATA   -   String References In Data                        (Str Data)               


    The text files created are marked the information type with the text shown above in parenthesis
    where the "X" is a number. On lines the number represents the Anterior/Posterior line number. On
    string references from code, the "X" number represents the operand where the data was found. 
    
    All string gathering is based on the NAME of the string. If the name of the string doesn't start
    with the default "a" or the more useful "str_" it will not be found. Since I couldn't figure out
    how to get the string prefix from the IDA settings in IDA.CFG (assuming it's even possible), we
    are stuck with the hard coded prefixes above and you'll need to change them if you use a 
    different prefix.

    Sting references from code are not included in IDC files, since there's no point in it.

----------------------------------------------------------------------------------------------------
Annoyances & Work-Arounds:
    0.) There's no way that I've found to REALLY differentiate between USER created and script/IDA
        created comments, names et al... I'm still looking for a way. Until I figure it out 
        (assuming it's actually possible), we're stuck with _ALL_ non-autogenerated comments, names,
        lines & etc... Major Bummer!
    
        Using the FF_NAME, FF_COMM and FF_LINE flags still results in tons of stuff that was either
        autogenerated during the disassembly or created via other IDC scripts.

        I've dealt with this by using a (slow) string filter, xFiter(), to look for the commonly
        created strings. This filter can be shut off in main() via the OPT_USE_FLTR. The function
        is set for win32 stuff, so you may need to edit it as you see fit. 
        
        THERE ARE SOME SERIOUS DISADVANTAGES TO USING A TEXT FILTER TO IGNORE SPECIFIC TEXT 
        PATTERNS, SO BE AWARE OF WHAT TEXT STRINGS WILL BE FILTERED OUT...
   
    
    1.) You may get a "varriable not defined" error on IDA_STATUS_WORK or IDA_STATUS_READY if your
        IDC.IDC hasn't been updated. There was a missing #endif/#ifdef pair in the v4.1.4 release. 
        It should  read:
            #endif                                                                             
            #define IDA_STATUS_READY    0 // READY     IDA is idle                             
            #define IDA_STATUS_THINKING 1 // THINKING  Analyzing but the user may press keys   
            #define IDA_STATUS_WAITING  2 // WAITING   Waiting for the user input              
            #define IDA_STATUS_WORK     3 // BUSY      IDA is busy                             
            #ifdef _notdefinedsymbol                                                           


    2.) The FindA() function has a bug on lines greater than 999, so getting more anterior lines
        than that isn't possible even though the MAX_ITEM_LINES value set in IDA.CFG is 5000. Also,
        there's currently no way to read the MAX_ITEM_LINES value set by IDA.CFG -In a nutshell, if
        you have more than 999 Anterior Lines on a single EA, then you're hosed.
        
        The Ant/Pos Line loop is hard coded to read from 0 to 999. If we're ever able to get the 
        info from IDA.CFG and the LineA() gets fixed, I'll have to recode things to access the full 
        number of lines.


    3.) Both FindA() and FindB() return 0 (Failure) if a line contains nothing more than a 
        NewLine (/n). I've gotten around this problem by using a reverse counter from 999 to 0 
        to find the last line with any text. If empty lines are used at the end (the higher line 
        numbers) of an Anterior or posterior comment, they are not read and/or saved. The reverse
        counter is necessary because if you have text on line #1 and nothing on line #0 then import
        only Line #1 and not the empty Line #0, the line with text is not visible.
    

    4.) There's a 64K limit to main(), so I used the same type of IDC stucture as Ilfak does when
        creating the IDC file from the "Dump Database to IDC" menu function. e.g.
            main(){ parts();}
            part_0() { }
            part_1() { }
            part_X...
            parts() { part_0(); part_1(); partX... }
    
        I've got it set so each part_X has 1000 instruction lines but this could be increased.

----------------------------------------------------------------------------------------------------
Future Plans:
    1.) Make a decent UI for entering options rather than (un)commenting lines.
    
    2.) Add a BaseAddress0/AskBase/ChooseFunction kind of thing, so you can port comments to specific 
        places in the new disassembly. It would be real a useful addition for restoring _ALL_ your
        comments when you're dealing with a new version of an executable or you've augmented the 
        line by line comments of a FLIRT recognized function or library.

    3.) Figure out how to write this as a plugin -It might be faster that way and make it easier for
        adding plan #1.
    
----------------------------------------------------------------------------------------------------
Bugs:    -Tested On IDA Version 4.1.4.483 (With Fixes)
    No Known Bugs... :)

----------------------------------------------------------------------------------------------------
Revisions:
    2000.10.17      First Version       v0.0.0       
    
哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪*/

//__________________________________________________________________________________________________
//哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
// Start Code
//--------------------------------------------------------------------------------------------------
#include <idc.idc>

#define FALSE 0
#define TRUE 1

#define OPT_MAK_FILE 0x00000001L    //  Write to file   - OR - Write to message window
#define OPT_IDC_FILE 0x00000002L    //  Create IDC file - OR - Create text file.
#define OPT_USE_FLTR 0x00000004L    //  Use Text Filter

#define OPT_REG_FCOM 0x00000010L    //  Regular Function Comments      
#define OPT_RPT_FCOM 0x00000020L    //  Repeatable Function Comments   
#define OPT_REG_ICOM 0x00000040L    //  Regular Indented Comments      
#define OPT_RPT_ICOM 0x00000080L    //  Repeatable Indented Comments   
#define OPT_ANT_LINE 0x00000100L    //  Anterior Lines                 
#define OPT_POS_LINE 0x00000200L    //  Posterior Lines                
#define OPT_USR_NAME 0x00000400L    //  User Names (Non-Autogenerated)
#define OPT_STR_CODE 0x00000800L    //  String References From Code (Operand = Offset)
#define OPT_STR_DATA 0x00001000L    //  String References In Data
                               
#define TYP_REG_FCOM 0x00010000L    //  Regular Function Comments