RubLib 0.03
Here comes RubLib 0.03, everybody's favourite high-level Ruby library for writing IDA scripts. RubLib grew from 88 methods to 125 methods since version 0.02. The most significant addition is probably that users have access to the sections of a file now. Lots of other smaller things were added too.
I've even begun to write an actual manual for RubLib. Here it is. Make sure to check out the examples section. The entire RubLib API documentation can now be accessed online too (check the end of the manual).
Comments
Display comments as Linear | Threaded
Ero Carrera on :
http://www.metasploit.com/users/spoonm/idarub/
sp on :
Raindog on :
1. How can I iterate though bytes in an instruction (line).
2. Why are instructions of a function called lines instead of instructions.
3. Would be nice to have the following hierarchy:
File contains Segments, segments contain functions and data, functions contain instructions, instructions are made up of series of bytes and can frequently have operands.
Currently it's File -> Functions -> Line -> (mnemonic and disasm)
4. I don't think line should inherit offset, it should contain an offset -> instruction hash table.
5. Instructions should also contain offsets, a start and an end.
I know that ruby is supposed dramatically shorten some coding lines, but I don't think it makes sense to for example disjoin segments from file in favor of functions. You might have a lot of nested loops for iterating over everything but I think that makes less sense to favor iterating a particular type of value over another.
sp on :
thanks for your feedback.
1 and 5. Add the following code to class Line: http://www.the-interweb.com/bdump/ida/rublib/patch1.txt
Start is called "offset". Maybe I'm going to rename that.
2. I'm not totally sure but I think it's because I started with get_disasm_line and called mnemonics instructions first. I'm going to change the name of class Line to class Instruction in the next release.
3. I'm more of a fan of file => function because I don't use segments very often. It is however possible to add code to the Segment class so that you can iterate over all functions of a segment. The user could then choose if he prefers file => function or file => segment => function.
If you want file => function: file[0]
If you want file => segment => function: file.segments[0]
4. Can you elaborate on that please?
Raindog on :
Hence it should be:
class Instruction
@start_offset
@end_offset
def get_bytes
#stuff to get bytes of instruction
end
end
sp on :