How to automatically color lines in IDA?
I want IDA to automatically color lines in both the graph and text view for important instructions, for example wherever there is a call or xor instruction change the background color of each of those references to a certain color.
Here is what I am looking to achieve:
fig.1 graph view
fig.2 text view
I noticed you can go to Edit > Other > color instruction... from the main menu and this will allow you to change the background color of the selected instruction, but this does not change all of them and seems to only affect the current database.
How can I make IDA automatically color certain instructions such as call and xoras shown from the example images?
I want it to automatically work for any database I open.
You need to write an IDA plug in using IDAPython (python for IDA) or IDC (IDA scripting language which is very similar to C), the following code is in IDC:
#include <idc.idc>
static main(void)
{
auto currentEA;
auto currentMnem;
auto prevMnem;
auto currentOp;
prevMnem = "";
currentOp;
currentEA = FirstSeg();
currentEA = NextHead(currentEA, 0xFFFFFFFF);
while (currentEA != BADADDR)
{
currentMnem = GetMnem(currentEA);
//Highlight call functions
if (currentMnem == "call")
{
SetColor(currentEA, CIC_ITEM, 0xc7c7ff);
}
}
}
You can also refer to the opcodes' operands:
//Non-zeroing XORs are often signs of data encoding
if (currentMnem == "xor")
{
if (GetOpnd(currentEA, 0) != GetOpnd(currentEA, 1))
{
SetColor(currentEA, CIC_ITEM, 0xFFFF00);
}
}
Here is a guide from Hex Blog for using IDC plug-ins.
And here is a sample for similar script in IDA Python instead of IDC.