Closed BigJim closed 9 years ago
joxeankoret
commented
9 years ago This is curious, is it a memory dump by any chance? Diaphora uses MinEA() and MaxEA() to determine the minimum and maximum addresses in the IDA database.
Also, there should be another error before the "UnboundLocalError: local variable 'bd' referenced before assignment". Do you have see any other error in the output window?
BigJim
commented
9 years ago Hey again.Not a memory dump, just a large (around 240mb IDB) Windows executable that's not packed or encrypted. I posted the issue late last night, I'll troubleshoot it when I get home today. Do you use or know of an setup to debug IDA Python scripts (where you can step through code, look at variables, etc)?
Edit: Thanks you removed the unintentional info leak.
joxeankoret
commented
9 years ago There is nothing for debugging IDAPython scripts. I have been thinking about doing it myself but... well, not enough time :(
I'll try to do some modifications so it gives, at least, better error messages.
pmarkowsky
commented
9 years ago You can debug IDAPython scripts pretty easily with WingIDE's debugger.
https://wingware.com/doc/howtos/idapython
It's not free but works well.
-Pete
On Wed, Jun 10, 2015 at 10:34 AM, Joxean notifications@github.com wrote:
There is nothing for debugging IDAPython scripts. I have been thinking about doing it myself but... well, not enough time :(
I'll try to do some modifications so it gives, at least, better error messages.
— Reply to this email directly or view it on GitHub https://github.com/joxeankoret/diaphora/issues/31#issuecomment-110776072 .
BigJim
commented
9 years ago https://wingware.com/doc/howtos/idapython It's not free but works well.
Non-Commercial Use $89 seems a little pricey to do just debugging, but then if you do a lot of IDA Python coding it does have an IDE,etc. Maybe someone will make it their project to expose the needed Python debug APIs in their own DLL for one of the Open Source IDEs like some of them here: https://wiki.python.org/moin/IntegratedDevelopmentEnvironments
BigJim
commented
9 years ago Okay it seems to be something to do with formatting in the main UI. Seems you mainly work the Linux IDA, could be something different in the windows version. Appears that "Form.FT_ADDR" gets translated either to or from a string.
Changing the two lines, replacing FT_ADDR with FT_HEX fixed the problem, also outputs a little different:
'iMinEA': Form.NumericInput(tp=Form.FT_HEX, swidth=22), # FT_ADDR
'iMaxEA': Form.NumericInput(tp=Form.FT_HEX, swidth=22), # FT_ADDRYes, I typically work more with the Linux version than with the Windows version. Patch applied with 4b82ceafc7eeae831796fb8c63230605f3d1e5bd, thanks!
joxeankoret
commented
9 years ago I guess the bug is fixed. Please, re-open if with the latest fixes it isn't.
Get error:
Warning
C:\Tools\IDA\python\diaphora-master\diaphora.py: local variable 'bd' referenced before assignment Traceback (most recent call last): File "C:\Tools\IDA\python\idaapi.py", line 601, in IDAPython_ExecScript execfile(script, g) File "C:/Tools/IDA/python/diaphora-master/diaphora.py", line 3118, in
diff_or_export_ui()
File "C:/Tools/IDA/python/diaphora-master/diaphora.py", line 3093, in diff_or_export_ui
return _diff_or_export(True)
File "C:/Tools/IDA/python/diaphora-master/diaphora.py", line 3090, in _diff_or_export
return bd
UnboundLocalError: local variable 'bd' referenced before assignment
OK
Steps: 1) Clean install of Windows IDA 6.8, except some plug-ins removed. 2) Installed "diaphora-master" folder in IDA Pro root folder. 3) Loaded a large Windows IDB (84,268 functions). 4) Executed "diaphora.py" 5) Using all default options. 6) Clicked ok. 7) Appeared to run and then error dialog appeared with above.
Update/fix: Okay after some playing around I found that the default address range was very wrong. It chose "HEADER:00400000" as the start address (should have been straight 00401000) and end address was some strange address outside of any code segments "0:0013C000" something.
I manually set the start address to "00401000" and end address to "016C1E00" (the real end of the sections) and it's running now. I'll know in an hour or so if it runs okay.
Suggestion: Might need to pattern here like if "inf.procName == 'metapc'" and enumerate for all ".text" or class "CODE" sections. Use those for the start and end address defaults..
Good to see another Bin-Diff type plug-in/script..