The unispector

How do you spell “I love you” in Greek?…


In IDA Pro you can create unicode strings. They are displayed nicely in the listing as long as they use the Latin script:

But any unicode string with Kanji characters, Cyrillic, or any other non-trivial script the listing looks gibberish:

This is not much better than a hexadecimal dump. Alas, IDA can not display non-Latin unicode characters in the listing.
I created a sample program to illustrate the point. It displays “I love you” in many languages. Please note that the language selection is somewhat arbitrary :) Some of the phrases were found in forums. Many phrases were copied from this great site.
Here is how the program looks on the screen:

(please tell me if you find any errors in the text)
What our plugin will do: it will retrieve the current unicode string from the database and display it on the screen. Very simple, isn’t it? Since IDA API can not be used, we will have to create our own window with an edit control and will display the string there. We will use regular Windows functions like CreateWindow and SetWindowText to display the string. The plugin and its source code can be downloaded here.
Here is the result of the plugin:

When we move the cursor from one string to another, the window contents are refreshed:

In the ideal world the string contents would be displayed right in the listing and our plugin would not be necessary. This is a possible future improvement for IDA but it is quite laborious to add true unicode support (please do not hold your breath).
The same idea can be used for many other things. A plugin could display, for example, PE files resources and render bitmaps or dialog boxes in a dedicated window. We could also use a window to display graphs or charts of any type. Or we could open a window and display the result of our own analysis, say, in the spectral form :)
While this plugin uses bare Windows API, I’m sure that the MFC library as well as .Net (or Java based interface) can be used too. There are so many things one can do with a plugin!
Here are the source files and binaries:
Sample file
Unispector plugin

This entry was posted in IDA Pro. Bookmark the permalink.

9 Responses to The unispector

  1. quasar says:

    “I love you” in polish should be “Kocham Cię”

  2. ilfak says:

    Thank you, will correct the program!

  3. bart says:

    quasar kocha ilfaka lol :P, co z wlazidupstwo

  4. tim says:

    While “te amo” does mean “I love you” in Spanish, “te quiero” is more common and closer to the sense of the English “I love you”. You would never say “te amo” to your parents, for example. It’s very formal and only used with lovers.

  5. capi says:

    “Te amo” is “I love you” as said between husband and wife. Love as in the real thing, “in love”.
    “Te quiero” is somewhere between “I like you” and “I love you”; what one would say to a family member (e.g. father to a son), or to some girl you don’t really “love” as in forever and ever “in love”.
    Incidentally, if you want to add it in portuguese: “amo-te”

  6. In Vietnamese, a man would say “Anh yêu em” to his girlfriend. But the gf would say “Em yêu anh” back.

  7. ohio usa says:

    Thank you very much for contributing the wmf 0day patch.

  8. none says:

    in german it’s “Ich liebe dich” not “Ich liebe Dich”.

  9. ilfak says:

    Thank you all for the corrections! I updated the program.