Search the Community
Showing results for tags 'findfunc:'.
-
FindFunc is an IDA PRO plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. This is not a competitor to tools like Diaphora or BinNavi, but it is ideal to find a known function in a new binary for cases where classical bindiffing fails. Filtering with Rules The main functionality of FindFunc is letting the user specify a set of “Rules” or constraints that a code function in IDA PRO has to satisfy. FF will then find and list all functions that satisfy ALL rules (so currently all Rules are in an AND-conjunction). Exception: Rules can be “inverted” to be negative matches. Such rules thus conform to “AND NOT”. FF will schedule the rules in a smart order to minimize processing time. Feature overview: Currently, 6 Rules are available, see below Code matching respects Addressing-Size-Prefix and Operand-Size-Prefix Aware of function chunks Smart scheduling of rules for performance Saving/Loading rules from/to file in simple ascii format Several independent Tabs for experimentation Copying rules between Tabs via clipboard (same format as a file format) Advanced copying of instruction bytes (all, opcodes only, all except immediate) Button “Search Functions” clears existing results and starts a fresh search, “Refine Results” considers only results of the previous search. Advanced Binary Copying A secondary feature of FF is the option to copy binary representation of instructions with the following options: copy all -> copy all bytes to the clipboard copy without immediate -> blank out (AA ?? BB) any immediate values in the instruction bytes opcode only -> will blank out everything except the actual opcode(s) of the instruction (and prefixes) [hide][Hidden Content]]