idb2reml allows information from IDA to be exported into an XML format (REML) which can be futher processed with custom scripts. A useful script to use in conjuction with idb2reml is pyreml
Documentation:
The README file accompanying the release can be read here.
The module documentation has been put together using pydocand can be found here.
Download:
idb2reml can be downloaded from here.
Notes:
The module just needs to be loaded in IDA. Once it's done, a REML file will be generated witht the same name as the existing DB.
For a simple test program like the following:
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
printf("Hello world!\n");
}
The data in the REML file will have the following format:
<disassembly source="Test App.exe" entry_point="4198944">
<function>....</function>
.
.
.
<function name="main" library="false" thunk="false">
<i at="4199056" code="true" d="55" mnem="push">
<o n="0" t="1" d="ebp"/>
<branch from="4198882"/></i>
<i at="4199057" code="true" flow="true" d="89e5" mnem="mov">
<o n="0" t="1" d="ebp"/>
<o n="1" t="1" d="esp"/></i>
<i>...</i>
.
.
.
</function>
.
.
.
</disassembly>
Which corresponds to the assembler code in this file (as disassembled by IDA). The diassembled main function follows:
push ebp
mov ebp, esp
sub esp, 8 ; char *
and esp, 0FFFFFFF0h
mov eax, 0
add eax, 0Fh
add eax, 0Fh
shr eax, 4
shl eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_401710
call sub_4013B0
mov [esp+8+var_8], offset aHelloWorld ; "Hello world!\n"
call printf
leave
retn