Quote:
Originally Posted by cypher
I tried that before but its not working because of the way the SDK calls the attach function (forwarder to callui(ui_dbg_attach_process..) = same as entering AttachProcess(pid,-1) in the cmd line), you first need to open a IDB in IDA and then you can attach to any process.
Also make sure you select proper debugger engine in that combobox before ! You CANT attach without opened IDB like IDA can Menu->Debugger->Attach
|
Yeah thats damn wierd , only shows after load of file.
Plugin is shown in start off ida when no file is loaded.
Got attach proccess box up, and ecerything but nothing to attach.
put in pluginfolder
Zullu.py
Code:
import re
import idaapi
import idc
from idc import *
from idaapi import *
import idautils
class Sculla(idaapi.plugin_t):
flags = idaapi.PLUGIN_PROC | idaapi.PLUGIN_FIX
comment = "This is a comment"
help = "Sculla"
wanted_name = "Sculla"
wanted_hotkey = "Alt-F7"
def init(self):
idaapi.msg("Sculla located")
return idaapi.PLUGIN_OK
def run(self, arg):
idaapi.msg("run() called with %d!\n" % arg)
def term(self):
idaapi.msg("")
def run(self, arg = 0):
import idc
idc.LoadDebugger("windbg", 1)
idc.SetProcessorType('metapc', SETPROC_USER) #force cpu
idaapi.load_and_run_plugin("windbg_user.plw", 0) #force
idc.LoadDebugger("wingdbg", 1)
idc.AttachProcess(-1, idaapi.PROCESS_ATTACH)
def PLUGIN_ENTRY():
return Sculla()
Now im getting stubern
i did however get it to show pids adding the code to spu processor and load file, so its maybe not save database independent.
its enoufgh with *.d0 and *.d1 (temp database), or the processor_t that tells it to load a file.
So if you can somehow create the temp databse when attaching it should work. Well i think
EDIT!
actuelly they are there but got no names , since i didnt got the pid names.
Got errot that database is only 16 bits, when using plugin.
proberly need GetProcessPid(idx) and GetProcessName(idx)
And tell pluginbits 32 bit.