ida idc scripts

I use these scripts when disassembling code, it allows you to quickly apply structure to selected area's.
addstrcmt.idc adds referenced strings as comments.
fixobjc.idc processes the objective-C typeinfo, and names methods accordingly
parsersc.idc unfinished - processes resource data
findrel.idc finds PC-relative references, for ARM, ARMthumb and X86
rilgsm.idc unfinished - emulates arm insns
wm.idc adds all windows messages in one large enum
xipstructs.idc helps disassembling windows ce bootloaders
fixframe.idc unfinished: tries to find howmany arguments a function has, and passes to other functions
kernel-structs.idc names all kernel api's in a windows ce kernel

these 6 scripts belong together, if you include hotkeys.idc in ida.idc, and call 'addhotkeys();' from main. all hotkeys described below will automatically be added
hotkeys.idc contains hotkey wrappers for the scripts below
swapinsn.idc exchange 2 instructions, while keeping relative offsets intact
formatdata.idc data formatter, see below
findstrangerefs.idc finds constants changed into offset unintendedly
setdataofs.idc finds offset bases for register relative references.
showrefs.idc dumps lots of information about an address

keys added by hotkeys.idc:

Shift-I_idc0 repeat last manual idc script
Shift-HHK_Help show help + info (like xrefs and flags) on current line
Shift-CHK_Code covert selection to code
Shift-OHK_Offset convert selection to offsets, also correctly handling Thumb offsets ( which have bit0 set )
Shift-GHK_Guid convert current data to a GUID
Shift-AHK_String_mixed detect and convert to string, unicode and ascii strings
Shift-DHK_Dwords convert to dwords
Shift-PHK_ParsePdata process the .pdata section, and update function definitions accordingly
Shift-FFixFunctions change function bounds to include constant pools, this makes it easier to see where data is referenced from
Shift-Rfindstrange find incorrect offsets ( like off_20000, when an immediate was intended )
Shift-Usummarize_unk group all unknown data
Shift-XHK_ExchangeUp rotate selected instruction range up
Shift-YHK_ExchangeDown rotate selected instruction range down
Shift-VHK_setregofs try to find the value of the current REG+ofs expression
Shift-THK_setthis assumes the function is named like TYPE_methodname, and a struct 'struc_TYPE' exists. then it traces where R0 ends up, and creates struc_TYPE fields, and new TYPE_methodname functions accordingly

data formatter

format specifiers

opointer to data
spointer to ascii string
spointer to unicode string
cpointer to code
ppointer to proc ( function )
A[N]fixed length or zero terminated ascii or unicode string
a[N]ascii string
l[N]align dword, or N: align 1<<N


scans selected area for unicode or ascii strings, converts remaining bytes to 'align' directives'
creates table with 4 ascii chars, dword, code ref, 3 dwords.
creates table with 4 ascii chars, dword, code ref, an array of 3 dwords.