Dynamic coloring

IDA v5.1 introduces the notion of dynamic colors. Plugins can install a callback
which dynamically calculates colors and provides them to the user interface.
In the previous versions of IDA plugins were forced to change the item color
in the database thus overwriting any user-defined colors. The new IDA makes it possible
to calculate colors on the fly.

Another news is that the navigation band colors are dynamic too. Just install a
colorizer for the navigation band using the ui_set_nav_colorizer event and
IDA will ask your plugin to supply item colors.

Plugins can also provide their own hints (on the mouse hovering) instead of the default
hints displayed by IDA. There are even several different hint callbacks: they differ
in complexity. You can start with simple get_ea_hint for single line hints,
then switch to ui_get_item_hint for multiline hints and finally
you can use the ui_get_custom_viewer_hint event for hints in any customazible window.

The last event belongs to the group of custom_viewer events. This group can be
used to create and display a window like the disassembly window (colored lines with
virtualized access to the data). Some other windows in IDA use custom_viewers: structures and
enumerations are two notable examples. Now you can create your own custom windows.
The set up is quite complex and will require another post.

Meanwhile enjoy a new plugin which uses the dynamic coloring feature. The plugin is named
Olden because it “ages” the listing by modifying the background color of the instruction
under the cursor. This way you leave a “trail” after you. I find this plugin especially useful
to debug huge applications. It is extremely easy to get lost in the debugged code but
with this plugin, you will at least be able to exclaim: “I’ve been here before!” :)

The plugin works with IDA v5.1. As usual, it comes with full source code:

http://www.hexblog.com/ida_pro/files/olden.zip
Have fun! :)

This entry was posted in IDA Pro. Bookmark the permalink.

7 Responses to Dynamic coloring

  1. David says:

    How Ida recognize function boundaries? How methods? only call/ret instructions? function prologue/epilogue? What?

  2. Ilfak Guilfanov says:

    The algorithm used in IDA is quite complex. It tries to use information from different sources to find out the function boundaries.
    Do you have something specific in mind, why do you ask?

  3. Dennis says:

    I’m looking forward to your post on custom viewers! I’ve just thought about the integration of desquirr into a custom viewer in order to show a decompilation of basic blocks on the fly ;-)

  4. David says:

    Because… program obfuscation in calls do IDA crash to reconize function, because this I asked u how IDA recognize. How methods, can I have these information in the site? or no?

  5. Ilfak Guilfanov says:

    If IDA crashes and you are a legitimate customer, please tell Datarescue about it. Thank you.

  6. Robert Krten says:

    Speaking of plugins and code, I’m trying to write a very simple plugin that allows a user to select a range of addresses and then forces them to be interpreted as code, but I can’t make it work. I’m using auto_mark_range (start, end – 1, AU_CODE); on some data bytes, but it doesn’t work — the bytes remain as bytes, they don’t get converted to code. I know they CAN be converted to code, because as a test I took code and converted it to data (via the “d” key) first :-)

  7. Ilfak Guilfanov says:

    I’d suggest posting a message in our support forum, it is a much better place for such questions, thank you!