I’m happy to tell you that a new build of the decompiler is ready! It introduces new easily accessible commands to manipulate structure pointers. First, a variable can be converted into a structure pointer with one click. Also, new the structure types can be build on the fly by the decompiler. As usual, any type or name can be modified any time. All this makes using the decompiler really agreeable. Please watch a short demo:
I wanted to present you a new plugin today. It was about switch idioms (jump tables). I spent a few hours trying to find a problematic x86 sample file but could not locate anything impressive. All jump tables were nicely recognized. This certainly does not mean that IDA handles them perfectly, but rather that my search methods must be improved.
Anyway, things were going nowhere and I decided to make a micro-break. It really helps to unblock the thought process (sometimes my entire working day consists of innumerable micro-breaks 🙂
Just a small note about the debugger plugins and events. Many users
who try to develop a plugin for the debugger notice that IDA
behaves slightly differently in the notification callbacks than anywhere else.
For example, IDA might claim that EIP points to an address without a segment,
or none of exported names of a loaded DLL are available.