Want to Join Us ?

you'll be able to discuss, share and send private messages.

Release IDA Plugin Info By sirmabus

Discussion in 'Plugins' started by storm shadow, Feb 2, 2015.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    From the always awsome @Sirmabus plugin writer

    Description
    This is a little utility to dump information about installed IDA Pro plugins.
    (See: https://www.hex-rays.com/products/ida/)
    The key parts of the IDA PLUGIN export "plugin_t" struct data.

    Use it to glean information about what plugins you have.
    See what the default hotkeys are, the short names, comments, version,
    and their flags.
    By comparing the flags (see "loader.hpp" in the IDA SDK) you can see which
    plugins stay resident for example.

    View the "Readme.txt" for more.


    http://sourceforge.net/projects/idaplugininfo/
     
    Accezz and Rip Cord like this.
  2. Sirmabus

    Member Ida Pro Expert

    Hey thanks much.
     
    Rip Cord and storm shadow like this.
  3. sendersu

    Active Member

    Hi
    interesting pluging, indeed
    2 comments on it:
    1) it doesn ot like some plugins and complains:

    [​IMG]

    2) it does not show all the pluings inside IDA plugin directory, eg those that have pLW extension or p64, etc
    3) actually #2 is not relevant, I believe it stops processing rest of plugins once it encounters the issue as in #1

    overall, good idea!
    I like it
     
    Last edited by a moderator: Jun 4, 2015
  4. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    It looks like a .Net version error.
    Can you upload the chart.plw plugin so i can check this myself.
    Should be a easy fix to continue if error.
     
  5. sendersu

    Active Member

    Hi
    well, the case is that this is.... standard plugin from IDA 6.6 package
    337366ddcfc4a2dc0f0450aabf5f9130 *chart.plw
    if I remove this out fromthe dir, others would do the similar issue
     
  6. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Chart.plw is not a standard plugin shipped with ida.
    I have no errror when trying the plugin
    the error you got is a NET error.

    You proberlly need Visual C++ Redistributable Packages for Visual Studio 2013
    https://www.microsoft.com/en-US/download/details.aspx?id=40784
    If thats dosent help rebuilding it with should work.
     
  7. sendersu

    Active Member

    Hi
    you are right,
    thats some old ancient plugin of IDA, it just does not have the named API in export...
    eg
    [​IMG]
    and here is the normal plugin, eg:
    [​IMG]
    I've got the sources (BTW, the project could not be opened in VS010, even changing the version of hte IDE by hands says "version incompatible)
    2) Installing Visual C++ Redistributable Packages for Visual Studio 2013 did not help
    3) I've created new project for VS2010 and debugged the steps
    figured out that thrown exception - there is noonethat catches it...
    so the proposal is to just skip throwing it...
    eg:
    [​IMG]

    as a result everything works well now:

    [​IMG]
     
    Last edited by a moderator: Jun 5, 2015
    storm shadow likes this.
  8. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Very good fix
     
  9. sendersu

    Active Member

    Thanks

    2 more ideas:
    1) Version field is not easily to understand, maybe worth decoding into user-friendly string?
    2) same idea for flags field.
     
    storm shadow likes this.
  10. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Agree the version flag dont give any meaning.
    I have allready send a mail to the auther of the plugin, maybe he have some inputs regarding this.
     
  11. Sirmabus

    Member Ida Pro Expert

    Well it shouldn't crash at anyrate, unless assuming you did have the 2013 runtime and it was the "Failed to load" or "is missing 'PLUGIN' export." throws.
    Which sort of needs to be there to say "something is really strange here", instead say just skipping the plug-in with out knowing why.
    If you are sure it's skipping some plug-ins from your folder please let me know the specifics.

    The "version" is simply the plugin_t.version field.
    In looking at it in detail to bad it's not it's not the IDA_SDK_VERSION then it would be like "680" for IDA SDK version 6.8, it's IDP_INTERFACE_VERSION which is always going to be "76" now except for very old plug-ins.
    When I update the next time I'll remove it.

    The "flags" is the plug-in export field plugin_t.flags.
    These are the flags from the SDK "loader.hpp":
    Code (Text):
    #define PLUGIN_MOD  0x0001    ///< Plugin changes the database.
                                    ///< IDA won't call the plugin if
                                    ///< the processor module prohibited any changes.
    #define PLUGIN_DRAW 0x0002    ///< IDA should redraw everything after calling the plugin.
    #define PLUGIN_SEG  0x0004    ///< Plugin may be applied only if the current address belongs to a segment
    #define PLUGIN_UNL  0x0008    ///< Unload the plugin immediately after calling 'run'.
                                    ///< This flag may be set anytime.
                                    ///< The kernel checks it after each call to 'run'
                                    ///< The main purpose of this flag is to ease
                                    ///< the debugging of new plugins.
    #define PLUGIN_HIDE 0x0010    ///< Plugin should not appear in the Edit, Plugins menu.
                                    ///< This flag is checked at the start.
    #define PLUGIN_DBG  0x0020    ///< A debugger plugin. init() should put
                                    ///< the address of ::debugger_t to dbg.
    #define PLUGIN_PROC 0x0040    ///< Load plugin when a processor module is loaded. (and keep it
                                    ///< until the processor module is unloaded)
    #define PLUGIN_FIX  0x0080    ///< Load plugin when IDA starts and keep it in the memory until IDA stops
    #define PLUGIN_SCRIPTED 0x8000  ///< Scripted plugin. Should not be used by plugins,
                                    ///< the kernel sets it automatically.
    You can look at them by bits and see important things like "PLUGIN_PROC" or "PLUGIN_FIX" to see if a particular plug-in stays loaded all the time for example.
    Could convert it into a string for display maybe.
    Like "19" could be shown as "HIDE | UNL | MOD"
    But then you'll still have to be familiar with what these flags mean anyhow..
     
    storm shadow likes this.
  12. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    I did actuelly thought of them beeing version = ida.lib versions.But when we know what you using, it make more sense.

    And im very familiar with all the flags above, i have study the python api to death almost :D
    Though PLUGIN_SCRIPTED isn't in the python Api.

    One suggestion to your plugin.
    Cant you insteed of searhing and adding your plugin folder each time use (%IDADIR% \plugins) from the system varibles.Almost any would have that for getting most plugins / sdk to work.
     
    Last edited: Jun 7, 2015
  13. sendersu

    Active Member

    Hi, thanks for the good reply

    1 note: the issue is very simple: once you find the *.plw file, once it does not have the expected export item, you are throwing an exception,
    but there is no one that catches it!
    thats why I saw that .net error dialog
    thats why it does not proceed to next plugin...
    I assume that skipping wrong plugin might be a good option!
    Thanks
     
Top