ida-pro-loadmap icon indicating copy to clipboard operation
ida-pro-loadmap copied to clipboard

Published 20 hours ago verified publisher icon mefistotelis

Plugin displays 'init' and immediatelly terminates

Open neobenedict opened this issue 4 years ago • 7 comments

Plugin immediately terminates

LoadMap: Plugin v1.3 init.

LoadMap: Plugin v1.3 terminate.

neobenedict avatar Dec 18 '20 01:12 neobenedict

It does work on IDA 7.5. The format of your file is probably unsupported. You can force the plugin to init anyway by modifying this, or by patching the dll with IDA: 0x018000153B: EB 20

Then it should appear in Edit → Plugins. Remember to hold SHIFT. It works fine with Xbox .XBE files.

nastys avatar Jan 26 '21 02:01 nastys

The restriction on file type should be lifted I guess. It makes little sense to restrict access to the plugin; if a user wants it, it should be always there.

mefistotelis avatar Jan 26 '21 10:01 mefistotelis

That's just it @mefistotelis This offset I cannot find. At all. There's no reference to it anywhere. 0x018000153B doesn't exist. My IDA: Loads: 0x00000000 If I had a Hex pattern certainly I could find it, I only have a 32-bit copy. I don't like 64-bit as I never use it.

TempAccountNull avatar Mar 11 '21 21:03 TempAccountNull

You seem to describe different problem that the one discussed in this issue.

The 'terminate' issue should be solved by removing the file type check I recently modified.

mefistotelis avatar Mar 11 '21 21:03 mefistotelis

You seem to describe different problem that the one discussed in this issue.

The 'terminate' issue should be solved by removing the file type check I recently modified.

I am aware of this, but, I would like the hex pattern as I cannot jump to that particular offset as I don't have 64-bit. Mine reads differently anyways.

TempAccountNull avatar Mar 11 '21 21:03 TempAccountNull

You seem to describe different problem that the one discussed in this issue. The 'terminate' issue should be solved by removing the file type check I recently modified.

I am aware of this, but, I would like the hex pattern as I cannot jump to that particular offset as I don't have 64-bit. Mine reads differently anyways.

To go off my previous statement, I sucked it up and had 64-bit installed again and me and my buddy got to work.

For v.1.1 (but, should work on any version).

Left the pattern below.

INSTRUCTIONS

Patch the following offset: 0x69FC14D7 with a 0x90 0x90 (nop nop instruction).

To find the instruction in another version, simply open hxd, press CTRL + f, switch to hex and search: EB 05 B8 00 00 00 00 C9 C3 55 89 E5 53 81 EC D4

Should jump to offset: 000008D7-000008D8 patch with 90 90. (nop nop) and save. image

To ensure it's patched correctly, and the patched instruction to completely remove the filetype switch terminate.. it will look like. 90 90 B8 00 00 00 00 C9 C3 55 89 E5 53 81 EC D4 //to only return init.

//To really patch the switch completely out to only return. B8 02 00 00 00 90 90 B8 00 00 00 00 C9 C3 55 89

IDA view (Left unpatched / Right patched) image

Note: This method will fail, if you do not ensure to patch out the switch entirely when working with other file types otherwise you'll still terminate.

TempAccountNull avatar Mar 12 '21 19:03 TempAccountNull

There's something ironic about using IDA to patch an IDA plugin... unfortunately, very few people have access to the IDA SDK, so we are forced to use such methods, as the plugin cannot be recompiled.

neobenedict avatar Mar 12 '21 19:03 neobenedict

I believe with this commit, all the possible files are supported: https://github.com/mefistotelis/ida-pro-loadmap/commit/78f381b6bf4158e8b41a31545b89c64bfbc99170

If not - another issue can be created.

mefistotelis avatar Oct 24 '23 09:10 mefistotelis