binexport - An IDA Pro plugin for exporting disassemblies into BinNavi databases and to Protocol Buffers

  •        24

Copyright 2011-2017 Google Inc.Disclaimer: This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

https://github.com/google/binexport

Tags
Implementation
License
Platform

   




Related Projects

collabREate

  •    Java

collabREate is an Ida Pro plugin and remote server component designed to facilitate collaborative reverse engineering and synchronization of database content across differing versions of Ida Pro.

flare-ida - IDA Pro utilities from FLARE team

  •    Python

This repository contains a collection of IDA Pro scripts and plugins used by the FireEye Labs Advanced Reverse Engineering (FLARE) team. To install, copy the contents of the plugins directory in this repository to your %PROGRAMFILES%\IDA\plugins folder.

FLIRTDB - A community driven collection of IDA FLIRT signature files

  •    Max

Fast Library Identification and Recognition Technology, also known as FLIRT, is IDA's internal symbols identifier that searches through disassembled binaries in order to locate, rename, and highlight known library subroutines. FLIRT elimates the need to analyze functions that could be understood simply by reading documentation or source code from the library it came from and reduces the amount of work required in order to reverse and understand symbol-stripped binaries by a considerable amount. The input to the system is a library file (.lib on Windows) from a library of choice while the output is a signature file (.sig) stored under /sig (and only there or else IDA won't find it). Using one of the tools (plb/pcf/pelf) (provided here for paying customers) you convert all the functions in the library to signatures stored in a PAT file (.pat). The final stage in creating a signature file involves converting the generated PAT file into a .sig file usable by IDA with the use of sigmake. The problem with this is that sometimes collisions will exist for signatures since the method Hex-Rays uses is not fool proof. When an error occurs an EXC (.exc) file is created. In order to ignore collisions, simply edit this file by removing the first few comments (lines that start with ';') and re-run sigmake.

Sark - IDAPython Made Easy

  •    Python

IDA Plugins & IDAPython Scripting Library. For documentation, see sark.rtfd.io.

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

  •    Python

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research). ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.


sk3wldbg - Debugger plugin for IDA Pro backed by the Unicorn Engine

  •    C++

This is the Sk3wlDbg plugin for IDA Pro. It's purpose is to provide a front end for using the Unicorn Engine to emulate machine code that you are viewing with IDA. The plugin is dependent on the Unicorn engine. Because IDA is 32-bit, you MUST have a 32-bit build of the Unicorn library for your IDA platform (Windows, Linux, OS X).

python-idb - Pure Python parser and analyzer for IDA Pro database files (.idb).

  •    Python

python-idb is a library for accessing the contents of IDA Pro databases (.idb files). It provides read-only access to internal structures such as the B-tree (ID0 section), name address index (NAM section), and flags index (ID2 section). The library also provides analysis of B-tree entries to expose logical structures like functions, cross references, bytes, and disassembly (via Capstone). An example use for python-idb might be to run IDA scripts in a pure-Python environment. Willem Hengeveld (mailto:itsme@xs4all.nl) provided the initial research into the low-level structures in his projects pyidbutil and idbutil. Willem deserves substantial credit for reversing the .idb file format and publishing his results online. This project heavily borrows from his knowledge, though there is little code overlap.

IDASkins - Advanced skinning plugin for IDA Pro

  •    Python

Plugin providing advanced skinning support for IDA Pro utilizing Qt stylesheets, similar to CSS. The screenshot above shows the "IDASkins Dark" theme in combination with the idaConsonance theme.

openreil - Open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language)

  •    C

OpenREIL is open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language). However, after Zynamics was acquired by Google they abandoned BinNavi, so, I decided to develop my own implementation of REIL. I made it relatively small and portable in comparison with original, the translator itself is just a single library written in C++, it can be statically linked with any program for static or dynamic code analysis. The higher level API of OpenREIL is written in Python, so, it can be easily utilized in plugins and scripts for your favourite reverse engineering tool (almost all modern debuggers and disassemblers has Python bindings).

gef - GEF - GDB Enhanced Features for exploit devs & reversers

  •    Python

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

idaref - IDA Pro Instruction Reference Plugin

  •    PLpgSQL

IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful. Enter IdaRef: The plugin will monitor the location for your cursor (ScreenEA) and display the full documentation of the instruction. At the moment it only supports x86-64, ARM and MIPS 32bit, however adding support for other architectures is relatively easy.

IDA-Pro-Code

  •    

The goal of IDA-Pro-Code is to provide support for auditing applications including binary audits through extensions of the IDA Pro disassembler by DataRescue sa/nv and/or HexRays.com.

Akumuli - Time-series database

  •    C++

Akumuli is a time-series database for modern hardware. It can be used to capture, store and process time-series data in real-time. The word "akumuli" can be translated from Esperanto as "accumulate".

realm-core - Core database component for the Realm Mobile Database SDKs

  •    C++

Realm is a mobile database that runs directly inside phones, tablets or wearables - check out realm.io.This repository holds the source code for the core database component used by all the Realm Mobile Database products: realm-java, realm-cocoa, realm-js and realm-dotnet. Realm Core is not in itself an "end-user" product with a publicly stable and supported API. It is the intention to build a publicly supported C++ API (see this issue), but that will be a separate product and likely build on top of realm-object-store.

diaphora - Diaphora, a Free and Open Source program diffing tool

  •    Python

Diaphora (διαφορά, Greek for 'difference') is a program diffing plugin for IDA Pro and Radare2, similar to Zynamics Bindiff or the FOSS counterparts DarunGrim, TurboDiff, etc... It was released during SyScan 2015. It works with IDA Pro 6.9, 6.95 and 7.0. In batch mode, it supports Radare2 too (check this fork). In the future, adding support for Binary Ninja is also planned.

MagicalRecord - Super Awesome Easy Fetching for Core Data 1!!!11!!!!1!

  •    Objective-C

In software engineering, the active record pattern is a design pattern found in software that stores its data in relational databases. It was named by Martin Fowler in his book Patterns of Enterprise Application Architecture. The interface to such an object would include functions such as Insert, Update, and Delete, plus properties that correspond more-or-less directly to the columns in the underlying database table. Active record is an approach to accessing data in a database. A database table or view is wrapped into a class; thus an object instance is tied to a single row in the table. After creation of an object, a new row is added to the table upon save. Any object loaded gets its information from the database; when an object is updated, the corresponding row in the table is also updated. The wrapper class implements accessor methods or properties for each column in the table or view.

sqlitebrowser - Official home of the DB Browser for SQLite (DB4S) project

  •    C++

DB Browser for SQLite (DB4S) is a high quality, visual, open source tool to create, design, and edit database files compatible with SQLite. It is for users and developers wanting to create databases, search, and edit data. It uses a familiar spreadsheet-like interface, and you don't need to learn complicated SQL commands.

vm86 - 🍔 A x86 Script Instruction Virtual Machine

  •    C

This is a very simple and lightweight x86 virtual machine which can load and run the assembly code from ida pro directly. And we call it in c language first.

medusa - An open source interactive disassembler

  •    C++

Medusa is a disassembler designed to be both modular and interactive. It runs on Windows and Linux, it should be the same on OSX. This project is organized as a library. To disassemble a file you have to use medusa_text or qMedusa. Medusa requires the following libraries: boost >= 1.55 (system, filesystem, thread, date_time), OGDF (required git), and Qt5 >= 5.2 for the GUI. You also need CMake for compilation and a C++11 compiler (VS2015 update 2 on Windows). Git is optional but allows to clone remote repository for specific features, see Compilation/Options.