Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rr-/ida-images

Image preview plugin for IDA disassembler.
https://github.com/rr-/ida-images

data-visualization forensics ida-disassembler ida-plugin ida-pro image-analysis image-viewer python

Last synced: 3 months ago
JSON representation

Image preview plugin for IDA disassembler.

Host: GitHub
URL: https://github.com/rr-/ida-images
Owner: rr-
License: mit
Created: 2015-03-16T20:57:44.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2022-09-17T18:24:56.000Z (about 2 years ago)
Last Synced: 2024-04-14T22:48:15.035Z (7 months ago)
Topics: data-visualization, forensics, ida-disassembler, ida-plugin, ida-pro, image-analysis, image-viewer, python
Language: Python
Homepage:
Size: 53.7 KB
Stars: 55
Watchers: 7
Forks: 13
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# ida-images
Image preview plugin for Ida disassembler.

## Application

I made this plugin to ease finding image decoding routines - I can run some
complex code and see if the memory contains the image I'm looking for
afterwards.

## Features

- Standalone frontend for analyzing plain files
- Multiple pixel formats to choose from: RGB, BGR, alpha channels, etc.
- Saving as PNG
- Adjusting brightness (useful for searching for images using palettes)
- Flipping vertically (useful for analyzing images using BMP-like layout)
- Convenient keyboard shortcuts:
- G - go to address (supports input such as `edi`)
- Q - close
- Ctrl + S - save as…
- Ctrl + F - toggle vertical flip
- H - shrink size horizontally by 1 pixel
- J - expand size vertically by 1 pixel
- K - shrink size vertically by 1 pixel
- L - expand size horizontally by 1 pixel
- Shift + H - shrink size horizontally by 25 pixels
- Shift + J - expand size vertically by 25 pixels
- Shift + K - shrink size vertically by 25 pixels
- Shift + L - expand size horizontally by 25 pixels
- ← - go backward by one byte
- → - go forward by one byte
- Shift + ← - go backward by 25 bytes
- Shift + → - go forward by 25 bytes
- Ctrl + ← - go backward by 1/10 a "page"
- Ctrl + → - go forward by 1/10 a "page"
- Ctrl + Shift + ← - go backward by one "page"
- Ctrl + Shift + → - go forward by one "page"

Additionally, I'm open to feature requests, as long as they won't make the code
too bloated.

## Installing IDA plugin

Either drop the `rgb-ida.py` file and `librgb` directory in `C:\Program
Files\IDA 7.0\plugins` (or similar) and then run it via Ctrl +
3, or run the script manually with Alt + F9.

Tested on: IDA Pro 6.6, 6.8, 7.0

## Installing standalone version

In this case you can either directly use `./rgb`, or install it globally with
`sudo python setup.py install`.

## Seeing it in action

#### Viewing program code

![A piece of code](https://cloud.githubusercontent.com/assets/1045476/10188909/5caf5f88-6763-11e5-9398-eae1df05b941.png)

I have no idea what the gradients are there for, but it's certainly
interesting!

![Are you LZSS?](https://cloud.githubusercontent.com/assets/1045476/10188952/9f488f36-6763-11e5-91cf-76fd63d47c0d.png)

More mysterious data.

#### Viewing actual bitmap

![A bitmap](https://cloud.githubusercontent.com/assets/1045476/10188916/65e391be-6763-11e5-8388-967cde0c7c6e.png)

Now all that's left is to localize the exact function that allocated this
segment... and voilà.