Want to Join Us ?

you'll be able to discuss, share and send private messages.

ida pro plugin labeless, sync IDA with OllyDbg by a1ext

Discussion in 'Plugins' started by storm shadow, Oct 7, 2015.

Share This Page

  1. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Can you test this build?
     
    m4n0w4r and computerline like this.
  2. computerline

    Well-Known Member Ida Pro Expert

    It good now, no dump file is created :)
     
  3. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Thank you :)
    Can you help me with IDA 6.9 bug hunting ? Do you have an IDA 6.9?
     
    computerline likes this.
  4. computerline

    Well-Known Member Ida Pro Expert

    I don't have 6.9, I could only check in 6.8 version :)
     
  5. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Ok, thank you :)
     
    computerline likes this.
  6. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    if you build the build as debug.

    then load crash dump in windbg.

    first
    Code (Text):
    !analyze -v
    then exeption record

    Code (Text):
    .ecxr
    then
    stack trace of the crash
    Code (Text):
    kb
    when crash dump is debug it will jump strait to source code and line where the error is.
    remember to put pdb file from build in same folder as dump
     
    computerline likes this.
  7. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    IDA crashes inside Qt5Core.dll/Qt5Gui.dll near QFontCache interaction when labeless plugin is currently unloaded from memory.
     
  8. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Maybe runtime error. Ida 6.98 use vs2010
    Ida 6.9 needs vs2015.
    And the same for Qt build.
    So you cant use the same for both build.
     
    Last edited: Dec 28, 2015
  9. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Yes, I know.
    I spent weekend on that. Qt 5.4.1 isn't support msvc2015 out of the box. I made some changes in mkspec and in configurator tool to build it.
    I noticed, IDA crashes only if I open view with custom text edit (I written one for syntax highlighing & auto-completion).
    I have one idea why that is appears - may be Qt5 built incorrectly. I asked hex-rays support about Qt configuration instructions.
    I hope I fix that before my support plan get expired (31.12.2015), lol.
     
    computerline likes this.
  10. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Im pretty sure it is the runtime.

    text box uses lowlevel code when usin auto completion.there for it crash.Also computerline got acces violation in hes dump.

    but basiclly you have to rebuild everything with QT namespace.
    http://www.techbliss.org/threads/ida-pro-ultimate-qt-build-guide-by-storm-shadow.762/ jump to chapter "Building windows QT"
    in your readme
    you build a minimalistic build of QT,
    Code (Text):
    -no-webkit -opensource -no-qt3support -no-phonon -no-phonon-backend -opengl desktop -nomake demos -nomake examples -nomake tools -no-script -no-scripttools -no-declarative -qtnamespace QT
    that is a very bad idea since you proberly run in to some problems after
    better to build a full package.
    but you should use newest Qt5 http://download.qt.io/official_releases/qt/5.5/5.5.1/ wich is for vs 2015
    also if the code on github the latest i can build it for 6.8
     
    Last edited: Dec 28, 2015
  11. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    No, I should use Qt5 version on which built IDA PRO 6.9 (5.4.1). Your instruction here is deprected :(
    @computerline got access violation in IDA 6.8 because of another bug, these two bugs are not related.
     
  12. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    newer qt version always have backward compatility.
     
  13. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Hmmm... I'll try to make pluging with latest version, let's check that :). Thanks
     
    m4n0w4r likes this.
  14. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    So, there is a problem.
    • I tried to build Labeless with Qt 5.5.1 - linking with IDA SDK's Qt5* libraries and have the following linker errors:
      Code (Text):
       link /NOLOGO /DYNAMICBASE /NXCOMPAT /INCREMENTAL:NO /DEBUG /INCREMENTAL:NO /DLL /SUBSYSTEM:WINDOWS /OUT:..\..\labeless_qmake\bin\labeless_ida_690.plw @C:\Windows\Temp\nmAE61.tmp
         Creating library ..\..\labeless_qmake\bin\labeless_ida_690.lib and object ..\..\labeless_qmake\bin\labeless_ida_690.exp
      choosememorydialog.obj : error LNK2019: unresolved external symbol "__declspec(dllimport) public: class QT::QString __thiscall QT::QString::toUpper(void)const & " (__imp_?toUpper@QString@QT@@QGBE?AV12@XZ) referenced in function "class QT::QString __cdecl `anonymous namespace'::ollyStyleFormatHex(unsigned long)" (?ollyStyleFormatHex@?A0x45c3efd8@@YA?AVQString@QT@@K@Z)
      pyollyview.obj : error LNK2019: unresolved external symbol "__declspec(dllimport) public: class QT::QString __thiscall QT::QString::toLower(void)&& " (__imp_?toLower@QString@QT@@QHAE?AV12@XZ) referenced in function "public: void __thiscall PyOllyView::onColorSchemeChanged(void)" (?onColorSchemeChanged@PyOllyView@@QAEXXZ)
      pythonpalettemanager.obj : error LNK2001: unresolved external symbol "__declspec(dllimport) public: class QT::QString __thiscall QT::QString::toLower(void)&& " (__imp_?toLower@QString@QT@@QHAE?AV12@XZ)
      settingsdialog.obj : error LNK2019: unresolved external symbol "__declspec(dllimport) public: class QT::QString __thiscall QT::QString::toUpper(void)&& " (__imp_?toUpper@QString@QT@@QHAE?AV12@XZ) referenced in function "public: __thiscall SettingsDialog::SettingsDialog(struct Settings const &,unsigned int,class QT::QWidget *)" (??0SettingsDialog@@QAE@ABUSettings@@IPAVQWidget@QT@@@Z)
      settingsdialog.obj : error LNK2019: unresolved external symbol "__declspec(dllimport) public: class QT::QString __thiscall QT::QString::trimmed(void)&& " (__imp_?trimmed@QString@QT@@QHAE?AV12@XZ) referenced in function "public: __thiscall SettingsDialog::SettingsDialog(struct Settings const &,unsigned int,class QT::QWidget *)" (??0SettingsDialog@@QAE@ABUSettings@@IPAVQWidget@QT@@@Z)
      ..\..\labeless_qmake\bin\labeless_ida_690.plw : fatal error LNK1120: 4 unresolved externals
    • The second try is to link with Qt 5.5.1's libraries, then i have missing imports:
      [​IMG]
    :(
     
    computerline likes this.
  15. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    I never link with sdk qt libs, always error.link with rebuilded Qt libs insted.
     
  16. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Above i have mentioned your case, i tried that. See the second step.
    May be, this solution will work if I replace dll's in IDA home. But this isn't right. This will decrease whole IDA stability (if I require usage of my dll's instead of dll's provided with IDA).
     
  17. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    but did you rebuild Qt5 5.1 with Qt namspace els you defently would get a error when building .

    you have error on namespace.

    class QT::QString __cdecl `anonymous namespace'
     
  18. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    I was built Qt 5.5.1 succesfully. These linker errors are from labeless.
    Dont worry, the support of hex-rays answered me, they have slightly patched Qt 5.4.1 (they are changed ABI (added some virtual method somewhere) and from that I have crashes). I'll rebuild the Qt 5.4.1 with patch provided by support and re-chech is IDA still crashes.
    Thanks
     
    storm shadow likes this.
  19. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Glad you got it working.
    on 6.8 i had one crash yesterday , however today i cannot reproduce it.Working like a charm.:)
     
  20. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Thanks, let me know if you get some crash information or instructions on how to reproduce it.
     
Top