Posted by Aaron Portnoy
MindshaRE is our periodic look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries by going through our blog history or querying a search engine for dvlabs mindshare.
In a prior post I showed how if you compile a newer version of PySide you can get access to the QCoreApplication instance object within IDA. In that entry, I was using that ability to get access to a specific QAction object in order to hook one of IDA’s keyboard shortcuts. After publishing the post I received a bunch of suggestions from people about how that could be accomplished without using PySide at all. However, I wanted to show that there is a lot more you can do with the ability to introspect PySide objects inside IDA… so, here’s one example. Hopefully, you will get some ideas from this simple example and start thinking of more powerful things you can accomplish with these techniques.
In IDA, the “Output window” allows you to execute arbitary Python statements within IDA. This is indeed useful, but the one feature, in my opinion, the output window is lacking is the ability to apply syntax highlighting to the code written inside of it. In this post I will show