Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xorpd/fcatalog_client

fcatalog idapython client
https://github.com/xorpd/fcatalog_client

Last synced: 3 months ago
JSON representation

fcatalog idapython client

Host: GitHub
URL: https://github.com/xorpd/fcatalog_client
Owner: xorpd
License: gpl-3.0
Created: 2015-09-10T15:26:36.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2016-08-19T15:09:58.000Z (about 8 years ago)
Last Synced: 2024-05-27T12:08:50.337Z (6 months ago)
Language: Python
Size: 57.6 KB
Stars: 26
Watchers: 4
Forks: 9
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        FCatalog Client (IDA Plugin)

============================

This is the FCatalog Client IDA Plugin.

FCatalog is the Functions Catalog. It is a tool for quickly finding similar

functions from a large database of functions.

You can find the [fcatalog_server repository here](https://github.com/xorpd/fcatalog_server).

Requirements:

-------------

- You need IDA (Interactive Disassembler by Hex Rays) installed. I tested this

  only on IDA of version >= 6.

- Python2.7. I think that it should come together with IDA. Note that this code

  will not work with Python3. Sorry about that, IDA doesn't support Python3

  scripting yet.

- I tested this only on Windows 7. It might work on linux, but also might not.

- You will need a working [fcatalog_server](https://github.com/xorpd/fcatalog_server).

Installation

------------

Copy the fcatalog_client directory and fcatalog_plugin.py to the plugins

directory of your IDA installation. Then restart IDA.

Main Functions

--------------

After the installation, when you open any file with IDA you should see new menu

items under the **Edit** menu: 

- FCatalog: Clean IDB

- FCatalog: Find Similars

- FCatalog: Commit Functions

- FCatalog: Configure

First, configure your client by clicking on **FCatalog: Configure**. A dialog

box will ask you for the host and port of your FCatalog server. You will also

need to specify a database name. You can pick any database name that you want.

If it does not exist, it will be created automatically.

**FCatalog: Commit Functions** will save all your good "reversed" functions into

the remote database. Functions are considered good and "reversed" if all of the

following are true:

- They have a meaningful name (Any name that doesn't contain MAYBE or RELATED)

- They weren't acquired from a previous 'FCatalog: Find Similars' operation.

- They are long enough (At least 0x40 bytes) 

- They are not fragmented (Might be implemented in the future).

The IDA console should show you which functions were sent to the database.

**FCatalog: Find Similars** will search for every "unreversed" function inside

your IDB the most similar known function from the functions catalog database.

It will then rename the function according to the name from the functions

catalog database.

The new name will be of the format:

FCATALOG__{grade}__{function_name}

grade is the similarity score, between 0 and 16. 0 means not similar at all, 16

means very similar.

"unreversed functions" are functions that don't have any meaningful name, or

they have a name picked by the fcatalog system.

**FCatalog: Clean IDB** will clean your IDB from any fcatalog function names.

If you suddenly got scared from all the new function names, you can always

click on this button.

Tests

-----

There are basic offline tests in the test directory. You can run them with

unittest as follows:

        c:\python27\python.exe -m unittest discover

There is one online test (Runs against a real server). It is

tests/live_server.py. It should be run as follows:

        c:\python27\python.exe -m fcatalog_client.tests.live_server  

Website

-------

Visit me at http://www.xorpd.net