I want to get an asm file which was dissassembled using IDA Pro and use scripts to make lots of asm files at once.
I tried two ways to get asm file
first one was with idapython:
idc.GenerateFile(idc.OFILE_ASM, idc.GetInputFile()+".asm", 0, idc.BADADDR, 0)
generated asm file successfully but that file had some functions which was hided
like this:
; [0000000C BYTES: COLLAPSED FUNCTION j__UIAccessibilityPostNotification. PRESS KEYPAD CTRL-"+" TO EXPAND]
second one was changed to batch mode to get asm file:
~/.ida-6.5/idal -c -parm:ARMv7 -B myFilePath/myFile
also generated asm file successfully but I just got same problems that was some functions which was hided
Is there an way to select unhide all and then export asm file from IDA?
late answer
if you don't have a problem to send a keystroke prior to the execution of the idc command
you can define a macro that unhides all the collapsed functions
assuming you are using the gui version open idagui.cfg
navigate to keyboard shortcut definition and locate the "Unhide All" entry and define a key sequence
i have defined ctrl+2 as keystorke below in ida free 5.0
\IDA_FRE_5\cfg>cat idagui.cfg | grep -i unhide
"Unhide" = "Numpad+"
"UnhideAll" = "Ctrl+2"
"GraphUnhideGroup" = 0 // Unhide group
"GraphUnhideAllGroups" = 0 // Unhide all groups
close and open ida for this to take effect
from now on if you hit ctrl+2 and run the idc command you will get an asm with that doesnt contain collapsed functions
foo.asm was generated prior to ctrl+2 blah.asm after hitting ctrl+2
auto fp;
fp = fopen("c:\\blah.asm","w");
GenerateFile(OFILE_ASM,fp,0x10127a4,0x10127aa,0x0);
fclose(fp);
contents of both file below
C:\>type foo.asm blah.asm
foo.asm
;
; ╔═════════════════════════════════════════════════════════════════════════╗
; ║ This file is generated by The Interactive Disassembler (IDA) ║
; ║ Copyright (c) 2010 by Hex-Rays SA, <support#hex-rays.com> ║
; ║ Licensed to: Freeware version ║
; ╚═════════════════════════════════════════════════════════════════════════╝
;
; [00000006 BYTES: COLLAPSED FUNCTION _XcptFilter. PRESS KEYPAD "+" TO EXPAND]
blah.asm
;
; ╔═════════════════════════════════════════════════════════════════════════╗
; ║ This file is generated by The Interactive Disassembler (IDA) ║
; ║ Copyright (c) 2010 by Hex-Rays SA, <support#hex-rays.com> ║
; ║ Licensed to: Freeware version ║
; ╚═════════════════════════════════════════════════════════════════════════╝
;
; ███████████████ S U B R O U T I N E ███████████████████████████████████████
; Attributes: thunk
_XcptFilter proc near ; CODE XREF: start+199↑p
jmp ds:__imp__XcptFilter
_XcptFilter endp
Related
I have a problem loading data from text file in Octave.
My text file looks like this:
# Created by Octave 5.2.0, Wed May 05 16:07:02 2021 GMT <unknown#DESKTOP-HEVT6O6>
# name: x
# type: matrix
# rows: 1
# columns: 3600
4.8899999999999997 4.9000000000000004 4.9000000000000004 4.9100000000000001 4.9299999999999997 4.9249999999999998 ...
I need to load those float numbers in one matrix and plot them in time domain.
My code so far:
fs = 360;
Ts = 1/fs;
d = fileread('ecg.txt');
data = regexp(d(1,136:62328),' ','split');
data = str2double(data);
ed = length(data);
t = linspace(0,Ts,ed - 1);
figure(1)
plot(t,data(1,2:ed))
So My question is if there is another way to do it or if there is a better way to do it.
Your file is in Octave’s text data format. This is the default file format when saving variables to file with save. That is, that text file was saved in Octave using save ecg.txt x. The Octave command load ecg.txt will load the file, and re-create the x variable just like it was when it was saved.
Thus, to plot your data, just do
load ecg.txt
plot(x)
I'm developing a new .fex file copied from another one which works fine but when I run it, it notices me I have an error and I don't know where it is (column 39?)
This is the original .fex
.LOGTABLE ${DBSTG}.LT_TERMINALES_FINANCIADOS;
.set DBN to '${DBDWH}';
.set TBN to '${TABLE_IN_01}';
.set OFILE to '${DOWNDIR}/${FILE_OUT_01}';
.set FECHA_INICIO to '${FECHA_INICIO}';
.set FECHA_FIN to '${FechaActualCtrl}';
.BEGIN EXPORT SESSIONS 1;
.EXPORT OUTFILE &OFILE
OUTMOD ${COMDIR}/dlmt_vchar.so
FORMAT TEXT MODE RECORD;
LOCKING TABLE &DBN..&TBN FOR ACCESS
This is the new one
.LOGTABLE ${DBIFRS}.LT_${ERROR_TABLE};
.set DBN to '${DBIFRS}';
.set TBN to '${TABLE_ERROR}';
.set OFILE to '${DOWNDIR}/${FILE_OUT_01}';
.set EJECUCION to '${MOMENTO_EJECUCION}';
.BEGIN EXPORT SESSIONS 1;
.EXPORT OUTFILE &OFILE
OUTMOD ${COMDIR}/dlmt_vchar.so
FORMAT TEXT MODE RECORD;
LOCKING TABLE &DBN..&TBN FOR ACCESS
This is the error
.LOGTABLE IFRSD.LT_IFRS15_LOG_ERRORES;
**** 08:20:28 UTY3403 Only one statement per line is allowed. Extra characters
were detected beginning in column '39'.
