{"id":13754932,"url":"https://github.com/thalium/idatag","last_synced_at":"2025-05-10T00:31:18.182Z","repository":{"id":99716676,"uuid":"190235198","full_name":"thalium/idatag","owner":"thalium","description":"IDA plugin to explore and browse tags","archived":false,"fork":false,"pushed_at":"2019-07-19T15:41:07.000Z","size":2110,"stargazers_count":52,"open_issues_count":0,"forks_count":13,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-16T08:33:59.935Z","etag":null,"topics":["ida","ida-plugin","plugin","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thalium.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-06-04T15:56:02.000Z","updated_at":"2024-10-28T02:35:11.000Z","dependencies_parsed_at":"2023-04-27T22:01:07.396Z","dependency_job_id":null,"html_url":"https://github.com/thalium/idatag","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thalium%2Fidatag","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thalium%2Fidatag/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thalium%2Fidatag/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thalium%2Fidatag/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thalium","download_url":"https://codeload.github.com/thalium/idatag/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253346394,"owners_count":21894263,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ida","ida-plugin","plugin","reverse-engineering"],"created_at":"2024-08-03T10:00:37.074Z","updated_at":"2025-05-10T00:31:16.946Z","avatar_url":"https://github.com/thalium.png","language":"C++","funding_links":[],"categories":["\u003ca id=\"6fb7e41786c49cc3811305c520dfe9a1\"\u003e\u003c/a\u003e导入导出\u0026与其他工具交互"],"sub_categories":["\u003ca id=\"8ad723b704b044e664970b11ce103c09\"\u003e\u003c/a\u003e未分类"],"readme":"# IDATag - Tag explorer for IDA Pro\n\nWhen analyzing a binary, a reverser using IDA will rename functions, comment, add bookmarks.\n\nMoreover, this actions are available only from the IDA environment (IDA, IDA scripting or plugins).\n\nHowever, this usage does not allow to have a global view of the analysis. Also, the different conventions to document an IDB may differ.\n\nFinally, adding information from an external tools is not possible (except with scripts or plugins).\n\nThe idea behind IDATag is to offer a centralized way/view to document an IDB from IDA or from any other external tool.\n\n## Overview\n\nIDATag is a tag plugin for [IDA Pro](https://www.hex-rays.com/products/ida/). The plugin leverages IDA as a platform to map, explore, and visualize collected tags.\n\nTags can come from multiple sources such as IDA itself or different other clients.\n\n## Releases\n\n* v0.3 -- Build on Linux, SDK IDA 7.3 , bug fix \n* v0.2 -- Additional interactivity with IDATag from IDA\n* v0.1 -- Initial release\n\nThe plugin is in active development, some bugs may appear. Thanks to let me know!\n\n## Building\n\n### Requirements\n\n* Qt 5.6.3 (IDA version)\n* IDA SDK (7.0 and above)\n* msvc 15.7 or gcc-8 (std::filesystem required)\n* msvc, g++, cmake\n* libgl-dev \n\n### IDA Pro (32-bit)\n\n#### Linux\n\n```sh\nexport IDASDK=/opt/idafree-7.0/idasdk73\nexport IDATARGET=IDA32NUX\nmkdir Ida32Build\ncd Ida32Build\ncmake -G\"Unix Makefiles\" ..\nmake\n```\n#### Windows\n\n```sh\nset IDASDK=C:\\Program Files\\IDA Pro 7.3\\idasdk73\nset IDATARGET=IDA32WIN\n\"C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Professional\\VC\\Auxiliary\\Build\\vcvars64.bat\"\nmkdir Ida32Build\ncd Ida32Build\ncmake -G\"Visual Studio 16 2019\" -A x64 ..\ncmake --build . --config RelWithDebInfo\n```\n\nThe build binary can be found in `bin\\IDATag_x64\\` directory:\n* `IDATag.dll` for IDA Pro 32-bit\n\n### IDA Pro (64-bit)\n\n#### Linux\n\n```sh\nexport IDASDK=/opt/idafree-7.0/idasdk73\nexport IDATARGET=IDA64NUX\nmkdir Ida64Build\ncd Ida64Build\ncmake -G\"Unix Makefiles\" ..\nmake\n```\n#### Windows\n\n```sh\nset IDASDK=C:\\Program Files\\IDA Pro 7.3\\idasdk73\nset IDATARGET=IDA64WIN\n\"C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Professional\\VC\\Auxiliary\\Build\\vcvars64.bat\"\nmkdir Ida64Build\ncd Ida64Build\ncmake -G\"Visual Studio 16 2019\" -A x64 ..\ncmake --build . --config RelWithDebInfo\n```\n\n\u003e WARNING: no quotes for the IDASDK path!\n\u003e Example : \n\u003e ```sh\n\u003e set IDASDK=C:\\Program Files\\IDA Pro 7.3\\idasdk73\n\u003e ```\n\nThe build binary can be found in `bin\\IDATag_x64\\` directory:\n* `IDATag64.dll` for IDA Pro 64-bit\n\n## Installation\n\nJust copy the built dll file in the IDA Pro plugin directory.