I
commited today code for Ida Pro plugin for RFG fixups processing - for both version 1 &
2
It seems that by default during automatic loading of pe files Ida don`t load .reloc section (where usually located RFG fixups). In such case I ask if you want to add new segment:
Sure it works only if original input file (you can extract it with get_input_file_path function) is still available. Also I used dirty hack - I am too lazy to parse PE file by hand, and it seems that node "$ PE header" keeps all sections (even not loaded in base !) in supvals
enjoy
Update: it seems that buggy ida sdk don`t contains
doCode function and
auto_mark_range actually
does not take into account end argument, so body of prologs looks ugly
Комментариев нет:
Отправить комментарий