--------------------------------------------------------------------------------
Sobek - A data flow analysis plugin for Interactive Disassembler Pro
--------------------------------------------------------------------------------

Copyright (c) 2003, Michel Jean-Franois <jfmichel(at)operamail(dot)com>
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, 
are permitted provided that the following conditions are met:

-	Redistributions of source code must retain the above copyright notice, 
	this list of conditions and the following disclaimer. 

- 	Redistributions in binary form must reproduce the above copyright 
	notice, this list of conditions and the following disclaimer in the 
	documentation and/or other materials provided with the distribution. 

-	Neither the name of Sobek nor the names of its contributors 
	may be used to endorse or promote products derived from this software 
	without specific prior written permission. 

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE

--------------------------------------------------------------------------------
Description
--------------------------------------------------------------------------------

Sobek is a simple data flow analysis plugin for Interactive Disassembler Pro.
It helps the reverse engineering process by answering two questions : 

Trace Forward : show following instructions where the selected operand is used 
and/or propagated.

Trace Backward : show preceding instructions from which depends the value of the 
selected operand. 

Sobek was written as part of a thesis submitted to the Paul Lambin Institute 
(in French "Institut Paul Lambin") in partial fullfillment of the requirements 
for the three years degree in computer science.
Sobek is in an early development stage. Questions, constructive comments and 
help improving it are welcome. 

--------------------------------------------------------------------------------
Current limitations/ Future Improvements
--------------------------------------------------------------------------------

- Sobek supports 80x86 compatible processors only. At this time, only 80386 
(and anterior processors) instructions that are likely to be generated by a 
high level language are defined. FPU, MMX, SSE, ... instructions/registers are 
not supported yet.

- The actual user interface is temporary and for testing purpose only. Future 
interface should display control flow graph and allow options to be changed at 
runtime (atm Sobek has to be recompiled in order to change an option).

- Due to school requirements, comments and documentation are written in French 
(help translating this in English would be appreciated). Further development 
will be in English. 

- many bugs to find/fix ;)

--------------------------------------------------------------------------------
Compilation
--------------------------------------------------------------------------------

Sobek has been compiled and tested using the free Borland C++ compiler and Ida 
SDK 4.5/4.6.

Note that this version of Sobek was written using sdk 4.5. Some modifications 
were made in order to make it compatible with IDA 4.6 but 64bits functionalities 
are not supported yet. Next release will NOT support sdk 4.5.

Example directory structure :

sdk directory 	c:\IDA
Ida main directory c:\IDA\BIN

- install Borland free compiler 5.5

- copy Sobek directory into c:\Ida\Plugins

- Edit the following files in order to reflect your own directory structure

c:\IDA\Plugins\Sobek\makefile

	!include ..\plugin.mak

c:\IDA\Plugins\Sobek\m.bat

	move /Y C:\ida\BIN\W32\plugins\df.plw c:\ida\bin\plugins\ 

c:\IDA\Plugins\plugin.mak
; only if you don't want to add c:\Ida\Bin\w32 to your path 
	UPATH=C:\Ida\BIN\W32\\        

c:\IDA\allmake.mak 
	
	IDA=C:\ida\
	BCDIR=C:\borland\BCC55\

c:\IDA\w32bor.cfg
; generate w32bor.cfg as described in c:\IDA\install_make.txt
; check the following lines

	-Ic:\ida\include
	-Ic:\borland\BCC55\include
	-Lc:\ida\libbor.w32
	-Lc:\borland\BCC55\lib

c:\IDA\Include\Intel.hpp
; for 4.6 users only change 	
	#include "..\idaidp.hpp"
; to
	#include "..\module\idaidp.hpp"

c:\IDA\Plugins\Sobek\options.hpp
; for 4.5 users only
; comment this line
	#define SDK_46
	
- launch c:\IDA\Plugins\Sobek\m.bat 

  it will compile Sobek and move it to c:\IDA\BIN\Plugins directory

--------------------------------------------------------------------------------
Installation
--------------------------------------------------------------------------------

- copy sobek.pwl into your Ida\Bin\plugins directory

- edit Ida\Bin\plugins\plugins.cfg

  add the following lines :

  Sobek_Forward   Sobek Shift-1 0
  Sobek_Backward  Sobek Shift-2 1

--------------------------------------------------------------------------------
Usage
--------------------------------------------------------------------------------

- Select an operand by moving the cursor on it

- Shift-1 : trace froward

- Shift-2 : trace backward

--------------------------------------------------------------------------------
Greetings
--------------------------------------------------------------------------------

I'd like to thank : 

Eric Landuyt
Ilfak Guilfanov
Laurent Sansonetti 
Pierre Vandevenne
Sophie Michel
Valrie Pochet

and all the folks at Datarescue :)