Skip to content

IDA Pro

IDA Pro

https://github.com/williballenthin/idawilli

https://hex-rays.com/blog/tag/idatips/page/18/ ida tips

List of plugins:
The Interactive IDA Plugin List
Collection of IDA Python plugins/scripts/modules.
A list of IDA Plugins

Plugins:
IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform
An IDA Python script to extract information from string constants.
idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro
ScyllaHide for IDA7.5; ScyllaHide IDA7.5; It is a really niccccccce anti-anti-debug tool

Plugins

Firmware:
IDA Python Embedded Toolkit -- IDAPython scripts for automating analysis of firmware of embedded devices
A tool for finding proprietary protocols in UEFI firmware and UEFI modules analysing
Binwalk for IDA

Exploit Analysis:
Finding use-after-free and double-free and taint analysis
IDA ExtraPass PlugIn - finds code not automatically detected by IDA. Adds the new functions and marks the appropriate parts as code.
It is a set of plugins that help to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg/OllyDbg2/x64dbg) with a disassembler (IDA/Ghidra/Binary Ninja).
Automatically extract obfuscated strings from malware.
HashDB is a community-sourced library of hashing algorithms used in malware.
Match common functions
Tenet - A Trace Explorer for Reverse Engineers

C++:
Places structure defs, names, labels, and comments to make more sense of class and structure vftables
Detection and renaming of classes/structures and virtual tables
IDAPython tool for creating automatic C++ virtual tables in IDA Pro
Common tools for Types, Shellcode
Code Explorer Extract Structs and Types

GOlang:
parsing GoLang types information stored in compiled binary
Making GO reversing easier in IDA Pro
Symbol Extraction and renaming

Windows Drivers:
A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
Python script to assist with the reverse engineering of Windows kernel drivers.

Binary Diff:
Diff with source code
IDA Pro Binary Diff
Diff on Binary

Unusual Processors:
IDA Pro module for Toshiba MeP processors
PS4 Module Plugin
processor modules for WebAssembly

Decompilers:
a native code to C/C++ decompiler, supporting x86, AMD64, and ARM architectures

Etherium:
- IDA Processor Module for the Ethereum Virtual Machine (EVM).

Settings

Edit -> Comments -> Add Psudocode comments

Hot keys

Alt+B: Search Bytes (Can be in 5D ? FF D3 ?) format