Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux and OS X support #3

Open
obilodeau opened this issue Apr 15, 2015 · 12 comments
Open

Linux and OS X support #3

obilodeau opened this issue Apr 15, 2015 · 12 comments

Comments

@obilodeau
Copy link
Contributor

It would be nice if this plugin would be cross-platform.

Personally I would like to see the Qtconsole work ported first and to Linux first of course ;)

I'm not great with win32, C or C++ but I might be able to help with small things or test.

I'll send you a PR to state that this is Windows-only since I've spent a bit of time doing my python 2.7 32-bit anaconda install in order to install your plugin only to realize later that the archive contained PE files and not ELFs... Relevant documentation ending with the dead-end ;) https://gist.github.com/obilodeau/9006a01ba8b1cd0d7350

Seems like nice work! Thanks for sharing it.
@obilodeau obilodeau mentioned this issue Apr 15, 2015
Merged
@james91b
Copy link
Owner

Thanks. Sorry about the frustration, i'll look at that pull request. I would love to get it working on OSX and Linux. Unfortunately however i don't have access to an OSX or Linux version of IDA =/

@obilodeau
Copy link
Contributor Author

obilodeau commented Apr 15, 2015 via email

@obilodeau
Copy link
Contributor Author

Just stumbled upon this IDA plugin which is cross-platform: https://github.com/athre0z/ida-skins. Writing this here for future reference.

@tmr232
Copy link
Contributor

tmr232 commented Mar 7, 2016

Started looking into this now.
Some issues:

  1. Minhook (the hooking library used) is windows only;
  2. So is all the hooking relevant code (finding addresses).
  3. Parsing of argv is windows specific
  4. Memory persistence (a call to LoadLibrary) is windows specific.

Since we are hooking an imported function, fixing it should be eaay (a linker trick?)
This leaves a very small amount of code to fix, and it is all simlle code.

@tmr232
Copy link
Contributor

tmr232 commented Mar 8, 2016

A bit more detailed:

  1. In persist.h, 'GetModuleHandleEx' is used to pin the plugin into memory, that on IDA termination, it will not be unloaded before the hooks are done running.
  2. Some data-types are Windows specific (BOOL)
  3. In ipythonEmbed.cpp:90, Windows APIs are used to get the address of the imported Qt function.
  4. In ida_ipython.cpp:14, a Windows API is used to get the command line arguments.
  5. The hooking library is Windows-only

As for solutions:

  • (1) Seems like dlopen(plugin, RTLD_NODELETE) should be the solution
  • (2) A simple typedef will do
  • (4) I suppose reading from /proc/self/cmdline will do
  • (3, 5) need to be solved as part of the OS-specific hooking mechanism. I'm not sure what to use here, but import-hooking should do.

@james91b
Copy link
Owner

james91b commented May 4, 2016

Nice work (sorry for late reply). Unfortunately i still don't have access to a Linux/OSX version of IDA, so it makes it difficult for me to provide much input on this.

The hooking logic will be the most annoying part to make platform independent. When i first started this project, my goal was for it to work on >= IDA 6.0. In those earlier versions of IDA there was no way to get a loop in the main thread, so hooking was the only option. However, in IDA 6.2 the register_timer api was introduced. We could drop IDA 6.1 support, remove the hook and move the loop to the register_timer api. That would make it much easier to port over.

@tmr232
Copy link
Contributor

tmr232 commented May 4, 2016

The post was meant mainly for anyone with Linux or OSX licenses. The lack of one is the only reason I did not implement it myself.

I think our best choice would be to wait for someone to take it on himself, and then see what needs to change for the support.

@tmr232
Copy link
Contributor

tmr232 commented May 12, 2016

@james91b Just realized that... Does this mean we can make the plugin a pure-Python plugin?
This would definitely make cross-platform maintenance simpler. But again - we need to try and weigh it.

@marc-etienne
Copy link

marc-etienne commented May 13, 2016
edited
Loading

Hi guys! I already have a working python-only integration of the IPython console inside IDA that works on OS X, Linux and Windows. I'll be releasing it in the next few days on Github. I'll keep you updated ;)

@tmr232
Copy link
Contributor

tmr232 commented May 16, 2016

@marc-etienne Cool. I'll be looking forward to trying it out.

@marc-etienne
Copy link

Hi all,

"Next few days" ended up being 2 weeks, but, here we go: https://github.com/eset/ipyida

Cheers!
M-E

/cc @tmr232 @obilodeau @james91b

@tmr232
Copy link
Contributor

tmr232 commented May 31, 2016

Cool!

Tried taking it for a go today, but came across various issues (using IDA 6.9 & Jupyter). Posted a relevant issue - eset/ipyida#1

I hope we can make it work, having a cross-platform solution would be great.

@tmr232 tmr232 mentioned this issue Jul 4, 2016
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@marc-etienne @obilodeau @tmr232 @james91b