Added support for 64-bit immediates in IDA pseudocode

OALabs / hashdb-ida

HashDB API hash lookup plugin for IDA Pro

BSD 3-Clause "New" or "Revised" License

296 stars 39 forks source link

Added support for 64-bit immediates in IDA pseudocode #6

Closed anthonyprintup closed 3 years ago

anthonyprintup commented 3 years ago

For 64-bit binaries the equivalent immediate values generally end with i64 or ui64. As a result this code would break when parsing the value using int(identifier).

This commit should solve the problem.

Warning:

I'm not sure if this code will be compliant with Python 2.7 (regarding future support).

herrcore commented 3 years ago

Looks good. Can you add the hash of a publicly available sample that you tested this with (preferably something from Malshare).

anthonyprintup commented 3 years ago

Looks good. Can you add the hash of a publicly available sample that you tested this with (preferably something from Malshare).

Of course, you can find a sample here. The hash is located in DllEntryPoint -> DllMain and is 0x503CBCCD6A5CDEA8i64 by default when viewing in pseudocode.