http://www.h4ck.org.cn/2011/11/vs2010-idasdk6-2-ida-plugin-development/
1. 执行菜单的File->New->Project… (Ctrl-Shift-N)打开新建工程窗口。
2. 展开左侧的Visual C++项目模板分支,然后选择右侧的Win32 Project条目,输入工程名称,然后点击确定。
3. 在Win32Application Wizard先到出现之后,点击左侧的Application Settings连接,
在设置界面勾选 DLL 选项,然后选择 Empty Project,点击完成按钮退出向导。
4. 在左侧的解决方案浏览器中,点击源文件,执行添加,新建项添加新的源文件。
5. 选择 C++ 文件模板,输入文件名称然后点击添加按钮添加此文件。
6. 修改项目属性。 在左上方的配置下拉框中选择Release; 修改属性
常规 将目标文件扩展名修改为.plw
C/C++->常规 附加包含目录添加ida sdk include目录,例如C:IDA64IDASDK64Include
C/C++->预处理器,添加__NT__;__IDP__字段到预处理器定义中。
C/C++->代码生成,关闭缓冲区安全检查,将基本运行时检查设为默认,将运行库设置为多线程(MT)
C/C++->高级,将调用约定修改为__stdcall (/Gz)
连接器->常规,将输出文件修改为ida插件目录,例如 C:IDA64plugins$(TargetName)$(TargetExt)
连接器->输入,将 ida.lib 添加到附加依赖项中。C:IDA64idasdk64libx86_win_vc_32ida.lib
连接器->调试,生成调试信息设置为否 连接器->命令行添加/EXPORT:PLUGIN
生成事件->后期生成事件,将ida添加到命令行中一边每次生成之后启动加载插件运行(可以不设置)
所有配置完成时候点击保存然后关闭设置窗口,在顶部的配置栏中选择release,即可。
下面就可以开始写代码和进行测试了,这里有一个简单的插件模板,再次基础上完善即可创建一个新的插件:
#include <ida.hpp> #include <idp.hpp> #include <loader.hpp> int __stdcall IDAP_init ( void ) { // Do checks here to ensure your plug-in is being used within // an environment it was written for. Return PLUGIN_SKIP if the // checks fail, otherwise return PLUGIN_KEEP. return ( PLUGIN.flags & PLUGIN_UNL ) ? PLUGIN_OK : PLUGIN_KEEP; } void __stdcall IDAP_term ( void ) { // Stuff to do when exiting, generally you'd put any sort // of clean-up jobs here. return; } // The plugin can be passed an integer argument from the plugins.cfg // file. This can be useful when you want the one plug-in to do // something different depending on the hot-key pressed or menu // item selected. void __stdcall IDAP_run ( int arg ) { // The "meat" of your plug-in msg ( "Hello world By obaby! " ); msg ( "This is My first IDA Plugin! " ); msg ( "Plugin templete Created by Steve Micallef! " ); msg ( "Thx for his Great Works! " ); return; } // There isn't much use for these yet, but I set them anyway. char IDAP_comment[] = "This is my test plug-in"; char IDAP_help[] = "My plugin"; // The name of the plug-in displayed in the Edit->Plugins menu. It can // be overridden in the user's plugins.cfg file. char IDAP_name[] = "My plugin"; // The hot-key the user can use to run your plug-in. char IDAP_hotkey[] = "Ctrl-Alt-X"; // The all-important exported PLUGIN object plugin_t PLUGIN = { IDP_INTERFACE_VERSION, // IDA version plug-in is written for PLUGIN_UNL, // Flags (see below) IDAP_init, // Initialisation function IDAP_term, // Clean-up function IDAP_run, // Main plug-in body IDAP_comment, // Comment unused IDAP_help, // As above unused IDAP_name, // Plug-in name shown in IDAP_hotkey // Hot key to run the plug-in };