search

keystone-engine / keypatch

Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
http://www.keystone-engine.org/keypatch
GNU General Public License v2.0
1.49k stars 355 forks source link

Workaround for IDA 6.9 on Linux x64 #4

Closed pedrib closed 8 years ago

pedrib commented 8 years ago

Keypatch has problems in IDA 6.9 on Linux x64. I think this is because in Linux x64 IDA will use it's built-in Python, which is 32 bit, instead of the system's 64 bit Python. This is messy, but it is how IDA works currently, so we need to work around it (a pure IDA 64 bit version is promised soon).

In order to use Keypatch, you need to do the following steps: 1- Follow instructions in the README: $ git clone https://github.com/keystone-engine/keystone/ $ mkdir build $ cd build $ ../make-share.sh lib32 lib_only <------ STOP HERE (Readme will tell you to do make install)

2- Copy python bindings to IDA Python $ cp -r bindings/python/keystone IDA_DIR/python/

3- Copy distutils from your distro's Python to IDA $ cp -r /usr/lib/python2.7/distutils IDA_DIR/python/

4- Copy the 32 bit Keystone libraries to IDA's Python seach path $ mkdir -p /python/lib/python2.7/dist-packages/keystone $ cp build/llvm/lib/libkeystone.so.* IDA_DIR/python/lib/python2.7/dist-packages/keystone

5- Finally copy keypatch.py to IDA_DIR/plugins/

All done, works like a charm now.

aquynh commented 8 years ago

thanks for investigating the issue & documented all the steps! lets wait for people with IDA Linux edition to confirm, but i believe steps 2 ~ 5 can be done automatically with a script, so users just need to run it, without having to repeat them manually. would you mind making that script, and send a PR to include it in source code?

thanks.

aquynh commented 8 years ago

your workaround is to install a private module just for IDA. for some reasons, the "global" Python module installed by the core cannot be recognized by IDA on your machine. would be good to figure out what is wrong here.

pedrib commented 8 years ago

If you have a look at the IDA forums and blog, there are a lot of problems and workarounds for Linux x64. I guess we will have to wait until a full IDA 64 bit comes out to resolve these.

I can make a patch, but wouldn't it be better just to add to the README? Note that paths can differ from one distro to another. I can send a PR for the README if you want?

aquynh commented 8 years ago

Yes, a PR to update README will be great, thanks.

pedrib commented 8 years ago

Closing, PR #8 "solves" it. This should be looked at again when IDA 64 bit comes out.