Reversing It Out
November 17th, 2007, 17:04
Today I was playing a bit with Breplibot/D and stumbled across the simple XOR routine that shields strings from being seens by just looking at the binary code:
http://img226.imageshack.us/img226/8611/explicatorvsbpbotd4dx.jpg ("http://img226.imageshack.us/img226/8611/explicatorvsbpbotd4dx.jpg")
Implementing a script to mimic this stuff is quite simple, so I decided to write it (without the inlined strlen). After a while, I got really bored of using the "load IDC file" command and the recently used IDC scripts. Also, a generic XOR script could be useful in several other situations, so I decided to add my code to the standard IDC set.
Even if it may seems an hard task, this is actually REALLY easy stuff, you just have to add the IDC function to the "ida.idc" script, that gets executed when IDA boots-up. If you do this, you will be able to just use the implemented function as every other IDC command.
http://reversingitout.blogspot.com/2006/03/adding-idc-commands-to-out-of-box-set.html
http://img226.imageshack.us/img226/8611/explicatorvsbpbotd4dx.jpg ("http://img226.imageshack.us/img226/8611/explicatorvsbpbotd4dx.jpg")
Implementing a script to mimic this stuff is quite simple, so I decided to write it (without the inlined strlen). After a while, I got really bored of using the "load IDC file" command and the recently used IDC scripts. Also, a generic XOR script could be useful in several other situations, so I decided to add my code to the standard IDC set.
Even if it may seems an hard task, this is actually REALLY easy stuff, you just have to add the IDC function to the "ida.idc" script, that gets executed when IDA boots-up. If you do this, you will be able to just use the implemented function as every other IDC command.
http://reversingitout.blogspot.com/2006/03/adding-idc-commands-to-out-of-box-set.html