looking inside ida
ida-dbdump-080509.zip is a ida plugin which dumps several internal ida structs.
I wrote it as an investigation into extending the IDC script language.
older versions:
interesting finds
these internal idc functions are not documented in the idc.idc file:
GetVxdFuncName(long, long)
-
____()
- ??
DelXML(string)
PushXML(string)
PopXML()
- these functions seem to be used in combination with xslt scripts, to do UI things.
_lpoke(long, long)
_poke(long, long)
- allows you to modify memory in the IDA process space
_peek(long)
- allows you to look at memory in the IDA process space
_call(long)
- allows you to call functions in the IDA process space
_time()
- returns the current time.
I also found that there are several predefined compiled script functions:
_idainit(fnid,a,b)
- { _call(fnid); return 0x111; }
_expr() OR _expr0()
- I assume this is used to evaluate expression entered in various input boxes.
_idc() OR _idc0()
- this name is used for the contents of the shift-f2 - manual script contents.
- note: in ida5.2 this was changed to _idc0
_IDC_CL()
- this name is used for the contents of the idc commandline