In this
case, you must not enter any function declarations or #include directives. IDA wraps the
statements that you enter in a main function and executes them, so only statements that
are legal within the body of a function are allowed here. Figure 13-5 shows an example of
the Hello World program implemented using the File | IDC Command.
IDC Script Examples
While there are many IDC functions available that provide access to your IDA databases, a
few functions are relatively essential to know. These provide minimal access to read and
write values in the database, output simple messages, and control the cursor location within
the disassembly view. Byte(addr), Word(addr), and Dword(addr) read 1, 2, and 4 bytes
respectively from the indicated address. PatchByte(addr, val), PatchWord(addr, val), and
Gray Hat Hacking: The Ethical Hacker??™s Handbook
328
PatchDword(addr, val) patch 1, 2, and 4 bytes respectively at the indicated address. Note
that the use of the PatchXXX functions changes only the IDA database; they have no effect
whatsoever on the original program binary. Message(format, ??¦) is similar to the C printf
command, taking a format string and a variable number of arguments, and printing the
result to the IDA message window.
Pages:
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588