Tuesday, 22 October 2013

Calling Functions and getting a String from the pointer of their input and also Javascript in IDA Pro

So I learnt about a thing in IDA pro called Appcall which allows you to call a function you have defined *Which can be done with N*

You have to pause in debugger before using this.

I found a function called it GetMessageFromID it was a this call with 1 argument So I needed to know the pointer. I breakpointed it and got it called once then put the argument in and it worked as expected. I got back an address.

I thought this is good but I want to see the string.

In IDC you can use

In Python

A loop in python printing out the String value :)
for x in xrange(0,1000):print GetString(Appcall.GetMessageFromID(0x00A59000,x))

Just printing out a string
print GetString(Appcall.GetMessageFromID(0x00A59000,10))

Also we can use javascript as a scripting language which is much nicer than python and quite similar to IDC.

I am installing it now hopefully it works great for me coding unpackers or bypassers or helper functions in js seems quite good.

1 comment: