search

illera88 / Ponce

IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
https://docs.idaponce.com
Other
1.5k stars 74 forks source link

Support 32bit applications within 64bit IDA 7.0 #83

Closed mxmssh closed 6 years ago

mxmssh commented 6 years ago

From IDA website: "To make the transition even smoother, we are also publishing a 32-bit version of IDA. It can (and should) be only used to run old 32-bit plugins while you are porting them to 64-bit." link

For me it looks like 32bit IDA is used for back compatibility with old plugins. Thus, Ponce should be always 64 bit! This is a problem for us because when we compile Ponce as 64bit, we expect 64bit applications. The code below always fail when we reverse 32bit applications within 64bit IDA:

#if defined(__x86_64__) || defined(_M_X64)
    this->cpu = new triton::arch::x86::x8664Cpu(*reinterpret_cast<triton::arch::x86::x8664Cpu*>(triton::api.getCpu()));
#endif
#if defined(__i386) || defined(_M_IX86)
    this->cpu = new triton::arch::x86::x86Cpu(*reinterpret_cast<triton::arch::x86::x86Cpu*>(triton::api.getCpu()));
mxmssh commented 6 years ago

Well, it looks like the only problem is Triton. We have to tell Triton (during initialization) that we reverse 32bit application and call appropriate functions accordingly.

0ca commented 6 years ago

I guess IDA has an API to tell you if a loaded binary is 32 or 64 bits. We should use that to initialize Triton.

mxmssh commented 6 years ago

Yea, let's go this way.