1

In some of my IDA scripts, it would be useful to be able to reason about which variables were stored in which registers at a given place in the program. One example is the following: mov rdx, [rbp+client] mov rax, [rbp+channel] mov rsi, rdx mov rdi, rax call sub_41002D It would be useful if I could deduce that, at the time when sub_41002D is called, rdi contains the variable called "channel" and rsi contains the variable "client".

Is there any IDA scripting feature which allows me to do this, or will I need to roll my own solution? If so, is there a name for what I'm trying to do? Do algorithms for this already exist? Any pointers would be appreciated.

TorbenB
  • 39
  • 1
  • 4
  • There was a user who wanted to do something similar, but not for IDA, a while ago. I'm not aware of anything existing like this for IDA, and the neccesary algorithms and data structures might be a bit complex for IDA's idc language, but my answer to that question might give you some ideas. – Guntram Blohm Oct 29 '15 at 23:13
  • @GuntramBlohm thank you for the pointer. I was planning on using IDAPython. – TorbenB Oct 29 '15 at 23:36

0 Answers0