IDA pro disassembler and debugger: Difference between revisions
mNo edit summary |
|||
Line 1: | Line 1: | ||
[Category:Software]] | |||
Many of you might work for a company/university that has access to IDA pro or maybe you just downloaded their free version [http://www.hex-rays.com/idapro/idadown.htm IDA homepage] and need some help getting started. | Many of you might work for a company/university that has access to IDA pro or maybe you just downloaded their free version [http://www.hex-rays.com/idapro/idadown.htm IDA homepage] and need some help getting started. | ||
Revision as of 03:22, 8 July 2011
[Category:Software]] Many of you might work for a company/university that has access to IDA pro or maybe you just downloaded their free version IDA homepage and need some help getting started.
Extra tools
First you should get all the tools you can get to make you life easier.
I would recommend the following tools
Essential
- Plugins
- PPCJT
- SPU - To be able to disassemble SPU code
- IDC scripts
All this can be found here:
Main branch http://git-hacks.com/ps3free/ps3ida http://git-hacks.com/~psicoleo/ps3free/psicoleos-ps3ida
Optional
- anergistic - to debug SPU code // Git - mirrors: http://www.megaupload.com/?d=TCUZ6JNE / http://www.multiupload.com/R8UMSH3DJS
- ppchelper // http://www.hex-rays.com/contest2009/PPCHelper/ppchelper.zip
- ppc2c // http://www.hex-rays.com/contest2009/PPC2C/ppc2c.zip
- xorloser's PS3 Loaders // http://www.xorloser.com/PS3%20Loaders%20v1.1%20for%20IDA%20v5.2.rar (down) / http://www.megaupload.com/?d=B3D9625D
- xorloser's PPCAltivec plugin // http://xorloser.com/blog/wp-content/uploads/2009/05/ppcaltivec-plugin-for-ida-v52.rar (down) / http://megaupload.com/?d=MYVWMKUP
- xorloser's ps3.xml (updated lv2syscalls + sysmodules) http://paste2.org/p/1437457
- ida-spu http://code.google.com/p/ida-spu/ // spu_processor_module_1.2.1.zip (114.25 KB)
Compiling the tools
Many of the tools are opensource, the idc script do not have to be compiled but the plugins must be.
To compile the latest plugins you will need Visual Studio and IDA sdk
The code itself should compile correctly, but there are many options that are specific for you PC ... In Visual Studio, you have to correctly set the paths to where you have the sdk installed and so on.
You will see there are options for 32/64 bits.. debug and release..
For that you can google, the instructions.. compile a "hello world" for ida, and then try to compile this.
If you want the latest version of the jump table plugin you can use this precompiled http://www.multiupload.com/07RP8RSDF3
Continuing your or someone else's work in another database
You might stump with someone's IDA database and you would like to continue his work. Or you found that there is a new great plugin/script that makes everything easier but you don´t want to loose your work.
Continuing graf_chokolo's work
I will take this as an example, the elf that runs in procs 6 (the one that has to do with QA flag, dongleaut, etc)
You might find some "coolstuff" but IDA doesnt find the xrefs and it is partially analyzed.
Isolate what you want to copy
1. Step identify what you want to extract from that database, in this case:
- comments
- function names
2. Produce File -> Database to idc
Assuming you produced a file named DATABASE.IDC
This file contains all what he has done to his database. We only want his function renames and comments so in linux we do
grep "MakeComm" DATABASE.IDC
grep "MakeName" DATABASE.IDC
Copy this lines to another file. as an example COMMANDS.TXT
Create your own database
Extract the same elf from lv1.self (the elf we are using as an example is embedded in lv1 (look for matches and extrat that elf with a hex editor)
1. Load the elf you want (the one that runs in proces 6) // With the auto-analysis option disabled
I built a script that makes a good analyze of it and most of the embedded elfs.
analize_lv1_embedded_elf.idc
this script works only if you have an elf with all its segment properly named (like the ones embedded in lv1)
2. Run the script
3. Enable auto-analysis
Merge the databases
1. Paste the commands you copied in COMMANDS.TXT in the IDC window (or create an IDC script out of it)
2. ???????
6. Profit