Creating IDA Plug-ins with C# or VB6

다음 링크에서 가져왔습니다.

http://www.openrce.org/articles/full_view/13

This article highlightstechnique where you can use a high level language such as C# or VB6 to create GUIs for IDA plugins. Why bother? Why not. These two languages make complex UI programming very easy, are easy to debug, and are great for rapid prototyping.

What we will be doing is creating a traditional IDA plug-in stub in VC, which will be used to add menu items to IDA, and export a wrapped set of IDA API functions for the high level language plug-in to utilize. A basic block diagram of what we want to accomplish looks like this:


Conceptual Block Diagram

To make VB6, .NET, and VC all play nice together, we have set up our plug-ins so that they can be accessed as COM Dll's. To access the .NET dll as a COM object, you will have to use the regasm utility to setup the proper registry entries for the interface as well as produce a type library file (.tlb) so we can early bind to it in our VC stub. VB6 can only produce ActiveX DLLs, and already sets up all registry entries and adds the type library information directly to its DLLs during compilation. If you are just trying out the demo, you will still need to register the VB6 sample dll using regsvr32.

So for a quick walk through of the code. In both of our plug-in examples here we are early binding to our Dlls. This means that you should compile the VB6 or .NET dlls first and make sure that binary compatability is set so that their interface GUIDs do not change the next time you compile (or you will have to recompile your stub again). This is not really a problem because the interface we use to launch the plug-ins is very simple and never needs to change. It is only used to initalize the library and runtimes and get it executing. In out VC stub you will see the following declaration:

    #import "./bin_4.7/CSharpIDASample.tlb" raw_interfaces_only

    using namespace CSharpIDASample;

    ICpluginPtr pIPlug(__uuidof(Cplugin));

This uses some VC VooDoo to load the type library interfaces, and create an initalized object pointer instance of our main class. The names of the namespace, class, and Interface pointer are all set in the typelibrary and can be viewed using any type library viewer such as the free demo that comes from Matt Curlands Power VB site or other tools like the Microsoft Ole View utility.


Microsoft Ole View Utility

When it comes time to display our interface, all we have to do is call our class method to launch it. In the example code below, we are passing it the hwnd of the main IDA window so that we can display our form modally. (At this point I have not tried to set it as a MDI child of the main window using SetParent which may also work.)

    int h = (int)callui(ui_get_hwnd).vptr; //ida main window hwnd
    pIPlug->DopluginAction( h , &lRet);

Here the lRet variable will receive the HRESULT COM return value which we dont have to worry about. Once our plug-in form is displayed, the IDA API functionality is accessed via function declares written in our form. These declare statements were made as a way to give VB developers access to stdcall Win32 API and are still present in .NET so that you can access custom C dlls. Below are C prototypes and corrosponding C# and VB6 declares.

C Prototypes:
    int __stdcall NumFuncs(void)
    int __stdcall FunctionStart(int n)
    int __stdcall FunctionEnd(int n)


VB6:
    Private Declare Function NumFuncs Lib "vcSample.plw" () As Long
    Private Declare Function FunctionStart Lib "vcSample.plw" (ByVal functionIndex As Long) As Long
    Private Declare Function FunctionEnd Lib "vcSample.plw" (ByVal functionIndex As Long) As Long

C#:
    [DllImport("c_stub.plw")]
    public static extern int NumFuncs();
    
    [DllImport("c_stub.plw")]
    public static extern int FunctionStart(int index);
    
    [DllImport("c_stub.plw")]
    public static extern int  FunctionEnd(int index);

Using this mechanism to access wrapped API exports from our CPP stub gives us alittle more flexability and frees us from having to worring about COM compatability issues relating to changing interfaces. Included in the sample zip are VB6 and C# samples of example IDA plug-ins. In addition to the basic example framework provided, I have also included a file with another 36 IDA API wrappers that you can use in your own projects. If for some reason you would prefer to late bind to the COM objects you can find older examples of that on my site. The reason I use early binding here is that to late bind takes about a page and half of long winded code.

Be sure to read the README files in the applications home directories to learn how to setup the projects. Precompiled binaries are provided for IDA 4.7.

If you would like to play with some more involved samples, I have also made some of my personal plug-ins. Note that these other samples were thrown together relativly quickly from scraps of code so they will probably have their share of bugs.

Anyway, enjoy..

-dzzie