Giter VIP home page Giter VIP logo

idaextras's Introduction

What is IDA Extras?

IDA extras is a (growing) collection of IDA UI and other enhancements to overcome some challenges when using IDA. If it possible to do these things natively in IDA, please let me know.

How To Install?

Drop idaextras directory and IDAExtras.py into IDA's plugin directory.

What Are These Enhancements?

1. Exports

IDA Extras: Exports renders another tab similar to the default Exports tab but will provide additional detail about the exports. This interface came about due to wanting a quick way to find exports of interest when dealing with many exports where a number of them are just retn statements. There is even an AutoFilter option to remove all of the ones with retn mnemonic or where the Is Code flag is False.

Video

IDAExtrasExports.webm

The export screen is started in the video using the shortcut key. The menu item was not clicked; just shown.

2. Copy Bytes

Copy Bytes works in both the dissembler view and the hex view. This enchancement copies the bytes selected on the screen. It's not perfect, but it gets the job done.

The build-in IDA shortcut is Shift-E which gives the user more options but sometimes it's nice to have a quick copy bytes in the right click menu.

Caveat 1: When copying selected bytes in the dissassembler view it makes use of idc.read_selection_end() and idc.read_selection_start() which, when in the dissassembler view, means all of the bytes on each line are captured. So if the highlight starts in the middle of one line and ends in the middle of the next line then all of the instructions for both will be copied.

Caveat 2: When copying the bytes in the hex viewer, sometimes one additional byte gets added to the contents copied.

Caveat 3: When copying bytes in the hex viewer, the start and stop positions are determined by when the mouse was clicked and then let up - it does NOT match the contents that get highlighted!

Video: Dissassembler View

CopyBytes_DissassemblerView.webm
IDAExtrasCopyBytes_DissassemblerTake2.mp4

Video: Hex Viewer

IDAExtrasCopyBytes_HexView.mp4

3. sockaddr_in.sin_addr and sockaddr_in.sin_port

Right click on a DWORD or WORD in the dissassembly view to have the sin_addr and/or the sin_port number representation of those bytes displayed. Upon selecting the value in the context menu, the string representation is then added as a comment.

sockaddr_in.sin_addr representation

sockaddr_in.sin_port representation

idaextras's People

Contributors

xorhex avatar

Stargazers

Still / Azaka avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.