import subprocess
import sys
import idaapi
from win32clipboard import *
import win32api
# http://sourceforge.net/projects/pywin32/files/pywin32/
# NOTE Older version of IDA will crash if the child process of dexplorer.exe is not closed before closing out IDA.
# The newer version of IDA will crash if subprocess.call(cmd) is used.
# Usage load the python script, highlight the API, CTRL-C, then ALT-Z, Offline MSDN
# The API name has to be exact: GetAtomName corrent, GetAtomNameA Error
def lz_msdn():
#Right click on Windows SDK Documentaion > Properties > Open File Location.
dexplore_path = r'"C:\Program Files (x86)\Common Files\microsoft shared\Help 9\dexplore.exe"'
#Open up dexplore.exe search for a random API, the url above the function title will have the namespace
#Example ms-help://MS.W7SDK.1033/MS.W7SDKCOM.1033/dllproc/base/getprocaddress.htm, copy from "://" to '/'
namespace = "MS.W7SDK.1033/"
#Copy the contents of the clipboard
OpenClipboard()
api = GetClipboardData(win32con.CF_TEXT) # get clipboard data
CloseClipboard()
#Create dexplore cmd line
cmd = dexplore_path + " " + "/helpcol ms-help://" + namespace + " " + "/LaunchFKeywordTopic" + " " + '"' + api + '"'
subprocess.Popen(cmd)
print cmd
if __name__ == '__main__':
if sys.platform == 'win32':
from win32clipboard import *
import win32gui, win32con
idaapi.CompileLine('static altz() { RunPythonStatement("lz_msdn()"); }')
AddHotkey("alt+z", 'altz')
IDA MSDN Local Lookup
Most of my reverse engineering is done offline. Having the Windows SDK Document Explorer (aka dexplorer.exe) installed is extremely helpful. Even when I'm online I prefer it over the MSDN library. Below is a python script I created so I can see the reference to an API in two clicks. The QT version of IDA has a tendency to add junk data to the copied string. I use the old version rather than the QT. Use at your own risk.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment