IDC language is a C-like language. It has the same lexical tokens as C does: character set,constants,identifiers,keyw
ords, etc. However, since it is a scripting language, there are no pointers, and all variable types can be handled by
the interpreter. Any variable may hold any value; variables are declared without specfying their type;
IDC 语言是一个类似 C 的语言,它和 C 代码拥有相同的词法单元:字符集、常量、标识符、关键字,等等。然而,由于它是一个脚
本语言,所以没有指针并且所有变量类型都能被解释器处理。变量可以装入任何的值,变量声明不需要指定他们的类型;
[IDC 代码]
auto myvar;
An IDC program consists of function declarations. By default, execution starts from a function named 'main'. Select a
topic to read:
任何一个 IDC 程序都由函数声明组成。默认地,执行从一个名字为“main”的函数开始。选择一个题目去阅读:
There are two kinds of variables in IDC:
IDC 里面有两种变量:
- local variables: they are created at the function entry
and destroyed at the exit
- 局部变量:他们在函数的入口创建,并且在退出时销毁。
- global variables: they are created at the compilation time
and destroyed when the database is closed
- 全局变量:他们在编译时创建,当数据库关闭时销毁。
A variable can contain:
一个变量可以包含:
- LONG: a 32-bit signed long integer (64-bit in 64-bit version of IDA)
- LONG: 一个 32 位有符号长整数(64 位 IDA 版本是 64 位的)
- INT64: a 64-bit signed long integer
- INT64: 一个 64 位有符号长整数
- STR: a character string
- STR: 一个字符串
- FLOAT: a floating point number (extra precision, up to 25 decimal digits)
- FLOAT: 一个浮点数(额外精度:最高到 25 个十进制数位)
- OBJECT: an object with attributes and methods
(a concept very close to C++ class) more
- OBJECT: 一个有属性和方法的对象(概念和 C++ 的类非常相近)等
- REF: a reference to another variable
- REF: 一个其他变量的引用
- FUNC: a function reference
- FUNC: 一个函数引用
A local variable is declared this way:
一个局部变量可以用下面的方法声明:
[IDC 代码]
auto var1;
auto var2 = <expr>;
Global variables are declared like this:
全局变量可以像这样声明:
[IDC 代码]
extern var;
Global variables can be redefined many times. IDA will silently ignore subsequent declarations. Please note that glob
al variables can not be initialized at the declaration time.
全局变量可以被重新定义多次。IDA 将沉默地忽略掉随后的声明。请注意,全局变量在声明的时候不能初始化!
All C and C++ keywords are reserved and cannot be used as a variable name.
所有的 C 和 C++ 关键字被保留并且不能作为变量名使用。
While it is possible to declare a variable anywhere in the function body, all variables are initialized at the functi
on entry and all of them are destroyed only at the exit. So, a variable declared in a loop body will not be reinitial
ized at each loop iteration, unless explicitly specified with an assignment operator.
当变量在函数体内的时候可以在任何的位置声明,所有的变量在函数入口初始化并且他们仅在函数退出时(出口处?)销毁。所以,
在循环体内声明的变量不会在每一次循环的时候重新初始化,除非明确地使用赋值操作符。
If a variable or function name can not be recognized, IDA tries to resolve them using the names from the disassembled
application. In it succeeds, the name is replaced by its value in the disassembly listing. For example:
如果一个变量名或者函数名不能被验证识别,IDA 尝试从反汇编应用程序中去查找。如果成功,名字将会被反汇编列表中的值代替。
例子:
will print 413060. If the label denotes a structure, it is possible to refer to its fields:
将会打印 413060。如果标签指示一个结构体,则它可以提供他的字段:
[IDC 代码]
Message("address is: %x\n", _errtable.errnocode);
will print 413064. Please note that IDA does not try to read the data but just returns the address of the structure f
ield. The field address can also be calculated using the get_field_ea function.
将会打印 413060。请注意 IDA 仅仅返回结构体字段(又名结构体成员)的指针但不会去尝试去读入数据。字段地址也可以被 get_fi
eld_ea 函数计算。
NOTE: The processor register names can be used in the IDC scripts when the debugger is active. Reading from such a va
riable return the corresponding register value. Writing to such a variable modifies the register value in the debugge
d process. Such variables are accessible only when the application is in the suspended mode.
注意:当调试器是活动着的时候,处理器中的寄存器名字可以在 IDC 脚本中使用。像变量一样返回对应寄存器的值;在调试进程中
像修改变量一样写入寄存器的值;像变量一样仅在应用程序挂起(暂停)的时候可访问。
NOTE: another way to emulate global scope variables is to use array functions and create global persistent arrays.
注意:模仿全局 scope 变量的另外一种方法是使用数组函数并且创建全局不间断的(内存连续)数组。 (← 词句翻译不确定)
It is not necessary to specify the parameter types because all necessary type conversions are performed automatically.
By default all function arguments are passed by value, except:
因为所有的类型转换是自动的,所以不必在参数中指定类型。默认情况下所有函数的参数采用值传递的方式,除非:
- objects are always passed by reference
- 对象永远使用引用传递
- functions are always passed by reference
- 函数(类似于函数指针)永远使用引用传递
- it is possible to pass a variable by reference using the & operator
- 可以使用 & 操作符对变量进行引用传递
If the function to call does not exist, IDA tries to resolve the name using the debugged program labels. If it succee
ds, an Appcall is performed.
如果调用的函数不存在,IDA 尝试使用调试程序中的标签来理解这个名称。如果成功,一个 APPCALL 被执行。
In the IDC expressions you can use almost all C operations except:
在 IDC 表达式中你可以使用几乎全部的 C 操作符,除了:
complex assignment operations as '+='
像“+=”这样的复合赋值操作符
Constants are defined more or less like in C, with some minor differences.
常量定义几乎和 C 中的差不多,有较小的不同之处。
There are four type conversion operations:
这里有四种类型转换操作符:
[IDC 代码]
long(expr) floating point numbers are truncated during conversion
// float 到 long 转换会切去小数部分
char(expr)
float(expr)
__int64(expr)
However, explicit type conversions are rarely required because all type conversions are made automatically:
然而,强制类型转换很少被需求,因为所有类型都是自动转换的:
[IDC 自动转换方式列表]
- addition: // 加法:
if both operands are strings,
string addition is performed (strings are concatenated);
if both operands are objects,
object combination is performed (a new object is created)
if floating point operand exists,
both operands are converted to floats;
otherwise
both operands are converted to longs;
- subtraction/multiplication/division: // 减法、乘法、除法:
if floating point operand exists,
both operands are converted to floats;
if both operands are objects and the operation is subtraction,
object subtraction is performed (a new object is created)
otherwise
both operands are converted to longs;
- comparisons (==,!=, etc): // 比较
if both operands are strings, string comparison is performed;
if floating point operand exists,
both operands are converted to floats;
otherwise
both operands are converted to numbers;
- all other operations: // 其它所有
operand(s) are converted to longs;
If any of the long operands is 64bit, the other operand is converted to 64bit too.
如果任何一个 long 型操作数是 64 位的,其它的操作数也会转换成 64 位的。
There is one notable exception concerning type conversions: if one operand is a string and the other is zero (0), the
n a string operation is performed. Zero is converted to an empty string in this case.
这里有一个类型转换中值得注意的例外:如果一个操作数是 string 类型,并且其它的都是 0,则 string 转换会被执行,在这种情
况下,零会被转换为空字符串。
The & operator is used to take a reference to a variable. References themselves can not be modified once created. Any
assignment to them will modify the target variable. For example:
操作符“&”用于获取一个变量的引用。引用他们自己不能被一次创建。任何对他们的赋值将会修改目标变量。例子:
[IDC 代码]
auto x, r;
r = &x;
r = 1; // x is equal to 1 now
References to references are immediately resolved:
引用到引用是“直接”决定的:
[IDC 代码]
auto x, r1, r2;
r1 = &x;
r2 = &r1; // r2 points to x
Since all non-object arguments are passed to functions by value, references are a good way to pass arguments by refer
ence.
所有的非对象参数是以值传递到函数,引用是一个引用传递参数的好方法!
The following symbols are predefined in the IDC preprocessor:
下面的符号是 IDC 预处理中预定义的符号:
[IDA 预定义符号列表]
_NT_ IDA is running under MS Windows
_LINUX_ IDA is running under Linux
_MAC_ IDA is running under Mac OS X
_UNIX_ IDA is running under Unix (linux or mac)
_EA64_ 64-bit version IDA
_GUI_ GUI version of IDA
_TXT_ Text version of IDA
_IDA_VERSION_ The current IDA version, for example: "5.1"
These symbols are also defined when parsing C header files.
分析 C 头文件时,这些符号也被定义。
The slice operator can be applied IDC objects are strings.
操作符 slice 可以应用在 IDC 的字符串对象上。
For strings, the slice operator denotes a substring:
对于字符串来说,操作符 slice 指示一个子字符串:
str[i1:i2] - substring from i1 to i2. i2 is excluded
- 子字符串从 i1 到 i2,i2 是不被包含的
str[idx] - one character substring at 'idx'.
this is equivalent to str[idx:idx+1]
- 在“idx”的单一字符的子字符串。
- 相当于 str[idx:idx+1]。
str[:idx] - substring from the beginning of the string to idx
this is equivalent to str[0:idx]
- 子字符串从开始到 idx,相当于 str[0:idx]。
str[idx:] - substring from idx to the end of the string
this is equivalent to str[idx:0x7fffffff]
- 子字符串从 idx 到结尾,相当于 str[idx:0x7fffffff]。
Any indexes that are out of bounds are silently adjusted to correct values. If i1 >= i2, empty string is returned. Ne
gative indexes are used to denote positions counting from the end of the string.
对于任何超出界限的索引将会寂静地调整为正确的值。如果 i1 大于等于 i2,空字符串将会被返回。负索引被用于指示从字符串后
面计算。
String slices can be used on the right side of an assignment. For example:
字符串 slices 可以被用在赋值语句的右面,例子:(← 翻译不确定)
[IDC 代码]
str[0:2] = "abc";
will replace 2 characters at the beginning of the string by "abc".
将会替换在字符串 "abc" 中的前两个字符。
For objects, the slice operator denotes a subset of attributes. It can be used to emulate arrays:
对于对象,操作符 slice 指示属性的一个子集。它可以用来模仿数组:
[IDC 代码]
auto x = object();
x[0] = value1;
x[1] = "value2";
x[i1:i2] denotes all attributes with numeric values between i1 and i2 (i2 is excluded).
x[i1:i2] 指示所有在 i1 和 i2 之间(不包含 i2)带有数字的属性。
Any non-numeric attributes are ignored by the slice operator.
所有非数字的属性用操作符 slice 时会被忽略。
Any runtime error generates an exception. Exceptions terminate the execution. It is possible to catch an exception in
stead of terminating the execution:
任何运行时错误将会产生一个异常。异常停止执行。可以捕捉异常来代替停止执行:
[IDC 代码]
auto e;
try
{
... some statements that cause a runtime error...
}
catch ( e )
{
// e holds the exception information
// it is an instance of the exception class
}
The try/catch blocks can be nested. If the current function has no try/catch blocks, the calling function will be exa
mined, and so on, until we find a try/catch block or exit the main function. If no try/catch block is found, an unhan
dled exception is reported.
try/catch 块可以嵌套。如果当前的函数没有 try/catch 块,将会检查调用者,直到找到了一个 try/catch 块或者退出了 main 函
数。如果没有 try/catch 块被找到,将会报告一个未处理的异常。
It is also possible to throw an exception explicitly. Any object can be thrown. For example:
也可以显式地抛出一个异常。任何对象都可以抛。例子:
