GitHub - 1111joe1111/ida_ea: A set of exploitation/reversing aids for IDA
source link: https://github.com/1111joe1111/ida_ea
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
IDA EA
- A set of exploitation/reversing aids for IDA
Features
Context Viewer
New context viewer for IDA, Features include:
-
Recursive pointer derfereneces
-
History browser
-
Color coded memory
-
Instruction rewind feature
-
A similar interface to that of popular
GDBplugings (eg.PEDA/GEF)
Instuction Emulator
-
Live annotate the results if furture instructions in IDA using the
UnicornCPU emulator -
Can be hooked to breakpoints
-
Visualise instructions before execution
Heap Explorer
Explore current heap state of glibc binaries
-
Trace allocations
-
Enumerate bins
-
View all free and allocated chunks headers
-
Useful for heap exploitation / debugging.
Trace Dumper
-
Dump the results of an IDA trace into a Pandas Dataframe
-
Analyze traces in Python using Pandas
-
GDB bindings for IDA
-
GDB style mem queries + searches
Restyle
- Restyle IDA using GUI.
Install
Dependencies
No core dependencies for the plugin. Nevertheless certain fetures will be disabled without these python libraries installed:
Trace Dumper
Pandas
Instruction Emulator
Unicorn CPU emulatorCapstone Dissasembler
Install
-
Place
ida_eafolder inIDA Prodirectory (C:\Users\{name}\AppData\Roaming\Hex-Rays\IDA Proon Windows) -
Add line
from ida_ea import ea_mainto youridapythonrcfile. -
Plugin is accessed via
IDA EAtab added to the menu bar
Warning
-
Only tested on Windows with
IDA 6.8 -
Only supports
x86/x86-64binaries -
Alpha release so expect many bugs!
Enjoy!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK