Release Hexrays Tools Source for IDA 6.1

klaymen

New member
Thanks, I saw that plugin on the main HexRay page and it looks very interesting. A colleague of mine would very much like to have it also on his MacOS, did anybody compile it for that platform?

We tried it ourselves (using XCode's g++), but it's kind of driving us nuts (I admit we're new to plugin programming though)... first, it seems the source doesn't work with SDK 6.6, so we downloaded 6.1 (is 6.1 the newest version the plugin is made for btw?) and also installed IDA 6.1 in order to get the correct hexrays.hpp. Unfortunately, this (as well as the main program) also includes windows.h, so we copied the complete include tree from WinSDK. But again, at some point additional includes that are not in this tree should be laoded, like excpt.h, so we tried removing the include completely and adding the required defines manually. But there are still some strange compiler specifics... like the %a format specifier, that I had to replace by %x, but also some really odd error messages like

Code:
./negative_cast.h:52:21: error: extra qualification on member 'struc_reference_t'
        struc_reference_t::struc_reference_t():idx_from(BADNODE), idx_to(BADNODE), type(srt_invalid)

(Where we removed the leading "struc_reference_t::", after which this part worked), or

Code:
./new_struct.h:74:45: error: expected expression
                iterator i = std::find_if(begin(), end(), [=](value_type & t){return t.offset == offset;});

(Bummer, we have no idea what the [=] thing means), or

Code:
./new_struct.h:99:51: error: a space is required between consecutive right angle brackets (use '> >')
typedef std::map<ea_t,  qvector<scanned_variable_t>> scanned_variables_t;

(OK, that's easy to fix, still weird).

All in all, seems to be more difficult than we thought to compile it on a different platform, hence my question if maybe somebody already did this, and what's the best approach for this? Or is it a hopeless try? :)
 

computerline

New member
Ida Pro Expert
I doesn't have Mac machine, so I can't test it :) but IDA was build for Windows, I think it better to run IDA in a virtual machine (ex : VMWare,
Virtual Box ...), and because IDA usually used to analyze malware, or untrusted software, I think it should run on isolate environt :)

And after look again in source, I find some magic address


So, even we could build it, it'll not work at we wan't if we can't fix that address too
 

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
Actuelly changing the sdk with in ripped.hpp and riped.h from sdk 630 too 640, and as @computerline stated quoting out those lines would do it, since it for a later hexray version.
also there can be a symbol error also.

Code:
strtype_info_v2_t::build_struct_type(typestring & outtype, typestring & outfields)
you would have to build one time to find this.
then look for the code and quote it out.
Seems like the auther had only later sdk when he wrote the code.
 
Last edited:

Visit0r

New member
I also frequently have errors when I'm doing "scan variables" and then "finalize structures" :
91293d409d.png


According the minidump, it comes from hexrays_tools.plw!61640499()
01598a9d70.png

The call goes to some junk code and IDA crashes.
Any idea of the reason why this happens or how I can prevent it from happening ?
 

computerline

New member
Ida Pro Expert
Here the fix for IDA v6.3, I can't make it work for IDA 6.6 and above, so, the project seem abandon
 

Attachments

  • hexrays-tools-6.3.7z
    52.7 KB · Views: 13
Top