Ok finally the undefined bytes are supported in the definition of the structure also.
But i2s will still complain on structures with 0 defined variables.

So what is so special about this?
Well. Because of this I could also support variable length structures.
I2S now automatically detects the last variable length so that in SIce you can also see it as if it was a normal variable.

Now this was not so easy to do as I had to fix reentrant procedures. Well they are not a simple reentrant
procedures, but reenter the procedure from different layers and from different places of i2s.
Now because of this I could break something. I have done some tests, but thee is no way I could do them all.
So if you get any strange behaviour with regards of structures (like structures, local variables, registers),
please let me know.

http://mostek.subcultural.com/IDA/ida2sice_406.rar

Nice work, as always.

Thank you Mostek for your continued development of this invaluable plugin. I was wondering if there were any issues to be aware of or if anyone else has a problem, when using it for driver symbols. I have no problems with a user app, but with a kernel driver the 12s produced .nms file seems not to be fully incorporated into Softice by default.

Softice *does* import the nms file symbols and section offsets, as shown by SYM, but the actual addresses don't seem to be calculated. So the symbols are never really translated into the code. However, if I then load into Softice the .nms file produced from the debug version of the MS VisualC++ code, and *then reload* the I2s-produced .nms file, the addresses displayed by SYM are now correct, and the symbols are correctly displayed from the I2s file.

I may be doing something awry, but an example from a small skeleton driver I created:

Disassembling a release version of the driver in IDA, I first created the nms file from I2s and loaded it into Softice, then I loaded the driver, which had an embedded Int3 written in DriverEntry so I would break in context. The SYM command showed the proper symbols and offsets, but note that they are section *offsets*, not full addresses. It's as if the base address is not recognized and taken into account during the translation. I'll show partial output to try to illustrate.


After loading the MS VisualC++ debug source nms file:


After reloading the I2s produced nms file. Addresses now in context:


Any idea how to make sure the symbols are correctly translated, or could this be a driver specific problem which needs looking into?

Regards,
Kayaker

Oh well, easy fix. As some may have experienced, use of the SYMLOC command is necessary to relocate the symbol base for driver applications, or other situations. For reference:

Usage (symbols loaded):

symloc <section-number> <selector> <linear-address>

section-number - For 32-bit tables only. PE file 1 based section-number.
selector - For 32-bit tables only. Protected mode selector.
linear-address - For 32-bit tables only. Base address of the section.


Get the section addresses from MAP32:

:map32 skeletondriver
Owner Obj Name Obj# Address Size Type
SkeletonDr.text 0001 0008:F39F8280 0000018E CODE RO
SkeletonDr.data 0002 0023:F39F8480 00000004 IDATA RW
SkeletonDrINIT 0003 0008:F39F8500 0000017C CODE RW
SkeletonDr.reloc 0004 0023:F39F8680 0000003A IDATA RO

Set symbol base for sections 1 and 3 (.text and .INIT):

:symloc 1 08 f39f8280
:symloc 3 08 f39f8500

The correct symbols should be immediately visible in Softice. Will be necessary to relocate the symbol base each time the driver is loaded.

This doesn't really explain why Softice correctly translates the *full source* nms file without the use of SYMLOC, there must be some other factor involved. The manual symloc translation is only required when using the IDA created I2s nms file. Hardly a problem though, all is good.

Kayaker