Releases · kweatherman/ida_missinglink

This release is mainly a fix for the TTD trace ".idx" index file problem.
Previously if you tried running plugin on a trace ".run" file with an ".idx" file it, the MS trace playback engine would load the file along with the trace and disable most of the internal JMP and CALL instruction callbacks. Thus the plugin would find little if any at all of the indirect branches it needs.

These ".idx" files get rebuilt every time a trace is loaded into WinDbX.

On review of the internals, there is unfortunately no flag to keep the playback engine from loading a companion index.

The solution I found, pretty much the only solution currently (other than just not running if the ".idx" file is there), was to hook GetFileAttributesW to fool the engine's index file check. The hook intercepts the check and returns a "not found" always. Although it's an API hook it's pretty benign. It only hooks if there is an ".idx" file in the same place as the ".run" file, and only stays hooked while the plugin is running. Finally the GetFileAttributesW API is called infrequently by IDA so the effects are minimal. Uses the popular MinHook library to do the hooking.

Note: 9/2024
Apparently in the newer version of the Microsoft TTD library DLLs my ".idx" hook hack no longer works.
I need to sort out why. With luck the new interface will have an option on the trace file loader to disable the ".idx" file.
It's a nuisance, but the only way to get around it right now until I make an update is to rename or delete the ".idx" file before running the plugin.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Releases: kweatherman/ida_missinglink

v1.1.0

v1.0.0