Skip to content

RubLib 0.03

Here comes RubLib 0.03, everybody's favourite high-level Ruby library for writing IDA scripts. RubLib grew from 88 methods to 125 methods since version 0.02. The most significant addition is probably that users have access to the sections of a file now. Lots of other smaller things were added too.

I've even begun to write an actual manual for RubLib. Here it is. Make sure to check out the examples section. The entire RubLib API documentation can now be accessed online too (check the end of the manual).

Download RubLib 0.03

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

Ero Carrera on :

FYI, this sounds pretty much along the lines of Spoonm's IdaRub... (which has some nice tricks like interactive command-line)

http://www.metasploit.com/users/spoonm/idarub/

sp on :

It doesn't just sound like it, RubLib is built upon IdaRub. :-)

Raindog on :

I'm using the plugin right now and have a question:

1. How can I iterate though bytes in an instruction (line).

2. Why are instructions of a function called lines instead of instructions.

3. Would be nice to have the following hierarchy:
File contains Segments, segments contain functions and data, functions contain instructions, instructions are made up of series of bytes and can frequently have operands.

Currently it's File -> Functions -> Line -> (mnemonic and disasm)

4. I don't think line should inherit offset, it should contain an offset -> instruction hash table.

5. Instructions should also contain offsets, a start and an end.


I know that ruby is supposed dramatically shorten some coding lines, but I don't think it makes sense to for example disjoin segments from file in favor of functions. You might have a lot of nested loops for iterating over everything but I think that makes less sense to favor iterating a particular type of value over another.

sp on :

Hi,

thanks for your feedback.

1 and 5. Add the following code to class Line: http://www.the-interweb.com/bdump/ida/rublib/patch1.txt

Start is called "offset". Maybe I'm going to rename that.

2. I'm not totally sure but I think it's because I started with get_disasm_line and called mnemonics instructions first. I'm going to change the name of class Line to class Instruction in the next release.

3. I'm more of a fan of file => function because I don't use segments very often. It is however possible to add code to the Segment class so that you can iterate over all functions of a segment. The user could then choose if he prefers file => function or file => segment => function.

If you want file => function: file[0]
If you want file => segment => function: file.segments[0]

4. Can you elaborate on that please?

Raindog on :

#4. I think that a Line, or Instruction Should not inherit from offset as a line or instruction can contain many offsets.

Hence it should be:

class Instruction
@start_offset
@end_offset
def get_bytes
#stuff to get bytes of instruction
end
end

sp on :

Alright. That makes sense.

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
Form options

Submitted comments will be subject to moderation before being displayed.