Rust plugin

The binaries produced by the Rust compiler have some peculiarities which make them difficult to analyze, such as:

  - non-standard calling conventions
  - non-terminated string literals
  - unusual name mangling scheme

By default, Rust plugin is enabled if one of the following condition is true

  - one address is named 'rust_begin_unwind'
  - the string 'rustc-' can be found somewhere in the program
    If the segment '.rodata' exists, the search is limited to this segment

String literal analysis

Rust plugin walks to all addresses in segment with name ending in "__const", ".rodata" or ".rdata" and creates string literals on xref

  - on dref, the string literal is set up to the next dref
  - on cref, Rust tries to retrieve length from nearby instructions
    Arm, Risc-V and pc proc module benefit from this

To force the string literal detection:

  idaapi.load_and_run_plugin("rust", 1)

Demangling name

Rust plugin also offers the possibility to configure a demangler library for rust. By default the plugin will use the librustdemangle library that is shipped with IDA. You can disable this feature in 'Edit>Plugin>Rust language helper' or specify another library to use.

See cfg/rust.cfg for the possible options

List of '-Orust' options

  - on  : enable rust plugin for this session of IDA
  - off : disable rust plugin for this session of IDA

Example

  -Orust:off

This disable the plugin for this session of IDA.

Last updated 3 days ago