software

msdocviewer – Streamlining Win32 API And Driver Documentation Viewing – A Comprehensive Guide

msdocviewer is a simple tool for viewing Microsoft’s win32 API and driver technical documentation. msdocviewer consists of two parts.

The first is a parser (run_me_first.py) that searches for all markdown files in the Microsoft sdk-api and driver repository, it then checks if the document is related to a function and if so, it copies the document to a directory and then renames the file with their corresponding API name.

For example, the file nf-fileapi-createfilea.md is renamed to CreateFileA.md. The second part is a markdown viewer that exists within an IDA plugin (ida_plugin/msdocviewida.py) that displays the document in IDA. An example of the output can be seen below.

msdocviewer is similar to the old MSDN IDA viewers but doesn’t rely on browsers, network requests or extracting the documents from a Visual Studio SDK.

Since Microsoft started storing their API documents in Markdown and hosting them on GitHub, all the documents can be easily downloaded by cloning a repository.

This is super useful because it is easy to copy the repositories to a portable drive or have them in a VM or host that doesn’t have network access.

It should also make it easy to port this code to other tools (e.g. Binary Ninja, Ghidra, etc).

Note

The .git log for the sdk-api and driver repository takes up over 2GB of space. Deleting these files or their downloaded repositories does not affect the usage of the plugin because all of the needed files are saved to the apis_md directory.

Installation

Clone this repository. Note: Since the repository is using submodules it might take some time to download. The Microsoft sdk-api repository is over 1GB in size.

git clone https://github.com/alexander-hanel/msdocsviewer.git

If sdk-api or windows-driver-docs-ddi are empty, the following commands needs to be executed

cd msdocsviewer
git submodule update --init --recursive

If the above command errors out, execute it again.

Once downloaded, execute python run_me_first.py then wait. Below is an example output.

python.exe c:/Users/Admin/Documents/repo/msdocsviewer/run_me_first_copy.py 
INFO - deleting and overwriting apis_md directory
INFO - creating apis_md directory at C:\Users\Admin\Documents\repo\msdocsviewer\apis_md
INFO - starting the parsing, this can take a few minutes
INFO - parsing C:\Users\Admin\Documents\repo\msdocsviewer\sdk-api\sdk-api-src\content
INFO - parsing C:\Users\Admin\Documents\repo\msdocsviewer\sdk-api\sdk-api-src\content completed
INFO - parsing C:\Users\Admin\Documents\repo\msdocsviewer\windows-driver-docs-ddi\wdk-ddi-src\content
INFO - parsing C:\Users\Admin\Documents\repo\msdocsviewer\windows-driver-docs-ddi\wdk-ddi-src\content completed
INFO - finished parsing, if using IDA add path C:\Users\Admin\Documents\repo\msdocsviewer\apis_md to API_MD variable in idaplugin/msdocviewida.py

To update (recommended) the documention, execute the following command

python.exe c:/Users/Admin/Documents/repo/msdocsviewer/run_me_first_copy.py --overwrite

There is also an option of --log to create a debug log to see all skipped files. Here is the help for run_me_first_copy

usage: run_me_first_copy.py [-h] [-l] [-o]

msdocviewer parser component

optional arguments:
  -h, --help       show this help message and exit
  -l, --log        Log all parsing errors to debug-parser.log
  -o, --overwrite  overwrite apis_md directory

Edit ida_plugin/msdocviewida.py and add the directory path of apis_md to the API_MD variable (currently on line 19ish).

Then copy msdocviewida.py to the IDA plugin directory. The following idapython command can be executed to find the plugin directory path.

Python>import ida_diskio
Python>ida_diskio.get_user_idadir()
'C:\\Users\\Admin\\AppData\\Roaming\\Hex-Rays\\IDA Pro'

If a directory named plugins is not present, it needs to be created.

Requirements

pyaml – strangely the yaml data can also be parsed as a markdown table

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

57 minutes ago

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago