Ida pro plugin with gcc

Introduction

This document describes how to create an Ida plugin using gcc.

Environment

cygwin + gcc
use grep on Ida sdk for documentation

C++ code

types.cpp


#include <ida.hpp>
#include <idp.hpp>
#include <expr.hpp>
#include <bytes.hpp>
#include <loader.hpp>
#include <kernwin.hpp>
#include <funcs.hpp>
#include <name.hpp>
#include <typeinf.hpp>

/*
    print_fti prints the function name and argument type info
*/

int print_fti()
{
    int nfuncs = get_func_qty();
    msg("Number of functions: %i\n",nfuncs);
    for(int i = 0; i < nfuncs;i++)
    {
        func_t * pfn = getn_func(i);
        ea_t ea = pfn->startEA;
        type_t type[MAXSTR];
        p_list fields[MAXSTR];
        
        if (! get_ti(ea,type,sizeof(type),fields,sizeof(fields) ) )
            continue;
        
        uint32 arglocs [MAX_FUNC_ARGS];
        type_t * types [MAX_FUNC_ARGS];
        char * names[MAX_FUNC_ARGS];
        char fname[MAXNAMELEN];
        int n = build_funcarg_arrays(type, fields, arglocs, types, names, MAX_FUNC_ARGS, false);
        
        get_func_name(ea,fname,sizeof(fname));
        msg("%a %s",ea,fname);
        
        for( int j = 0 ; j < n ; j++){
            char text[MAXSTR];
            int code = print_type_to_one_line(text,sizeof(text), idati, types[j], names[j], NULL, NULL);
            if ( code != T_NORMAL) continue;
            msg(" | %i: %s", j, text);
        }
        msg("\n");
        free_funcarg_arrays(types,names,n);        
    }
}

int idaapi init(void)
{
    return PLUGIN_OK;
}

void idaapi run(int arg)
{
    print_fti();
}

plugin_t PLUGIN =
{
    IDP_INTERFACE_VERSION,
    PLUGIN_UNL,             // plugin flags
    init,                   // initialize
    NULL,                   // terminate. this pointer may be NULL.
    run,                    // invoke plugin
    NULL,                   // long comment about the plugin
                            // it could appear in the status line
                            // or as a hint
    NULL,                   // multiline help about the plugin
    "TYPES Plugin",         // the preferred short name of the plugin
    "ALT-F8"                // the preferred hotkey to run the plugin
};

Compilation

Link with libgcc.w32/ida.a in the idasdk


gcc -o types.plw types.cpp -D__NT__ ./libgcc.w32/ida.a -I./include -D__IDP__ -Wl,--dll -shared -mno-cygwin
cp types.plw $IDADIR/plugins

Output

Reload Ida, press ALT+F8


Number of functions: 9327
6D8013B0 sub_6D8013B0 | 0: int | 1: int | 2: int | 3: double | 4: int
6D8028E0 sub_6D8028E0 | 0: void *
6D802C70 sub_6D802C70 | 0: const void * | 1: const void *
6D803010 sub_6D803010 | 0: char *
6D803400 sub_6D803400 | 0: int | 1: int | 2: char * | 3: int
6D8035D0 sub_6D8035D0 | 0: void * | 1: size_t | 2: int
6D803A80 sub_6D803A80 | 0: void * | 1: int | 2: char
...