Column 39 is the 'R' in ERRORES
I just edited in the remote machine adding an ENTER and saving, then it works, I don't know why... Maybe encoding
I'm trying to create a simple windows driver, but the FltRegisterFilter is not working ! I got the following error code : 0xc0000034 (I think it refers to the STATUS_OBJECT_NAME_NOT_FOUND error code).
Do you know if the generated INF file is enough ? I just tried to add this line in a driver install section : Dependencies = FltMgr.
Here is the full INF file :
;
; KmdfMiniFilter.inf
;
[Version]
Signature="$WINDOWS NT$"
Class=Sample ; TODO: edit Class
ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
Provider=%ManufacturerName%
CatalogFile=KmdfMiniFilter.cat
DriverVer=01/01/2017 ; TODO: set DriverVer in stampinf property pages
[DestinationDirs]
DefaultDestDir = 12
; ================= Class section =====================
[ClassInstall32]
Addreg=SampleClassReg
[SampleClassReg]
HKR,,,0,%ClassName%
HKR,,Icon,,-5
[SourceDisksNames]
1 = %DiskName%,,,""
[SourceDisksFiles]
KmdfMiniFilter.sys = 1,,
;*****************************************
; Install Section
;*****************************************
[Manufacturer]
%ManufacturerName%=Standard,NT$ARCH$
[Standard.NT$ARCH$]
%KmdfMiniFilter.DeviceDesc%=KmdfMiniFilter_Device, Root\KmdfMiniFilter ; TODO: edit hw-id
[KmdfMiniFilter_Device.NT]
CopyFiles=Drivers_Dir
[Drivers_Dir]
KmdfMiniFilter.sys
;-------------- Service installation
[KmdfMiniFilter_Device.NT.Services]
AddService = KmdfMiniFilter,%SPSVCINST_ASSOCSERVICE%, KmdfMiniFilter_Service_Inst
; -------------- KmdfMiniFilter driver install sections
[KmdfMiniFilter_Service_Inst]
DisplayName = %KmdfMiniFilter.SVCDESC%
ServiceBinary = %12%\KmdfMiniFilter.sys
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Activity Monitor"
Dependencies = FltMgr
;
;--- KmdfMiniFilter_Device Coinstaller installation ------
;
[DestinationDirs]
KmdfMiniFilter_Device_CoInstaller_CopyFiles = 11
[KmdfMiniFilter_Device.NT.CoInstallers]
AddReg=KmdfMiniFilter_Device_CoInstaller_AddReg
CopyFiles=KmdfMiniFilter_Device_CoInstaller_CopyFiles
[KmdfMiniFilter_Device_CoInstaller_AddReg]
HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
[KmdfMiniFilter_Device_CoInstaller_CopyFiles]
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
[SourceDisksFiles]
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
[KmdfMiniFilter_Device.NT.Wdf]
KmdfService = KmdfMiniFilter, KmdfMiniFilter_wdfsect
[KmdfMiniFilter_wdfsect]
KmdfLibraryVersion = $KMDFVERSION$
[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
ClassName="Samples" ; TODO: edit ClassName
DiskName = "KmdfMiniFilter Installation Disk"
KmdfMiniFilter.DeviceDesc = "KmdfMiniFilter Device"
KmdfMiniFilter.SVCDESC = "KmdfMiniFilter Service"
DefaultInstance = "KmdfMiniFilter"
Instance1.Name = "KmdfMiniFilter"
Instance1.Altitude = "370120"
Instance1.Flags = 0x0 ; Allow all attachments
Do you have any idea of what is the problem ?
I finally solved my problème thanks to RbMm !
A minifilter is not a WDM driver, so :
it doesn't have any hardware id
a good example of inf file : https://github.com/Microsoft/Windows-driver-samples/blob/master/filesys/miniFilter/nullFilter/nullFilter.inf
we can't install a minifilter from Visual Studio, so in Deployment settings, check "Not install". The files will be sent on the target machine. Then, go in you driver's folder (mine was : C:\DriverTest\Drivers). The sys file must be in the same directory than the inf file. Right-click on the inf file -> Install. And finally, open a prompt command (administrator), and use the following command to load and unload your filter : fltmc load myFilter.
Then, once your filter loaded, you must be able to debug it from Visual !
I've got a binary ".db"-file which dates year 2000. I've been told it is a Prolog database.
Is there any way I can view it/export the contents to text?
