Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tandasat/winioctldecoder

IDA Plugin which decodes Windows Device I/O control code into DeviceType, FunctionCode, AccessType and MethodType.
https://github.com/tandasat/winioctldecoder

Last synced: 3 months ago
JSON representation

IDA Plugin which decodes Windows Device I/O control code into DeviceType, FunctionCode, AccessType and MethodType.

Host: GitHub
URL: https://github.com/tandasat/winioctldecoder
Owner: tandasat
License: mit
Created: 2013-12-20T21:46:53.000Z (almost 11 years ago)
Default Branch: master
Last Pushed: 2023-12-01T05:00:24.000Z (12 months ago)
Last Synced: 2024-05-27T12:40:12.294Z (6 months ago)
Language: Python
Size: 63.5 KB
Stars: 104
Watchers: 10
Forks: 29
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        WinIoCtlDecoder

================

An IDA Pro plugin which decodes a Windows Device I/O control code into

DeviceType, FunctionCode, AccessType and MethodType.

Installation

-------------

Copy the Python file in a /plugins directory to a (IDA)/plugins directory. It

should be located like this:

    C:\Program Files\IDA Pro x.x\plugins\WinIoCtlDecoder.py

Usage

------

1. Select an interesting IOCTL code in the disassemble window.

2. Hit Ctrl+Alt+D or select Edit/Plugins/Windows IOCTL code decoder

You also can call 'winio_decode' function directly from the Python CLI window.

The result will be printed in the Output window.

    Python>winio_decode(0x220086)

    winio_decode(0x00220086)

    Device   : FILE_DEVICE_UNKNOWN (0x22)

    Function : 0x21

    Method   : METHOD_OUT_DIRECT (2)

    Access   : FILE_ANY_ACCESS (0)