forked from fireundubh/IDA7-FunctionStringAssociate
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathFunctionStringAssociate.txt
More file actions
74 lines (51 loc) · 2.89 KB
/
FunctionStringAssociate.txt
File metadata and controls
74 lines (51 loc) · 2.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
"Function String Associate"
===============================================================================
An IDA Pro plug-in that comments functions by the strings it contains
Version 1.7
By Sirmabus
-------------------------------------------------------------------------------
From the chaos of a 10,000+ function target et al.., this plug-in can help
reversing by extracting various "assert" and other (variables, constants, etc.)
strings; making some sense of it all by adding info as a function comment for
browsing.
As you browse around at a glance these comments might tell you to a greater or
lessor degree what a particular function might do, what area it belongs to,
etc.
In some targets there are tons of these useful strings, on others very few if
any at all. Thus the information will either be great or little to nothing.
-- [Install] ------------------------------------------------------------------
Copy the plug-in to your IDA Pro "plugins" folder.
Edit your "plugins.cfg" with a hotkey to run.
Example:
"FunctionStringAssociate IDA_FunctionStringAssociate_PlugIn.plw Alt-6 0"
See official IDA docs for more help on on installing and configuring plug-ins.
-- [How to run it] ------------------------------------------------------------
Just invoke it using your selected IDA hot-key or from "Edit->Plugins" menu.
-- [How it works] -------------------------------------------------------------
Iterates every function in the loaded IDB; In each function iterates it's
elements looking for string references; Then sorts these with some assumptions
about relevance and places them as a function comment.
-Sirmabus
-- [IDA 7.0 Port Changes] -----------------------------------------------------
1.7 - 1) Updated to IDA SDK 7.0 and MSVC 2017
2) Replaced string handling with qstring built-ins
3) Significantly reduced nesting
4) Miscellaneous improvements
-- [Changes] ------------------------------------------------------------------
1.7 - Updated to IDA SDK 6.9 and MSVC 2015.
1.6 - Fixed unicode string problem.
1.5 - 1) Replaced the std::vector array with a static one.
2) Added a E64 version.
1.4 - 1) Now properly iterates functions as blocks rather then assuming they
are all contiguous chunks.
2) Updated and fixed some custom UI elements.
3) Some speed optimization.
1.3 - 1) Increased maximum string length.
2) Changed the starting tag from "<" to "STR:", and removed the end '<'.
3) Added customized dialogs.
Terms of Use
-------------------------------------------------------------------------------
This software is provided "as is", without any guarantee made as to its
suitability, or fitness for any particular use. It may contain bugs, so use
this software is at your own risk. The author takes no responsibility for
any damage that might be caused through its use.