\n\n\u003e REMARK: you can also create a symbolic link to th target dll. \n\u003e for example, in an Admin prompt:\n\u003e ```\n\u003e mklink IDATag.dll c:\\dev\\IDATag\\bin\\IDATag_x64\\IDATag.dll\n\u003e mklink IDATag64.dll c:\\dev\\IDATag\\bin\\IDATag_x64\\IDATag64.dll\n\u003e ```\n\n\u003e This plugin targets IDA Pro version 7.0 and above only.\n\u003e This plugin has not been tested on Linux.\n\n## Usage\n\nIDATag loads automatically when an IDB is opened. To open the view, you may use the `Ctrl+Alt+T` shorcut.\n\n## Tag Overview\n\nThe Tag Overview is a dockable widget that provides view of the referenced tags. \n\n![alt-text](img/gif_1.gif)\n\nThese tags can come from multiple entry points:\n* IDB functions \n* IDB names \n* Disassembly \n* External JSON tag file\n\n![alt-text](img/gif_5.gif)\n\nThe JSON tag file is a pivot to each IDATag client. \n\nEvery tools that could create a JSON file with a specific structure is able to feed your IDA view. The JSON contract has been designed as minimalist.\n\nFor instance, the following JSON is used to tag a specific offset with two tags:\n\n```\n[\n\t{\n\t\t\"tag\": \"crypto\",\n\t\t\"offset\": 5065078,\n\t\t\"feeder\": \"tagcrypt\"\n\t},\n\t{\n\t\t\"tag\": \"SHA-1\",\n\t\t\"offset\": 5065078,\n\t\t\"feeder\": \"tagcrypt\"\n\t}\n]\n```\n\n* Tag : label of the tag\n* Offset : RVA of the offset (make sure of the base used when generating a tag and the IDB base)\n* Feeder : signature of the tag\n\nEach tag in the IDATag view is displayed with a specific colour corresponding to its feeder (tag signature).\n\n![alt-text](img/gif_4.gif)\n\nThis table can be sorted by column, and entries can be double clicked to jump to their corresponding disassembly. Moreover, multiple filters are available to facilitate the navigation:\n* Keep only tagged offsets\n* Textual filter (with case)\n* Feeder filter\n\nWhen textually filtered a tag will be highlighted in the view.\n\nAlso, it is possible to add tags from IDA by:\n* Double-clicking the tag case of a specific offset\n* Typing in a selected tag cell\n* From contextual menu in Functions view\n* From contextual menu in Names view\n* From contextual menu in Disassembly view\n\nTagging from IDA will automatically add an User tag to follow up the work done. \n\nFinally, all the tags may be modified the same way through the IDATag view.\n\n## Context Menu\n\nRight clicking the table in the Tag Overview will produce a context menu with a few basic amenities.\n\n* Export Tags to a JSON file\n* Filter by feeders (IDATag client)\n* Refresh tags from files\n* Reset filters\n* Paint offset (not implemented yet)\n\nAlso, IDATag contextual menu is accessible from different views:\n* Functions view\n* Names view\n* Disassembly view\n\n![alt-text](img/gif_3.gif)\n\n## Configuration\n\nThe plugin can be configured with a specific folder to store tag files and username.\nThe menu is accessible at 'Edit \u003e [IDATag] Configuration'.\n\n![alt-text](img/gif_2.gif)\n\n## IDA integration\n\nMultiple hooks have been deployed to automatically tag the database:\n* Patch event\n* Rename event\n* Comment event\n\nOther event might be supported in the near future (eg. new_file).\n\n## Tag version\n\nIt is possible to ensure the good usage of a tag on a specific IDB by adding a hash value in the tag file.\nThis hash value should correspond to the hashsum of the binary.\n\n```\n[\n\t{\n\t\t\"hash\": \"2E6E67FF68755B3CD8236F0FFA1A05D6\"\n\t\t\"tag\": \"crypto\",\n\t\t\"offset\": 5065078,\n\t\t\"feeder\": \"tagcrypt\"\n\t}\n]\n```\n\n# Tag clients\n\nOne of the main goal of IDATag is to make IDA extensible. It can takes as input json files generated by other tools.\n\nSeveral clients are provided in the `client` folder:\n\n* TagMetaRebase - rebase tags\n* TagPcap - extract tags from Icebox pcap file\n* TagAPI - generate tags based on IAT xrefs\n* TagFuncRefs - generate tags based on function xrefs\n* TagSource - generate tags based on source file strings\n* TagString - generate tags based on strings\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthalium%2Fidatag","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthalium%2Fidatag","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthalium%2Fidatag/lists"}