« On batch analysis | Main | Very simple custom viewer »

Dynamic coloring

IDA v5.1 introduces the notion of dynamic colors. Plugins can install a callback which dynamically calculates colors and provides them to the user interface. In the previous versions of IDA plugins were forced to change the item color in the database thus overwriting any user-defined colors. The new IDA makes it possible to calculate colors on the fly.

Another news is that the navigation band colors are dynamic too. Just install a colorizer for the navigation band using the ui_set_nav_colorizer event and IDA will ask your plugin to supply item colors.

Plugins can also provide their own hints (on the mouse hovering) instead of the default hints displayed by IDA. There are even several different hint callbacks: they differ in complexity. You can start with simple get_ea_hint for single line hints, then switch to ui_get_item_hint for multiline hints and finally you can use the ui_get_custom_viewer_hint event for hints in any customazible window.

The last event belongs to the group of custom_viewer events. This group can be used to create and display a window like the disassembly window (colored lines with virtualized access to the data). Some other windows in IDA use custom_viewers: structures and enumerations are two notable examples. Now you can create your own custom windows. The set up is quite complex and will require another post.

Meanwhile enjoy a new plugin which uses the dynamic coloring feature. The plugin is named Olden because it "ages" the listing by modifying the background color of the instruction under the cursor. This way you leave a "trail" after you. I find this plugin especially useful to debug huge applications. It is extremely easy to get lost in the debugged code but with this plugin, you will at least be able to exclaim: "I've been here before!" :)

The plugin works with IDA v5.1. As usual, it comes with full source code:

http://www.hexblog.com/ida_pro/files/olden.zip Have fun! :)

Posted by Ilfak Guilfanov on March 19, 2007 07:02 PM |

Comments

How Ida recognize function boundaries? How methods? only call/ret instructions? function prologue/epilogue? What?

Posted by: David | March 27, 2007 07:34 PM

The algorithm used in IDA is quite complex. It tries to use information from different sources to find out the function boundaries.

Do you have something specific in mind, why do you ask?

Posted by: Ilfak Guilfanov [TypeKey Profile Page] | March 27, 2007 08:29 PM

I'm looking forward to your post on custom viewers! I've just thought about the integration of desquirr into a custom viewer in order to show a decompilation of basic blocks on the fly ;-)

Posted by: Dennis | March 28, 2007 07:34 PM

Because... program obfuscation in calls do IDA crash to reconize function, because this I asked u how IDA recognize. How methods, can I have these information in the site? or no?

Posted by: David | March 29, 2007 04:25 PM

If IDA crashes and you are a legitimate customer, please tell Datarescue about it. Thank you.

Posted by: Ilfak Guilfanov [TypeKey Profile Page] | March 29, 2007 04:31 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Latest news: Hex-Rays decompiler has been released!