Displaying 1 to 17 from 17 results

gef - GEF - GDB Enhanced Features for exploit devs & reversers


GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

FLIRTDB - A community driven collection of IDA FLIRT signature files


Fast Library Identification and Recognition Technology, also known as FLIRT, is IDA's internal symbols identifier that searches through disassembled binaries in order to locate, rename, and highlight known library subroutines. FLIRT elimates the need to analyze functions that could be understood simply by reading documentation or source code from the library it came from and reduces the amount of work required in order to reverse and understand symbol-stripped binaries by a considerable amount. The input to the system is a library file (.lib on Windows) from a library of choice while the output is a signature file (.sig) stored under /sig (and only there or else IDA won't find it). Using one of the tools (plb/pcf/pelf) (provided here for paying customers) you convert all the functions in the library to signatures stored in a PAT file (.pat). The final stage in creating a signature file involves converting the generated PAT file into a .sig file usable by IDA with the use of sigmake. The problem with this is that sometimes collisions will exist for signatures since the method Hex-Rays uses is not fool proof. When an error occurs an EXC (.exc) file is created. In order to ignore collisions, simply edit this file by removing the first few comments (lines that start with ';') and re-run sigmake.

Sark - IDAPython Made Easy


IDA Plugins & IDAPython Scripting Library. For documentation, see sark.rtfd.io.




binexport - An IDA Pro plugin for exporting disassemblies into BinNavi databases and to Protocol Buffers


Copyright 2011-2017 Google Inc.Disclaimer: This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

idaidle - A plugin for the commercial IDA Pro disassembler that warns users if they leave their instance idling for too long


Copyright 2016-2017 Google Inc.Disclaimer: This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

GraphGrabber


Used to grab full-resolution images of IDA graphs. Released under MIT license.

DBGHider - An IDA plugin aims to hide debugger from processes


DBGHider is an IDA Pro 7.x plugin written in Python. It aims to hide IDA Winddows debugger from processes. DBGHider uses two ways to hook functions: conditional breakpoint and inline hook.


ida-evm - IDA Processor Module for the Ethereum Virtual Machine (EVM)


IDA Processor Module for the Ethereum Virtual Machine (EVM). This plugin is under active development. New issues and contributions are welcome, and are covered by bounties from Trail of Bits. Join us in #ethereum on the Empire Hacking Slack to discuss Ethereum security tool development.

exports-plus - IDA Pro plugin to view Exports


IDA Pro plugin to view Exports. The problem is that IDA for some reason sometimes does not show certain names in Exports or does not demangle them. This plugin fixes this problem.

functions-plus - IDA Pro plugin to make functions tree view


IDA Pro plugin to make functions tree view. Plugin parses function names and groups them by namespaces. Currently does not support search, is not possible to sort, no context menu.

hrdev - Hex-Rays Decompiler Enhanced View


This is an IDA Pro Python plugin to make Hex-Rays Decompiler output bit more attractive. HRDEV plugin retrieves standard decompiler output, parses it with Python Clang bindings and puts back. The only requirement is Clang Python binding. See https://pypi.python.org/pypi/clang. Clang binding is required to parse decompiler output and produce plugin output.

ida_pdb_loader - IDA PDB Loader


This is a simple IDA plugin to load PDB symbols. The problem is that sometimes IDA crashes for me when trying to load symbols, so I came up with this quick and dirty alternative. This plugin relies on Python pdbparse module (https://github.com/moyix/pdbparse), and I have it included in plugin, because I had to do minor modifications to code.

idajava - Java integration for Hex-Rays IDA Pro


IdaJava is a plugin for IDA Pro that allows to write IDA plugins in Java. In other words: IdaJava is to Java like IDAPython is to Python... The plugin creates an in-process Java VM and looks for JAR files in IDA's plugins directory. Each Java based plugin gets their own menu item in Edit|Plugins. NOTE (2017): This is old code that will likely no longer work. It's mainly here for reference. I don't plan on making further changes.

Stingray - IDAPython plugin for finding function strings recursively


Stingray is an IDAPython plugin for finding function strings. The search is from the current position onwards in the current function. It can do it recursively also with configurable search depth. The results order is the natural order of strings in the BFS search graph. For each found string it displays the xref address, the string address, the string type and the of course the string itself.

SimplifyGraph - IDA Pro plugin to assist with complex graphs


My personal preference is to use IDA’s Graph mode when doing the majority of my reverse engineering. It provides a graphical representation of the control flow graph and gives visual cues about the structure of the current function that helps me better understand the disassembly. Graph mode is great until the function becomes complex. IDA is often forced to place adjacent nodes relatively far apart, or have edges in the graph cross and have complex paths. Using the overview graph becomes extremely difficult due to the density of nodes and edges, like in Figure 1.