-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IDA structs not supporting more nested types #108
Comments
hey mahaloz, nice work. i'm not a user, but you're killing it on this project. i'm using a lookup table to map the sizes to the flags over on my project over here at https://github.com/arizvisa/ida-minsc/blob/master/base/_interface.py#L113. |
Hi @arizvisa, wow! It's amazing to know that other devs for ida plugins actually look at this plugin, haha. Very cool. I read a lot of
Thanks for the link, I looked over some of the code and it looks pretty promising. I am however still worried about integer sizes changing between architectures and the like. This code is way better than my dumb map right now, so I will for sure switch some stuff out. I'm currently looking for some better way to turn some ida type into some know flags. For instance, this crash all happened because of this type: https://github.com/mahaloz/dreamland/blob/8fb74133e2aae04d523c705727ce13c77281440e/structs/dreamer.toml#L21 (struct member with a array type). I need some way to turn an arbitrary type into a flag. Thanks again for the link :). |
Oh wow, awesome man. I'm glad you appreciate it. :-)
Ah, tru. Yeah, I didn't think you were trying to get the correctly-sized types based on the compiler detected by each of the disassemblers. It's just such a weird problem that I haven't seen others really complain about, which is very interesting. I ended up hacking together a different system outside of all of our reversing/debugging tools to have a declarative syntax that I could still manipulate dynamically in order to deal with weird constraints of different types we encounter within said tools, heh. Type-interop is just like a silent problem that we all solve by seeding from some source, and then finishing up with data-entry for actual usage.
Oh yikes. IDA doesn't actually support multidimensional arrays as far as I know except through the Anywayz, your same goal is actually on my (infinitely-long) todo list, namely mapping those However, maybe it'd be better to just ignore ida's structure api entirely, and go the route of using
If you go the |
I don't fully follow, but I can confirm you're right that it works with the
So for the most part, I work only with For the most part, I usually can just make fully fake flags and then overwrite them using type setting. I do something like this for stack vars which tend to be just like struct members... so there may be some nice hack around this. Anyway, I have a deadline I want to make of May 28th for some major updates to this software, the biggest of these is a new
I actually never heard of |
Ah, I mean multi-dimensional arrays don't exist with regards to the structure member api (
Yeah, awesome. They're definitely like struct members. Also, anything with an identifier (
Most definitely. I'll totally let you know as well. It was probably originally gonna be something silly like this (https://github.com/arizvisa/ida-minsc/blob/master/base/database.py#L393), but I'll update AUTHORS.md and include a reference in the "Thanks" section to reference you and other plugin authors that I've reached out to borrow code from.
Cheers, good sir! |
@arizvisa If you were wondering how this all played out, it turned out that the bug was actually my negligence to return a flag regardless of the size -- I was returning None which made this crash... just some implementation bug. My current workflow still seems to be the most solid:
This works on complex types in structs. For your project though, I would assume you will still need converts. |
Ah, lol. Just saw your commit, freaking python makes certain bugs so non-obvious. Glad it turned out into a less-complex solution. ;)
Awesome. Yeah, that seems sound.
Yeah...unfortunately, I need ways of enumerating cross-references. Especially because tinf_t only has them in hex-rays, which requires decompiling everything..and afaik there's no api for getting them either as hex-rays doesn't expose it in any way other than generating them. :-/ 100% appreciate the reference. I'll link yours too in my next release as well which'll probably happen in the next month or two depending on free time. I'm thinking about changing the semantics of some operand structure path logic, and am currently testing the usefulness of wrappers over the default til_t... ...which i haven't done yet, because if i wanted to enable globs or pattern matching for programmatic searches (like full-text even), there's not even hooks that i can use to maintain an index for a large number of types...it's like a dead-end api that only allows 1:1 mapping between the name and ordinal. Cheers, good sir. |
Reproduction Info
BinSync Repo: https://github.com/mahaloz/dreamland
Platform: IDA Pro 7.7
Challenge: dreamland (the patched version)
Function: 0x1c27
Action: Sync
Binary: #107 same binary
Crash
Speculation
I think this happens because the
flags
passed is not actually aflags_t
and we need real support for converting nested types into a real flags_t in ida pluginThe text was updated successfully, but these errors were encountered: