Saturday, August 13, 2011

IDA Pro GUI Plugin "Trivial" Bug

If you are using IDA Pro (probably version > 5.4) plugin template to develop a GUI-based plugin, you'll probably encounter this bug: The GUI of the plugin suddenly vanish after the plugin activated (run() function invoked)

This "trivial" bug manifests if you don't change the default value of the plugin flags in the plugin_t structure.
The default value for the plugin flags is PLUGIN_UNL which means: Unload the plugin immediately after calling 'run'. This flag may be set anytime. The kernel checks it after each call to 'run'. The main purpose of this flag is to ease the debugging of new plugins.. This explanation comes from loader.hpp. Now, to avoid the "suddenly vanishing GUI" bug,
you should change the plugin flag to suit your need. For example:

plugin_t PLUGIN =
PLUGIN_DRAW, // plugin flags

init, // initialize

term, // terminate. this pointer may be NULL.

run, // invoke plugin

comment, // long comment about the plugin
// it could appear in the status line
// or as a hint

help, // multiline help about the plugin

wanted_name, // the preferred short name of the plugin
wanted_hotkey // the preferred hotkey to run the plugin

The PLUGIN_DRAW flag means:

#define PLUGIN_DRAW 0x0002 // IDA should redraw everything after calling
// the plugin

Post a Comment

No comments: