[IDA PRO] IDAClang 生成til

目录

• [IDA PRO] IDAClang 生成til
• IDAClang
  • 参数
  • -target 参数
  • -I 包含目录
  • -x 选项来告知 clang 预期的语法
  • 示例
• tilib

[IDA PRO] IDAClang 生成til

IDAClang | Hex-Rays 文档 --- IDAClang | Hex-Rays Docs

ida pro version>=7.7

作为 7.7版本的一部分，IDA 捆绑了一个基于 LLVM 项目的 libclang 库的新 C++ 解析器。

IDAClang

参数

idaclang -h
IDA Type Information Library generator based on libclang.

Usage:

  idaclang <clang args> /path/to/file.h

Where <clang args> can be any argument(s) that you would normally provide to the clang compiler on the command line.

For example:

  idaclang -target x86_64-pc-linux -I/usr/include -DEXAMPLE_MACRO ~/example_header.h

This will create an IDA type library ~/example_header.til containing all the types that libclang parsed in the input source.

This tool also provides extra arguments for configuring the TIL generation. These arguments are given the --idaclang- prefix
so they can be easily separated from the clang arguments:

  --idaclang-tilname <path>     path to resulting output til file
  --idaclang-tildesc <desc>     description of the til file
  --idaclang-macros <path>      path to macrodefs file
  --idaclang-smptrs <list>      semicolon-separated list of smart pointer template names. instances of such templates will be reduced to simple pointers.
  --idaclang-opaqify-objc       convert Objective-C 'SEL' and 'id' types to opaque pointers. this can lead to improved analysis of the disassembly.
  --idaclang-extra-c-mangling   when compiling for C++, also add the C-like mangled name for functions in the symbol table
  --idaclang-parse-static       parse functions with internal linkage
  --idaclang-mangle-format      override clang's name mangling with the given custom format, e.g. "n", "_n", or "n_"
  --idaclang-log-warnings       print all warnings reported by clang
  --idaclang-log-ast            print all AST nodes
  --idaclang-log-macros         print macro definitions
  --idaclang-log-predefined     print predefined macros defined internally by libclang
  --idaclang-log-udts           print a warning if a UDT type doesn't match the type in clang's AST
  --idaclang-log-files          print all files included in the translation unit
  --idaclang-log-argv           print the fully resolved command-line passed to libclang
  --idaclang-log-target         print information about the target platform
  --idaclang-log-all            enable all logging options

-target 参数

Cross-compilation using Clang — Clang 21.0.0git documentation

Target Triple
The basic option is to define the target architecture. For that, use -target <triple>. If you don’t specify the target, CPU names won’t match (since Clang assumes the host triple), and the compilation will go ahead, creating code for the host platform, which will break later on when assembling or linking.

The triple has the general format <arch><sub>-<vendor>-<sys>-<env>, where:
arch = x86_64, i386, arm, thumb, mips, etc.

sub = for ex. on ARM: v5, v6m, v7a, v7m, etc.

vendor = pc, apple, nvidia, ibm, etc.

sys = none, linux, win32, darwin, cuda, etc.

env = eabi, gnu, android, macho, elf, etc.

x64示例：

x86_64-pc-win32
x86_64-pc-linux
x86_64-apple-darwin

-I 包含目录

If for whatever reason the heuristics within libclang fail to find the headers on your system, it is very easy to specify the header paths manually. Simply open a Visual Studio x64 Command Prompt and run the following command:
如果 libclang 中的启发式方法因某种原因无法在您的系统上找到头文件，则可以轻松地手动指定头文件路径。只需打开 Visual Studio x64 命令提示符并运行以下命令：

Copy 复制

echo %INCLUDE%

This will print a semicolon-separated list of the header paths used on your system:
这将打印系统上使用的标题路径的分号分隔列表：

**********************************************************************
** Visual Studio 2022 Developer Command Prompt v17.13.0
** Copyright (c) 2022 Microsoft Corporation
**********************************************************************

D:\IDE\MicrosoftVisualStudio\2022\Community>echo %INCLUDE%
D:\IDE\MicrosoftVisualStudio\2022\Community\VC\Tools\MSVC\14.43.34808\include;D:\IDE\MicrosoftVisualStudio\2022\Community\VC\Tools\MSVC\14.43.34808\ATLMFC\include;D:\IDE\MicrosoftVisualStudio\2022\Community\VC\Auxiliary\VS\include;D:\Windows Kits\10\include\10.0.26100.0\ucrt;D:\Windows Kits\10\\include\10.0.26100.0\\um;D:\Windows Kits\10\\include\10.0.26100.0\\shared;D:\Windows Kits\10\\include\10.0.26100.0\\winrt;D:\Windows Kits\10\\include\10.0.26100.0\\cppwinrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\include\um

On Linux you can determine the header paths used your system by running the following command:
在 Linux 上，您可以通过运行以下命令来确定系统使用的标头路径：

Copy 复制

cpp -v

This will print something like:
这将打印类似以下内容：

Copy 复制

#include <...> search starts here:
 /usr/lib/gcc/x86_64-linux-gnu/6/include
 /usr/local/include
 /usr/lib/gcc/x86_64-linux-gnu/6/include-fixed
 /usr/include/x86_64-linux-gnu
 /usr/include

-x 选项来告知 clang 预期的语法

libclang 解析内存字符串时，不会对预期的语法做出任何假设。因此，在调用解析器之前，必须指定 -x 选项来告知 clang 预期的语法。以下是已知的语法指令：

-x c
-x c++
-x objective-c
-x objective-c++

示例

//默认生成test.til
idaclang -x c++ -target x86_64-pc-linux test.h

//--idaclang-tilname 指定输出的文件名
idaclang --idaclang-tilname /tmp/test2.til -x c++ -target x86_64-pc-linux test.h

tilib

使用 tilib 实用程序转储 TIL 信息

tilib -l /tmp/test.til