{"id":15403654,"url":"https://github.com/ana06/idapython","last_synced_at":"2026-03-17T18:37:35.464Z","repository":{"id":98170420,"uuid":"285323252","full_name":"Ana06/idapython","owner":"Ana06","description":"My IDA Python scripts.","archived":false,"fork":false,"pushed_at":"2022-05-31T13:55:29.000Z","size":41,"stargazers_count":22,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-11T08:26:32.060Z","etag":null,"topics":["ida","ida-pro","ida-script","idapython","idapython-script"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ana06.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-05T15:02:26.000Z","updated_at":"2025-09-25T14:02:21.000Z","dependencies_parsed_at":null,"dependency_job_id":"68e4c1ee-0b22-4062-a531-593d909e33b3","html_url":"https://github.com/Ana06/idapython","commit_stats":{"total_commits":10,"total_committers":3,"mean_commits":"3.3333333333333335","dds":0.5,"last_synced_commit":"f288867f946be69887f3f680147f4d81c7132ef1"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Ana06/idapython","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ana06%2Fidapython","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ana06%2Fidapython/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ana06%2Fidapython/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ana06%2Fidapython/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ana06","download_url":"https://codeload.github.com/Ana06/idapython/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ana06%2Fidapython/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30628433,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T17:32:55.572Z","status":"ssl_error","status_checked_at":"2026-03-17T17:32:38.732Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ida","ida-pro","ida-script","idapython","idapython-script"],"created_at":"2024-10-01T16:09:32.110Z","updated_at":"2026-03-17T18:37:35.439Z","avatar_url":"https://github.com/Ana06.png","language":"Python","readme":"# IDAPython scripts\n\nThese scripts have been tried with IDA 7.7 and Python 3.7.\n\n## `idapythonrc.py`\n\nIt needs to be copied into the user directory, which you can get with `get_user_idadir()`, so that it is executed at the end of IDAPython’s initialization.\nIt imports `color.py`, `nop.py` and `p.py`, defines an `init()` method and registers the `Ctrl+Enter` hotkey to it.\n\nThe `init()` method is expected to be called after IDA initial autoanalysis has been finished.\nIt colors the database, loads capa explorer (running its analysis - needs modifying capa explorer) and reactivate the `IDA View-A` view.\n\n\n## `color.py` :art:\n\nProvides an `apply()` method to color and mark your database and a `clean()` method to undo it.\nThe `apply()` method colors `call`, `push` and `pop` instructions (sets background color).\nIt also adds the prefix `\u003e\u003e` to`call` instructions and the number of argument to its parameters (only available if the function declaration is defined).\nThis is useful to quickly identify function calls, their parameters and the calling convention.\n\n![colored database](doc/color.png)\n\n`clean()` removes the background color of all the database.\nIt can be used to remove the colors added by `apply()`, but it doesn't remove the prefixes.\n\n\n## `nop.py`\nProvides a `nop()` method and registers the `Ctrl+N` hotkey to it.\nThe `nop()` method nops-out the current instruction and advance the cursor to the next instruction.\n\n\n## `p.py`\n\nProvides functions to print different formated data.\n\n\n## `decode.py`\n\nProvides functions to decode strings.\n\n\n## `resolve-apis.py`\n\nIt can be use to decode the apis used by a program which resolves API calls at runtime using hashing.\n\nAlternatives to this script:\n    - `C:\\Program Files\\IDA Pro 7.7\\idc\\renimp.idc`\n    - `Universal Unpacker Manual Reconstruct` under plugins\n\n\n## `define-strings.py`\n\nIt defines strings in a range of addresses by looking for the 0x0 byte.\n\n\n## `call-decoding.py`\n\nIt uses Appcall to decode strings calling a decoding routine.\nIt searches for all calls to the decoding routine.\n\nCheck https://hex-rays.com/blog/practical-appcall-examples for more details on Appcall.\n\n\n## `breakpoint-print.py`\n\nThis code can be used in a conditional breakpoint at the of a decoding routine (before restoring ebp) to output the decoded string.\n\n\n## `RC4.py`\n\nIt inspect the whole code looking for instructions like `mov register, offset`.\nIt tries to decode the bytes which start at the `offset` address using RC4.\nIf the result is a printable string, it adds a comment in that location with the decoded string and prints a message to the output window with the decoded string and the address.\n\n\n## `copy-strings.py`\n\nIt adds two actions to the strings windows:\n- With `Ctrl+C` it copies the strings or list of strings selected.\n  The default is to copy the whole row/s.\n- With `Ctrl+P` it prints the address and the string in the output window.\n\n\n## License\n\nThe code in this repository is Free Software, published under MIT license (see [LICENSE](LICENSE)).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fana06%2Fidapython","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fana06%2Fidapython","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fana06%2Fidapython/lists"}