Skip to content

Integration with IDAPython

Jump to bottom Edit New page
sfinktah edited this page Aug 16, 2019 · 1 revision

Integrating the Type(Extractor|Reconstructor) with IDAPython

Lets say we have a nifty little IDAPython script that accepts a class hierarchy as an argument, then labels and de-compiles all the functions in each class.

def ClassMakerFamily(family):
    # family = "CAmphibiousAutomobile: CAutomobile, CVehicle, CPhysical, CDynamicEntity, CEntity"
    family = re.sub(r'(class|stuct) ', '', family)
    family = family.rstrip(';')
    if family[-1] == ':':
        family += " "
    famList = re.split(r'[:,] ', family)
    famList.reverse()
    for className in famList:
        vtableLoc = idc.LocByName(mangle(className))
        className = re.sub(r"^.*::", "", className)
        if vtableLoc != BADADDR:
            ClassMaker(vtableLoc, "{}* self".format(className))

IDA Name Window

Now just imagine how well you could define your object (class), if you could automatically (as part of your neat little script), include all the structural information contained in each of those de-compiled functions.

How to make this happen

  1. Ask Developers for IDAPython interface to HexRaysCodeXplorer
  2. or create own IDAPython interface to HexRaysCodeXplorer .dll
  3. but first find out if there is an interface (lets call it an API) to aforesaid .dll
Add a custom footer
Add a custom sidebar
Clone this wiki locally