If I open it with a text editor, several first lines are:
H ] ]] ]G Ц
? 4 я я ‰e xЗЗ ] ц kdN(6 0 b$ #
(######ДЗЗ$З(З/З3З:ЗIЗYЗnЗ{З€З’З З¬З»ЗЗЗТЗЫЗжЗтЗЗЗЗ$З2ЗEЗRЗ_ЗnЗЃЗ€З—ЗЄЗёЗЛЗУЗЭЗбЗцЗ ЗЗ1З;ЗGЗUЗ]ЗdЗjЗoЗuЗ~ЗЌЗRESTTEMP.DB Ќ ᥫҐл© ЇгЄв ”€Ћ ЄҐв Ї®« ж-вм ¬Ґб⮠஦¤ҐЁп ¬Ґб⮦ЁвҐ«мбвў® б Є Є®Ј® Ј®¤ ў Ї®б. Ј®¤ ஦¤ҐЁп ¬Ґбв® а Ў®вл ¤®«¦®бвм бЇҐжЁ «м®бвм ®Ўа §®ў ЁҐ ж-вм бгЇа㣠த®© п§лЄ ў®бЇЁв ЁҐ ”€Ћ ®вж த®¬ ®вҐж ж-вм ®вж த®© п§лЄ ®вж п§лЄЁ ®вж ”€Ћ ¬ вҐаЁ த®¬ ¬ вм ж-вм ¬ вҐаЁ த®© п§лЄ ¬ вҐаЁ п§лЄЁ ¬ вҐаЁ п§лЄ ¤Ґвбвў п§лЄ з.иЄ®«л п§лЄ б।Ґ© иЄ®«л а Ў®в ж-вм б®бҐ¤Ґ© ®ЎйҐЁҐ б б®бҐ¤п¬Ё ж-вм ¤а㧥© ®ЎйҐЁҐ б ¤аг§мп¬Ё ¬ Ј §Ё ᥫмб®ўҐв ”ЂЏ ®ЎйҐЁҐ б தЁвҐ«п¬Ё ®ЎйҐЁҐ б бгЇагЈ®¬ ®ЎйҐЁҐ
I've never heard of a standard "Prolog database" binary format.
Try file command. It knows a lot of file signatures and may recognize your file.
Thanks for telling me it is not presumably a Prolog Database.
I've consulted the guys, and it's finally turned out it's a Borland Paradox database, so I've used a free program to export it to csv.
I wonder where the implemention of basic trigonometric functions can be found in the Visual C++ CRT.
Find in files for "sin" in C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\crt shows the definition in math.h but nothing more (except a mention in the EXPORTS section of some def file).
To the best of my knowledge, sin is not a keyword that the compiler translates itself to machine code. So there must be an implementation somewhere, even if that implementation boils down to some straight assembly code.
What am I missing here? Where'z teh codez?
EDIT: Obviously, I was not clear enough: I'm looking for the source code, not compiled lib or dll
It's in MSVCR90.DLL:
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_...>dumpbin /exports msvcr90.dll | findstr sin
74 48 0007ABA0 _CIasin = __CIasin
84 52 0007B5C0 _CIsin = __CIsin
85 53 0007AF38 _CIsinh = __CIsinh
159 9D 000236AB __get_flsindex = ___get_flsindex
160 9E 000236AB __get_tlsindex = ___get_flsindex
177 AF 0007CE73 __libm_sse2_asin = ___libm_sse2_asin
178 B0 0007D2C1 __libm_sse2_asinf = ___libm_sse2_asinf
192 BE 0007FE7C __libm_sse2_sin = ___libm_sse2_sin
193 BF 00080039 __libm_sse2_sinf = ___libm_sse2_sinf
696 2B7 0002E27A _mbsinc = __mbsinc
697 2B8 0002E24E _mbsinc_l = __mbsinc_l
1211 4BA 0007AB60 asin = _asin
1349 544 0007B580 sin = _sin
1350 545 0007AF20 sinh = _sinh
Update:
The source isn't provided. The library supplying the functions in the CRT source provided seems to be in crt\src\intel\mt_lib\tran.lib:
C:\...\crt\src\intel\mt_lib> lib /list tran.lib
: : :
f:\dd\vctools\crt_bld\SELF_X86\crt\prebuild\build\INTEL\mt_obj\_sincosf_sse2_.obj
f:\dd\vctools\crt_bld\SELF_X86\crt\prebuild\build\INTEL\mt_obj\_sincos_sse2_.obj
f:\dd\vctools\crt_bld\SELF_X86\crt\prebuild\build\INTEL\mt_obj\_sinf_sse2_.obj
f:\dd\vctools\crt_bld\SELF_X86\crt\prebuild\build\INTEL\mt_obj\_sin_sse2_.obj
f:\dd\vctools\crt_bld\SELF_X86\crt\prebuild\build\INTEL\mt_obj\_tanf_sse2_.obj
f:\dd\vctools\crt_bld\SELF_X86\crt\prebuild\build\INTEL\mt_obj\_tan_sse2_.obj
: : :
It's in libc. If you are building statically, its in libc.lib. If you are building dynamically, then its in msvcrt.dll