IDA Plugs

[DARKER]

Nasiel som nejake nove veci okolo pluginov pre IDA, mozno to bude pre niekoho zaujimave:

IDA Pro plugin wizard for Visual Studio 2008 and Visual C++ 2008 Express Edition

All appropriate compiler and linker options are configured by the wizard.
(A different version of the wizard is available for 2005 compilers)

The wizard can currently create:
    * plugin modules
    * debugger plugin modules

Quickopt

Sluzi na "rychle" nastavenia roznych param
- Show calculated stack pointer value
- Show offsets in function instead of segment addresses
- Show autogenerated comments (instruction descriptions)
- Show instruction opcodes

+ je tam aj dobry book Reverse Engineering Code with IDA Pro

Code: [Select]

http://demonteam.narod.ru/quickopt/quickopt.html

[DARKER]

Class Informer
=========================================================
IDA Pro 5.xx Win32 class vftable finder, namer, fixer, lister plug-in.
Version 1.01, April 2009 By Sirmabus

Scans an MSVC 32bit target IDB for vftables with C++ RTTI, and MFC RTCI type data. Places structure defs, names, labels, and comments to make more sense of class vftables ("Virtual Function Table") and make them read easier as an aid to reverse engineering. Creates a list window with found vftables for browsing.

Download:
http://www.openrce.org/repositories/users/Sirmabus/Class_Informer101.zip

[DARKER]

TurboDiff – a simple (and fast!) approach to binary patch diffing

TurboDiff is a new IDA Pro plugin for binary patch diffing by Nicolás Economou. Binary diffing in this context means the analysis of a vendor-supplied patch (such as Microsoft Tuesday patches, for example) to find out exactly how the vulnerability it’s fixing works. This is essential in both developing an effective IDS signature (from a defensive standpoint) and a working exploit for it (from the attacker’s point of view).

http://breakingcode.wordpress.com/2009/10/15/turbodiff-a-simple-and-fast-approach-to-binary-patch-diffing/

[DARKER]

Kazdy rok sa kona Plugin writer Contest pre IDA.

Tento rok prve tri miesta obhajili:

1. MyNav, a python plugin for IDA Pro
This is a very powerful python-based plugin. MyNav is an Open Source plugin for IDA Pro which aims to help reverse engineers doing the most typical tasks.

http://joxeankoret.com/blog/2010/05/02/mynav-a-python-plugin-for-ida-pro/

2. ida2sql plugin:
As the name implies this plugin can be used to export information from IDA databases to SQL databases. This allows for further analysis of the collected data: statstical analysis, building graphs, finding similarities between programs, etc.

http://wiki.github.com/zynamics/ida2sql-plugin-ida/

3. IDA WinHelp Viewer plugin
The idea is very simple: make it easy to display WinHelp files in IDA Pro. There is no need to even have the WinHelp executable installed, just copy the plugin into the IDA plugins directory, the plugin can read .hlp files without any external help. It comes with a good x86 instruction reference file. Pressing F2 staying on an instruction gives detailed information about it.

http://www.hex-rays.com/contest2010/IDAWinHelpViewer/IDAWinHelpViewer.pdf

More:
http://www.hex-rays.com/contest2010/

[DARKER]

Celkom slusny list of IDA Plugins

https://github.com/onethawt/idaplugins-list

[DARKER]

Vysledky Plug-In Contest 2015
https://hex-rays.com/contests/2015/index.shtml

[DARKER]

idaemu
idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro. it is base on unicorn-engine.

Support architecture:
    X86 (16, 32, 64-bit)
    ARM (developing)

https://github.com/36hours/idaemu

[Z!L0G80]

ti co chodi na exetools asi znaji
takove rozsireni predchoziho prispevku

https://github.com/cseagle/sk3wldbg

This is the Sk3wlDbg plugin for IDA Pro. It's purpose is to provide a front end for using the Unicorn Engine to emulate machine code that you are viewing with IDA.

The plugin installs as an IDA debugger which you may select whenever you open an IDA database containing code supported by Unicorn. Currently supported architectures include:

    x86
    x86-64
    ARM
    ARM64
    MIPS
    MIPS64
    SPARC
    SPARC64
    M68K

[DARKER]

NRS is a set of Python librairies used to unpack and analysis NSIS installer's data. It also feature an IDA plugin used to disassembly the NSIS Script of an installer.

https://github.com/isra17/nrs/

[DARKER]

Debugging starych MS-DOS hier a programov v IDA.

Download
https://github.com/lab313ru/idados_dosbox
https://github.com/lab313ru/idados_dosbox/releases

Usage
    Run dosbox.exe;
    Mount some directory (mount Y d:\somedir\), put your MS-DOS executable in "d:\somedir\";
    Goto your mounted Y:\ disk (Y:);
    Run "debug yourexe.exe". It will freeze. Just press Alt+Tab;
    Open IDA Pro and your executable there;
    Select "Remote Dosbox debugger";
    Go to Debugger->Process options... menu and specify host as "localhost";
    Press F9 to run debugging process.

[DARKER]

Velmi dobry plugin na synchronizaciu RE medzi viacerymi uzivatelmi a jednym spolocnym projektom. Viac na stranke.

Sol[IDA]rity is a modular interconnectivity platform for IDA Pro. It aims only to connect instances of IDA and reduce the overhead for tailored, asynchronous client communication. Upon this platform, we built a rich, deeply integrated, and incredibly personal experience to demonstrate the power of collaboration through seamless interconnectivity.

https://solidarity.re/

[DARKER]

Plug-In Contest 2016:

https://www.hex-rays.com/contests/2016/index.shtml

[DARKER]

A search tool for IDA
https://github.com/xorpd/idsearch

[DARKER]

HexRaysPyTools
Plugin assists in creation classes/structures and detection virtual tables. Best to use with Class Informer plugin, because it helps to automatically get original classes names

https://github.com/igogo-x86/HexRaysPyTools

[DARKER]

IDA 7.0 SDK: Porting from IDA 4.9-6.x API to IDA 7.0 API
https://hex-rays.com/products/ida/7.0/docs/api70_porting_guide.shtml