MSDN data doesn't have constant values

Question

MSDN data doesn't have constant values

fubuki8087 opened this issue 6 years ago · comments

I cannot use your script to generate the xml file (MSDN data) successfully because "Windows Software
Development Kit (SDK) for Windows 7 and .NET Framework 3.5 Service Pack 1" was unavailable in Microsoft website years ago. So I straightly used the xml file you provided in

https://github.com/mr-tz/flare-ida/blob/master/MSDN_data/msdn_data.zip

But no constant in this xml file has value. So when I execute the script in IDA, no API constant will rename to macro.

This is a part of the xml file:

<constants>
	<constant>
		<name>BFT_NTDS_DATABASE</name>
		<description>The file is an NTDS database file. This file should be copied to the file identified as BFT_NTDS_DATABASE when the data is restored.</description>
	</constant>
	<constant>
		<name>BFT_LOG</name>
		<description>The file is a log file. All log files are copied to the directory identified as BFT_LOG_DIR when the data is restored.</description>
	</constant>
	<constant>
		<name>BFT_PATCH_FILE</name>
		<description>The file is a patch file. All patch files are copied to the directory identified as BFT_CHECKPOINT_DIR when the data is restored.</description>
	</constant>
</constants>

As you can see, all constants only have <name> and <description>. I can't see <value> in all <constant>.

Moritz · Answer 1 · Fri Dec 28 2018 01:22:41 GMT+0800 (China Standard Time)

The script matches up each constant name and IDA Pro's standard enum. So the constant value is not required to rename constants. However, there's other places where the current mechanism can go wrong. Does it really rename no constants (hint: look for debugging output containing the string renaming constant)?

fubuki8087 · Answer 2 · Fri Dec 28 2018 18:16:32 GMT+0800 (China Standard Time)

I cannot see any renaming constant in my IDA Output Window. This is my output:

INFO:__main__:Saving config
INFO:IDB_MSDN_Annotator:Starting script execution
INFO:IDB_MSDN_Annotator:Backing up database to file xxx.idb
Flushing buffers, please wait...ok
INFO:IDB_MSDN_Annotator.xml_parser:Starting parsing G:/IDA 7.0/MSDN_DATA\msdn_data.xml
  4. Creating a new segment  (004144B8-00414CB8) ... ... OK

======================
MSDN Annotator SUMMARY
======================
 Functions not found
 -------------------
  1	RegOpenKeyExA
  2	DragQueryFileA

Enums can be loaded normally. Backup is normal too, and .msdn segment is also added. But no constants will be renamed.
My IDA version is 7.0. Is there anything incompatible?

Moritz · Answer 3 · Sat Dec 29 2018 19:39:45 GMT+0800 (China Standard Time)

It is possible that the constant renaming does not work on the sample you are looking at. Can you try other binaries?

fubuki8087 · Answer 4 · Sun Dec 30 2018 21:54:51 GMT+0800 (China Standard Time)

Every binary I've tried is the same problem.

Moritz · Answer 5 · Wed Jan 09 2019 21:07:12 GMT+0800 (China Standard Time)

I've confirmed the issue in a few tests. Investigating this further will take some time though. If you'd like to help I can provide some pointers.

Moritz · Answer 6 · Thu Jan 10 2019 23:20:30 GMT+0800 (China Standard Time)

During further testing the plugin renamed some constants successfully, e.g. for CreateFile. One issue I've identified is that some enums are named differently between IDA 6.x and 7.x.