Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-06-2021, 11:18
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 378
Rept. Given: 9
Rept. Rcvd 13 Times in 11 Posts
Thanks Given: 19
Thanks Rcvd at 96 Times in 46 Posts
WhoCares Reputation: 13
IDA can't properly deal with RUST strings

RUST strings are not zero-terminated, so there is no delimiter for two strings which are in a consecutive memory region.

RUST compiler/linker puts many constant strings in the ".rodata" segment.

Currently IDA can't properly handle this. It needs to be updated, e.g. adding RUST compiler type(no stable ABI) and RUST string literal type. Or writing some plugins to do this.
__________________
AKA Solomon/blowfish.
Reply With Quote
The Following User Says Thank You to WhoCares For This Useful Post:
tonyweb (07-06-2021)
  #2  
Old 07-07-2021, 11:04
TQN TQN is offline
VIP
 
Join Date: Apr 2003
Location: Vietnam
Posts: 299
Rept. Given: 128
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 81
Thanks Rcvd at 44 Times in 19 Posts
TQN Reputation: 11
You can try with this Rust reversing helper
https://github.com/cha5126568/rust-reversing-helper
Reply With Quote
The Following User Says Thank You to TQN For This Useful Post:
tonyweb (07-07-2021)
  #3  
Old 07-08-2021, 00:28
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 378
Rept. Given: 9
Rept. Rcvd 13 Times in 11 Posts
Thanks Given: 19
Thanks Rcvd at 96 Times in 46 Posts
WhoCares Reputation: 13
thank u for the info.

This python script uses "idaapi.create_strlit(addr, len, get_inf_attr(INF_STRTYPE))" to create string literals.

get_inf_attr(INF_STRTYPE) returns the current string literal type.
But RUST string literal doesn't match any of the known string literal types of IDA.

The string length is hard-coded in a MOV instruction, usually moved to a register like ESI.

Quote:
Originally Posted by TQN View Post
You can try with this Rust reversing helper
https://github.com/cha5126568/rust-reversing-helper
__________________
AKA Solomon/blowfish.
Reply With Quote
The Following 2 Users Say Thank You to WhoCares For This Useful Post:
sh3dow (08-24-2021), tonyweb (07-08-2021)
  #4  
Old 07-08-2021, 10:46
TQN TQN is offline
VIP
 
Join Date: Apr 2003
Location: Vietnam
Posts: 299
Rept. Given: 128
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 81
Thanks Rcvd at 44 Times in 19 Posts
TQN Reputation: 11
Thanks WhoCares
IDA and create_strlit function can create a NON NULL Terminated string.
The len parameter in create_strlit function specifies the length of the string, not necessary to include NULL char
Best regards,
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 15:47.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )