This radare2 plugin adds the name of the parameters for Windows imports as well as the MSDN URL where you can find the documentation for such imported function in each address where there's a call to such imports.
As of today, radare2 already adds the name of the parameters for Windows imports (although that functionality is broken right now). The r2msdn plugin is still useful in the following cases:
- You want to add the MSDN URL right next to the import call so you can easily access its documentation
- You want to add up to date parameter names for Windows imports. These names are kept updated given that they are retrieved dynamically through MSDN search engine. So there's no need for a DB storing them.
This plugin supports a couple of parameters:
- -b/--binary: Path of the binary. This parameter should not be used when the plugin is executed inside an r2 session.
- -t/--type: Type of information to be added to the binary. You can pass one or many of the options. Available options: urls, imports. Pass them without commas.
- -d/--debug: If debug logs should be printed. URLs queried and addresses where comments have been added will be printed. It can be overwhelming for large binaries.
If executed without parameters, only URLs will be added to all Windows import calls.
$ r2 <binary>
> #!pipe python ./r2msdn.pyThis shows how to use the script with all parameters inside an r2 session:
$ r2 <binary>
> #!pipe python ./r2msdn.py -t urls imports -dAside from the requirements specified in the requirements.txt file, you will
need to install PhantomJS. Not that I want you to go through that hassle, but
the guys from Microsoft decided that your hardware should be the one setting
the MSDN layout up. That means we have to execute javascript through a headless
browser.
You are on your own for NodeJS and PhantomJS. For python requirements, just
use $ pip install -r requirements.txt.