锐客网

  1. 首页 > it技术 > >

IDA插件-----获取指定函数参数个数

#include #include #include #include #include #include #include #includeint IDAP_init(void) { // Do checks here to ensure your plug-in is being used within // an environment it was written for. Return PLUGIN_SKIP if the // checks fail, otherwise return PLUGIN_KEEP. return PLUGIN_KEEP; } void IDAP_term(void) { // Stuff to do when exiting, generally you'd put any sort // of clean-up jobs here. return; } // The plugin can be passed an integer argument from the plugins.cfg // file. This can be useful when you want the one plug-in to do // something different depending on the hot-key pressed or menu // item selected. void IDAP_run(int arg) { // The "meat" of your plug-in //在IDA下面框显示 msg("Hello world!/n"); //cmd命令 //call_system("notepad.exe"); //显示函数,这里可以弄一个界面,输入指定的函数地址就弹出这个函数有几个参数 for (int i=0; istartEA,szFuncName,MAXSTR); msg("[第%a个函数] func start address:%a ,end address:%a,,[参数个数]%a/n",i,funcs->startEA,funcs->endEA,(funcs->argsize)/4); } //显示一个对话框,有2个edit类似的控件可以输入text //char from[]="my title/n/n/n"; //char result1[MAXSTR]=""; //char result2[MAXSTR]=""; //AskUsingForm_c(from,result1,result2); //msg("user enter text is %s,%s/n",result1,result2); //循环得到每个入口点 //for (int j=0; jstartEA,are->endEA); func_t *funcs1=get_func(addr); char szViewBuff[MAXSTR]=""; //wsprintfW(szViewBuff,"函数起始地址:%.8X,结束地址:%.8X,参数个数:%d",funcs1->startEA,funcs1->endEA,(funcs1->argsize)/4); info("函数起始地址:%.8X,结束地址:%.8X,参数个数:%d",funcs1->startEA,funcs1->endEA,(funcs1->argsize)/4); // return; } // There isn't much use for these yet, but I set them anyway. char IDAP_comment[] = "This is my test plug-in"; char IDAP_help[] = "Instruder_first_plugins"; // The name of the plug-in displayed in the Edit->Plugins menu. It can // be overridden in the user's plugins.cfg file. char IDAP_name[] = "My plugin"; // The hot-key the user can use to run your plug-in. char IDAP_hotkey[] = "Alt-X"; // The all-important exported PLUGIN object plugin_t PLUGIN = { IDP_INTERFACE_VERSION, // IDA version plug-in is written for 0, // Flags (see below) IDAP_init, // Initialisation function IDAP_term, // Clean-up function IDAP_run, // Main plug-in body IDAP_comment, // Comment ?unused IDAP_help, // As above ?unused IDAP_name, // Plug-in name shown in // Edit->Plugins menu IDAP_hotkey // Hot key to run the plug-in };

ida的插件还是很好写的,sdk里面的文档非常详细,我们应该好好利用这个ida的sdk
【IDA插件-----获取指定函数参数个数】毕竟他的反汇编引擎是很强大的,为啥不利用呢.功能多多,看发挥了,呵呵

    推荐阅读


    上一篇:基础代码|字符串操作

    下一篇:Moment.js显示中文