IDA SDK 6.2

IDA SDK - Interactive Disassembler Module SDK ============================================= This SDK should be used with IDA kernel version 6.2 This package allows you to write: - processor modules - input file loader modules - plugin modules (including the processor module extension plugins) Please read read through whole file before continuing! A nice tutorial on IDA SDK is available on this site: http://www.binarypool.com/idapluginwriting ----------------------------------------------- What you need: To create 32bit or 64bit Win32 modules: Borland C++ Builder >= 6.0 or free BCC v5.5 or Visual C++ >= 9.0 or GNU C++ compiler To create 32bit or 64bit Linux modules: GNU C++ compiler To create 32bit or 64bit Mac OS X modules: GNU C++ compiler The Visual C++ users should refer to install_visual.txt for the explanations on how to use the IDE or install_make.txt to compile from command line. For installation under Linux or OS X, please refer to install_linux.txt All others should refer to install_make.txt. ----------------------------------------------- A quick tour on header files: ida.hpp the 'main' header file of IDA project. This file should be included in all source files. In this file the 'inf' structure is defined: it keeps all parameters of the disassembled file. kernwin.hpp various functions to interact with the user. Also, some functions to process strings are kept in this header. ua.hpp This header file describes insn_t structure called cmd: this structure keeps a disassembled instruction in the internal form. Also, you will find here helper functions to create output lines etc. idp.hpp the 'main' header file of IDP modules. 2 structures are described here: processor_t - description of processor asm_t - description of assembler Each IDP has one processor_t and several asm_t structures area.hpp class 'area'. This class is a base class for 'segment_t' and 'srarea_t' (segment register) classes. This class keeps information about various areas of the disassembled file. auto.hpp auto-analysis related functions bytes.hpp Functions and definitions which describe each byte of the disassembled program: is it an instruction, data, operand types etc. dbg.hpp Debugger API for debugger users diskio.hpp file i/o functions See file pro.h and fpro.h for additional system functions entry.hpp List of entry points to the program being disassembled. enum.hpp Enumeration types in the disassembled program expr.hpp IDC language functions. fixup.hpp information about relocation table of the program. fpro.h Alternative set of system-indenendent file i/o functions. These functions do check errors but never exit even if an error occurs. They return extended error code in qerrno variable. You must use these functions, not functions from stdio.h frame.hpp Local variables, stack pointer related stuff funcs.hpp Functions in the disassembled program help.h Help subsystem. This subsystem is not used in IDP files. We put it just in case. idd.hpp Debugger plugin API for debugger module writers ieee.h IEEE floating point functions intel.hpp header file from the ibm pc module. for information only, it will not compile because it contains references to internal files! ints.hpp predefined comments lines.hpp generation of source (assembler) lines and long comment lines. variables controlling the exact time and place to generate xrefs, indented comments etc. shouldn't be used in simple IDP modules. You must use these function instead of functions from stdlib.h nalt.hpp some predefined netnode array indexes used by the kernel. these functions should not be used directly since they are very low level. name.hpp names: rename, unname bytes etc. netnode.hpp the lowest level of access to the database. Modules can use this level to keep some private inforation in the database. Here is a short description of the concept: the database consists of 'netnodes'. The netnodes are numbered by 32-bit integers and may have: - a name (max length is MAXNAMESIZE-1) - a value (a string) - sparse arrays of values: Each sparse array has a 8-bit tag. Therefore, we can have 256 sparse arrays in one netnode. Only non-zero elements of the arrays are stored in the database. Arrays are indexed by 32-bit or 8-bit indexes. You can keep any type of information in an array element. The size of an element is limited by MAXSPECSIZE. For example, you could have an array of addresses that have been patched by the user: <address> : <old_value_of_byte> The array is empty at the start and will grow as the user patches the input file. There are 2 predefined arrays: - strings (supval) - longs (altval) The arrays don't need to be declared or created specially. They implicitly exist at each node. To save something into an array simply write to the array element (altset or supset functions) There are no limitations on the size or number of netnode arrays. offset.hpp functions that work with offsets. pro.h compiler related stuff and some system-independent functions queue.hpp queue of problems. segment.hpp program segmentation srarea.hpp segment registers. If your processor doesn't have segment registers, you don't need this file. struct.hpp Structure types in the disassembled program typeinf.hpp Type information va.hpp Virtual array. Used by other parts of IDA. IDP module don't use it directly. vm.hpp Virtual memory. Used by other parts of IDA. IDP module don't use it directly. xref.hpp