Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/1111joe1111/ida_ea

A set of exploitation/reversing aids for IDA
https://github.com/1111joe1111/ida_ea

Last synced: about 2 months ago
JSON representation

A set of exploitation/reversing aids for IDA

Host: GitHub
URL: https://github.com/1111joe1111/ida_ea
Owner: 1111joe1111
Created: 2017-10-17T13:51:57.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2017-11-28T20:40:24.000Z (almost 7 years ago)
Last Synced: 2024-04-07T06:32:37.079Z (6 months ago)
Language: Python
Homepage:
Size: 1.8 MB
Stars: 413
Watchers: 27
Forks: 82
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# IDA EA #

* **A set of exploitation/reversing aids for IDA**

## Features ##

### Context Viewer ###

New context viewer for IDA, Features include:

* Recursive pointer derfereneces

* History browser

* Color coded memory

* Instruction rewind feature

* A similar interface to that of popular `GDB` plugings (eg. `PEDA/GEF`)

![screen 1](./screens/view2.png)

_______________

### Instuction Emulator ###

* Live annotate the results if furture instructions in IDA using the `Unicorn` CPU emulator

* Can be hooked to breakpoints

* Visualise instructions before execution

![screen 3](./screens/emu.png)

_______________

### Heap Explorer ###

Explore current heap state of glibc binaries

* Trace allocations

* Enumerate bins

* View all free and allocated chunks headers

* Useful for heap exploitation / debugging.

![screen 1](./screens/heap.png)

_______________

### Trace Dumper ###

* Dump the results of an IDA trace into a Pandas Dataframe

* Analyze traces in Python using Pandas

![screen 2](./screens/trace.png)

![screen](./screens/trace10.png)

_______________
### CMD ###

* GDB bindings for IDA

* GDB style mem queries + searches

![screen 2](./screens/cmd2.png)

_______________
### Restyle ###

* Restyle IDA using GUI.

![screen 3](./screens/screen3.png)

___

# Install #

### Dependencies ###

No core dependencies for the plugin. Nevertheless certain fetures will be disabled without these python libraries installed:

##### Trace Dumper #####

* `Pandas`

##### Instruction Emulator #####

* `Unicorn CPU emulator`
* `Capstone Dissasembler`

### Install ###

* Place `ida_ea` folder in `IDA Pro` directory (`C:\Users\{name}\AppData\Roaming\Hex-Rays\IDA Pro` on Windows)

* Add line `from ida_ea import ea_main` to your `idapythonrc` file.

* Plugin is accessed via `IDA EA` tab added to the menu bar

## Warning ##

* Only tested on Windows with `IDA 6.8`

* Only supports `x86/x86-64` binaries

* Alpha release so expect many bugs!

# Enjoy! #