So I learnt about a thing in IDA pro called Appcall which allows you to call a function you have defined *Which can be done with N*
You have to pause in debugger before using this.
I found a function called it GetMessageFromID it was a this call with 1 argument So I needed to know the pointer. I breakpointed it and got it called once then put the argument in and it worked as expected. I got back an address.
I thought this is good but I want to see the string.
In IDC you can use
GetMessageFromID(0x00A59000,1)
In Python
Appcall.GetMessageFromID(0x00A59000,1)
A loop in python printing out the String value :)
for x in xrange(0,1000):print GetString(Appcall.GetMessageFromID(0x00A59000,x))
Just printing out a string
print GetString(Appcall.GetMessageFromID(0x00A59000,10))
Also we can use javascript as a scripting language which is much nicer than python and quite similar to IDC.
http://www.hexblog.com/?p=101
I am installing it now hopefully it works great for me coding unpackers or bypassers or helper functions in js seems quite good.
Ah just what I was looking for.
ReplyDeleteBtw the js did not work and no future updates of it have been published from what I can tell. But executing a function and getting result is great :D.
ReplyDelete