Introduction

A few weeks ago, I proposed an IDA features to improve the CLI and add macros support. After a few email exchanges with Arnaud from Hex-Rays, we could not agree on how to best do it and still accommodate to everyone’s needs. Finally, Arnaud kindly wrote a quick IDAPython script to show me how I can intercept the CLI text before it gets executed. Please see Hack of the day #2: Command-Line Interface helpers.

Unfortunately, the QT approach did not work for me due to many reasons:

I don’t want the text to be replaced on the fly.

I don’t want the expanded text (macros) to be part of the history. Instead the macros should remain un-expanded as they get stored in the history.

The biggest issue we were discussing is how to format numbers: 0xHEXNUM, HEXNUM, #HEXNUM, …?

How many hardcoded macros should we have and what should they do?

In all cases, since IDA is highly programmable and I have access to the awesome IDA support team (thank you guys!), the ball is now in my court and all I had to do is write a plugin.

Enter ‘climacros’

I woke up one day with the solution to this dilemma. I don’t have to hardcode anything, instead just let the users define their own macros backed by Python expressions. The only thing I hardcoded was how to embed an expression in the CLI text. I opted for something simple inspired by the PHP/ASP syntax, something like ${ expression }$ (anything between those special tags is evaluated in Python).

With this basic idea, I set about implementing all the default macros that I think are useful for my daily work with WinDbg’s CLI.

This is climacros in action:

No more copy/paste in order to get the current address from the disassembly view! 🙂

climacros is written in C++ and is opensource. You can also grab the Windows binaries from here.

Future work

If this plugin is well received, I think people will ask for features like:

Macros profiles: to have a set of macros that one can switch between them quickly

Import/Export macros: to be able to transfer macros with users

Macro expansion using a scripting language of your choice and not just Python

Let me know!