[FEATURE] Print the address where DeviceName has been found

VoidSec / DriverBuddyReloaded

Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks

https://voidsec.com/driver-buddy-reloaded

GNU General Public License v3.0

313 stars 46 forks source link

[FEATURE] Print the address where DeviceName has been found #30

Open VoidSec opened 1 year ago

VoidSec commented 1 year ago

At the moment the output does not contain the function/address where the DeviceName has been found. Adding it to the output will improve the navigability and augment the information value

HongThatCong commented 1 year ago

In device_name_finder.py source file, extract_unicode_strings function. You can yield an extra offset in buf at the location where the unicode string was found. That offset is the file offset in IDA Below code goto that file offset