Documentation

[thesourcerer8]

Please some more documentation, especially about the IDAAPI

[pfalcon]

What kind of documentation are you looking for? Any outside perspective is appreciated.

But the general idea is that ScratchABit is targeted at people who have experience working with IDA. They immediately should feel at home (especially those who remember days of IDA 3, 4, 5 when it itself had a text UI). People who don't know IDA, may read one of gazillion IDA tutorials on the Internet. Unfortunately, I can't suggest anything specific or fitting ScratchABit, such info would rather be contributed.

especially about the IDAAPI

Well, I'm not author of IDA, so cannot provide info about its API (I don't even know it, because it's proprietary). What ScratchABit does however is providing subset of API of IDAPython (https://code.google.com/p/idapython/). Note that unlike IDA, IDAPython is open-source project, and that's what I'm dealing with. It has its own documentation: https://code.google.com/p/idapython/downloads/detail?name=idapython-reference-1.5.1-doc.zip and there's no need to duplicate. Again, there're lot of community resources on IDAPython too, random links:

• http://www.offensivecomputing.net/papers/IDAPythonIntro.pdf
• http://magiclantern.wikia.com/wiki/IDAPython/intro

Note that only small subset of IDAPython API is implemented, and official reference on what's implemented and what's not is the source itself. Immediate target is allowing to run existing processor plugins, and it was tested to work with https://github.com/themadinventor/ida-xtensa .

Further extension of API is expected to be done incrementally by people who need particular features, as typical for open-source projects.

[pfalcon]

Well, ok, while docs on IDAPython API (which is of course based on IDA API) are available, anyone delving into it indeed deserves an intro. So, IDA API is extremely ugly. It has it all: global variables, passing arguments via global variables, insane mix of naming (in)conventions, the names themselves are idiotic and don't correspond with what they refer to, etc., etc. - all showing its heritage as developed in 1980ies by turbopascal programmers in Soviet Russia.

So, the only reason why IDAPython fits in there is because it's de-facto standard, and there's lot of the material developed by the community. The idea is to let community reuse that all, because rewriting it from scratch of course doesn't make sense.

In general, you're not expected to need to know IDAPython API to work with ScratchABit. Of course, to port an existing plugin, or develop a new CPU plugin, you may need to deal with it.

External refs:

• http://blog.delroth.net/2011/11/random-thoughts-about-writing-an-ida-processor-module/
• https://twitter.com/d_olex/status/323845808216760321
• ...

[thesourcerer8]

Thanks, I will read those. Another question that arose was about the database format: Regarding the question of individual files vs. a combined database in one file, I guess that individual files might be better for github?

[pfalcon]

Regarding the question of individual files vs. a combined database in one file, I guess that individual files might be better for github?

That deserves own ticket, I opened #2.

[pfalcon]

http://blog.quarkslab.com/ida-processor-module.html