Put on your tinfo_t hat if you're my type presented at t2 2015

by Miau Biz,

Summary : The IDA Pro APIs for interacting with type information are full of opportunities (horrible problems). I will show you how to create unparseable types, how to apply these types to functions and variables and how to transfer these types from one IDB to another.
The user interface of IDA Pro will not allow types with certain characters such as the dollar sign, colons and angle brackets to be inserted into Local Types, or parsed from a header file. It is further not possible to create structs that refer to these types or apply these types to functions or variables. However it is possible to import these types from a PDB, both into Local Types and on to function prototypes.
The IDA Pro APIs for interacting with types allow both the insertion of unparseable types and their application to functions and variables. The APIs are unfortunately undocumented and there are, if any not many, public resources demonstrating their use. This presentation will show how to create unparseable types, how to apply them to functions and variables.
Unparseable types can be inserted into Local Types by inserting them using temporary names, without any special characters, and renaming the types to their actual names after insertion. Any character is allowed in a type's name when it is renamed. Because types extend other types and refer to further types, inserting a type may require temporarily renaming all types in that type's hierarchy and all types referred to anywhere in that hierarchy.
Types may be applied to functions and variables either through tinfo_t structures, renaming them before application, or by reversing the serialization format used by a subset of IDA Pro's type APIs.
miaubiz is a senior doctor of security at Azimuth Security. he has previously found bugs in web browsers and has spoken at T2, SyScan, and Infiltrate. his interests are bad APIs and sniffing ARMpits.