Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSDN data doesn't have constant values #67

Open
fubuki8087 opened this issue Dec 24, 2018 · 6 comments
Open

MSDN data doesn't have constant values #67

fubuki8087 opened this issue Dec 24, 2018 · 6 comments

Comments

@fubuki8087
Copy link

fubuki8087 commented Dec 24, 2018
edited

I cannot use your script to generate the xml file (MSDN data) successfully because "Windows Software
Development Kit (SDK) for Windows 7 and .NET Framework 3.5 Service Pack 1" was unavailable in Microsoft website years ago. So I straightly used the xml file you provided in

https://github.com/mr-tz/flare-ida/blob/master/MSDN_data/msdn_data.zip

But no constant in this xml file has value. So when I execute the script in IDA, no API constant will rename to macro.

This is a part of the xml file:

<constants>
	<constant>
		<name>BFT_NTDS_DATABASE</name>
		<description>The file is an NTDS database file. This file should be copied to the file identified as BFT_NTDS_DATABASE when the data is restored.</description>
	</constant>
	<constant>
		<name>BFT_LOG</name>
		<description>The file is a log file. All log files are copied to the directory identified as BFT_LOG_DIR when the data is restored.</description>
	</constant>
	<constant>
		<name>BFT_PATCH_FILE</name>
		<description>The file is a patch file. All patch files are copied to the directory identified as BFT_CHECKPOINT_DIR when the data is restored.</description>
	</constant>
</constants>

As you can see, all constants only have <name> and <description>. I can't see <value> in all <constant>.
@mr-tz
Copy link
Contributor

mr-tz commented Dec 27, 2018

The script matches up each constant name and IDA Pro's standard enum. So the constant value is not required to rename constants. However, there's other places where the current mechanism can go wrong. Does it really rename no constants (hint: look for debugging output containing the string renaming constant)?

@fubuki8087
Copy link
Author

I cannot see any renaming constant in my IDA Output Window. This is my output:

INFO:__main__:Saving config
INFO:IDB_MSDN_Annotator:Starting script execution
INFO:IDB_MSDN_Annotator:Backing up database to file xxx.idb
Flushing buffers, please wait...ok
INFO:IDB_MSDN_Annotator.xml_parser:Starting parsing G:/IDA 7.0/MSDN_DATA\msdn_data.xml
  4. Creating a new segment  (004144B8-00414CB8) ... ... OK

======================
MSDN Annotator SUMMARY
======================
 Functions not found
 -------------------
  1	RegOpenKeyExA
  2	DragQueryFileA

Enums can be loaded normally. Backup is normal too, and .msdn segment is also added. But no constants will be renamed.
My IDA version is 7.0. Is there anything incompatible?

@mr-tz
Copy link
Contributor

mr-tz commented Dec 29, 2018

It is possible that the constant renaming does not work on the sample you are looking at. Can you try other binaries?

@fubuki8087
Copy link
Author

Every binary I've tried is the same problem.

@mr-tz
Copy link
Contributor

mr-tz commented Jan 9, 2019

I've confirmed the issue in a few tests. Investigating this further will take some time though. If you'd like to help I can provide some pointers.

@mr-tz
Copy link
Contributor

mr-tz commented Jan 10, 2019

During further testing the plugin renamed some constants successfully, e.g. for CreateFile. One issue I've identified is that some enums are named differently between IDA 6.x and 7.x.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fubuki8087 @mr-tz