Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for v8.3 ida pro plugin #162

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add support for v8.3 ida pro plugin #162

wants to merge 3 commits into from

Conversation

geocine
Copy link

@geocine geocine commented Feb 11, 2024
edited
Loading

#97
#22

I need to focus on the x86 implementation for the ScyllaHideIDAProPlugin, including compiling its documentation. Where is the appropriate place to incorporate this documentation? Additionally, I am not a C++ developer; I'm improvising as I go. Therefore, I welcome any suggestions or revisions necessary for this contribution to be accepted.

I used this this QT version https://hex-rays.com/blog/ida-8-3-qt-5-15-2-sources-build-scripts/

@geocine geocine force-pushed the ida-plugin-8.3 branch 2 times, most recently from 22bc7eb to 4038fa9 Compare February 11, 2024 20:04
@geocine
Copy link
Author

geocine commented Feb 11, 2024

I simplified this PR further I removed x86 support for the IDA plugin. As starting 7.0 IDA has shifted to native 64-bit. Also on the latest 8.3 SDK I did not see support for x86.

I removed the overcomplicated compilation steps which involved QT . I utilized the GetForegroundWindow function instead like how it has been used on previous PRs. This PR should be ready for review

@geocine
Copy link
Author

geocine commented Feb 11, 2024
edited
Loading

50c9efa

mstsc_wVE0keCjhE

I am not really sure what OtherOperationCount is, you guys can check my code.

@mrexodia
Copy link
Member

Didn't forget about this, just been busy...

@Mattiwatti
Copy link
Member

Re: OtherOperationCount: you can probably ignore this as I've seen this test fail reliably outside of IDA too. So I think this is just a buggy test we need to fix separately. Or is it somehow working on your machine, except when running in IDA?

I expect it will fail the same way if you run the test in a different debugger, if so you can just ignore it.

@mrexodia
Copy link
Member

I made some minor changes and it looks like GitHub Actions is now happy. We could merge it as-is already, but are you sure everything is working? It seems like the IDA server executable might not work correctly in this configuration, but I didn't test yet...

What were the rough steps you took to get this working and was it with the local debugger or the remote one?

@geocine
Copy link
Author

geocine commented Feb 28, 2024

What were the rough steps you took to get this working and was it with the local debugger or the remote one?

To be honest I have limited knowledge of IDA and reversing. I only tested it on a binary that has a debug protection by loading it on IDA and pressing debug.

Bart97
Bart97 reviewed Apr 6, 2024
View reviewed changes
ScyllaHideIDAProPlugin/ScyllaHideIDAProPlugin.cpp
@@ -102,7 +104,7 @@ static bool SetDebugPrivileges()
}

//callback for various debug events
static int idaapi debug_mainloop(void *user_data, int notif_code, va_list va)
static ssize_t idaapi debug_mainloop(void *user_data, int notif_code, va_list va)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lines 204-214 will disable loading ScyllaHide for local debuggers on x64 binaries. I think this is a significant issue and it may be a good idea to investigate why this condition was needed in the first place.

@Slluxx
Copy link

Slluxx commented Jul 3, 2024

The latest build does not seem to work.

HookLibraryx64.dll: not IDA DLL file
ScyllaHideIDAProPluginx64.dll) error: Eine DLL-Initialisierungsroutine ist fehlgeschlagen. (
A DLL initialization routine failed.)
ScyllaHideIDAProPluginx64.dll: can't load file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Bart97 Bart97 Bart97 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@geocine @mrexodia @Mattiwatti @Slluxx @Bart97