Want to Join Us ?

you'll be able to discuss, share and send private messages.

Release Hexrays Tools Source for IDA 6.1

Discussion in 'Plugins' started by computerline, Feb 9, 2014.

Share This Page

  1. computerline

    Well-Known Member Ida Pro Expert

    Here my fix hexrays tools for work with IDA 6.1 SDK

    Code (Text):
    https://drive.google.com/file/d/0BxD40bb70D2sNllHckZhNkh5c00/view?usp=sharing
     
    Last edited: Jan 26, 2015
    roocoon, Rip Cord and storm shadow like this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    thx
     
    computerline likes this.
  3. klaymen

    New Member

    Thanks, I saw that plugin on the main HexRay page and it looks very interesting. A colleague of mine would very much like to have it also on his MacOS, did anybody compile it for that platform?

    We tried it ourselves (using XCode's g++), but it's kind of driving us nuts (I admit we're new to plugin programming though)... first, it seems the source doesn't work with SDK 6.6, so we downloaded 6.1 (is 6.1 the newest version the plugin is made for btw?) and also installed IDA 6.1 in order to get the correct hexrays.hpp. Unfortunately, this (as well as the main program) also includes windows.h, so we copied the complete include tree from WinSDK. But again, at some point additional includes that are not in this tree should be laoded, like excpt.h, so we tried removing the include completely and adding the required defines manually. But there are still some strange compiler specifics... like the %a format specifier, that I had to replace by %x, but also some really odd error messages like

    Code (Text):
    ./negative_cast.h:52:21: error: extra qualification on member 'struc_reference_t'
            struc_reference_t::struc_reference_t():idx_from(BADNODE), idx_to(BADNODE), type(srt_invalid)
    (Where we removed the leading "struc_reference_t::", after which this part worked), or

    Code (Text):
    ./new_struct.h:74:45: error: expected expression
                    iterator i = std::find_if(begin(), end(), [=](value_type & t){return t.offset == offset;});
    (Bummer, we have no idea what the [=] thing means), or

    Code (Text):
    ./new_struct.h:99:51: error: a space is required between consecutive right angle brackets (use '> >')
    typedef std::map<ea_t,  qvector<scanned_variable_t>> scanned_variables_t;
    (OK, that's easy to fix, still weird).

    All in all, seems to be more difficult than we thought to compile it on a different platform, hence my question if maybe somebody already did this, and what's the best approach for this? Or is it a hopeless try? :)
     
    storm shadow likes this.
  4. computerline

    Well-Known Member Ida Pro Expert

    I doesn't have Mac machine, so I can't test it :) but IDA was build for Windows, I think it better to run IDA in a virtual machine (ex : VMWare,
    Virtual Box ...), and because IDA usually used to analyze malware, or untrusted software, I think it should run on isolate environt :)

    And after look again in source, I find some magic address
    [​IMG]

    So, even we could build it, it'll not work at we wan't if we can't fix that address too
     
    Rip Cord and storm shadow like this.
  5. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Actuelly changing the sdk with in ripped.hpp and riped.h from sdk 630 too 640, and as @computerline stated quoting out those lines would do it, since it for a later hexray version.
    also there can be a symbol error also.

    Code (Text):
    strtype_info_v2_t::build_struct_type(typestring & outtype, typestring & outfields)
    you would have to build one time to find this.
    then look for the code and quote it out.
    Seems like the auther had only later sdk when he wrote the code.
     
    Last edited: Jun 22, 2014
    Rip Cord likes this.
  6. Visit0r

    New Member

    Hello,

    The download link seems to be dead.
    Anyone could reupload it ?

    Thanks in advance.
     
  7. computerline

    Well-Known Member Ida Pro Expert

    I fixed the link :)
     
    storm shadow likes this.
  8. Visit0r

    New Member

    Thank you sincerly, computerline. You're awesome!

    It works perfectly, even if I have some weird colors in the structure builder ( http://puu.sh/f71vN/4e0a84a7ae.png )
    It doesn't really matter, but if by any chance, someone knows how to change it, I take it :)
     
    storm shadow likes this.
  9. Visit0r

    New Member

    I also frequently have errors when I'm doing "scan variables" and then "finalize structures" :
    [​IMG]

    According the minidump, it comes from hexrays_tools.plw!61640499()
    [​IMG]
    The call goes to some junk code and IDA crashes.
    Any idea of the reason why this happens or how I can prevent it from happening ?
     
  10. Nihilus

    Well-Known Member Developer

    Where can I find the sources for these fixes?
     
  11. computerline

    Well-Known Member Ida Pro Expert

    Here the fix for IDA v6.3, I can't make it work for IDA 6.6 and above, so, the project seem abandon
     

    Attached Files:

    Rip Cord likes this.
  12. Nihilus

    Well-Known Member Developer

    well that is because 'typestring' has disappeared from hexrays.hpp :-(
     
  13. Nihilus

    Well-Known Member Developer

    we could hack this up by using 'struct tinfo_t'
     
    computerline and Rip Cord like this.
Top