cave.idc

cave.idc

// cave.idc : An IDA IDC script to find alignment blocks
// (also called 'code cave') in an IDA database.
// Useful when you need to add code to a binary file
// Say for example you found an exploitable bug in a program
// and you don't want to wait for the developer to provide a bugfix,
// you can add your own code to the alignment block in order to manually
// fix the bug.

// Code by trapflag
// bugfixed by death

#include <idc.idc>

class myplugin_t
{
	myplugin_t()
	{
		this.flags = 0;
		this.comment = "Find alignment blocks";
		this.help = "Find alignment blocks";
		this.wanted_name = "Find alignment blocks";
		this.wanted_hotkey = "";
	}

	init()
	{
		return PLUGIN_OK;
	}

	run(arg)
	{
		auto ea, cont, x, nBlocks, nSize, nMinSize, sUser, nUser;

		Message("\ncave.idc v1.02 by trapflag\n--------------------------\n");
		Message("Waiting for auto-analysis to finish... ");
		Wait();
		Message("ok.\n");

		sUser = AskStr("0","Enter minimum size (in bytes) of alignment blocks to find");

		if(sUser == 0)
		{
			Message("Cancelled.\n");
			return;
		}

		nMinSize = atol(sUser);
		Message("Alignment block minimum size: %ld bytes.\n", nMinSize);
		
		ea = FirstSeg();
		cont = 1;
		x = 0;
		nUser = 0;

		Message("\nPossible alignment blocks:\n");
		while (cont==1)
		{
			ea = FindText(ea, SEARCH_DOWN, 0, 0, "align ");
			if (ea == x)
			{
				cont = -1;
				break;
			}
			x = ea;
			if( ea == -1)
			{
				Message("No more hits");
				break;
			}
			nBlocks++;
			nSize = ItemSize(ea);

			if(nSize >= nMinSize)
			{
				nUser++;
				Message("%s\t%ld\tbytes\n", atoa(ea), nSize);
			}
			ea = ea + nSize;
		}
		Message("\n%ld / %ld total alignment blocks match the minimum size of %ld.\n", nUser, nBlocks, nMinSize);
	}

	term() {}
}

static PLUGIN_ENTRY()
{
	return myplugin_t();
}