Want to Join Us ?

you'll be able to discuss, share and send private messages.

ea exploitation/reversing aids for IDA pro by 1111joe1111

Discussion in 'Plugins' started by storm shadow, Oct 19, 2017.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    IDA EA

    • A set of exploitation/reversing aids for IDA
    Features

    Context Viewer

    New context viewer for IDA, Features include:
    • Recursive pointer derfereneces
    • History browser
    • Color coded memory
    • Instruction rewind feature
    • A similar interface to that of popular GDB plugings (eg. PEDA/GEF)
    [​IMG]
    Instuction Emulator

    • Live annotate the results if furture instructions in IDA using the Unicorn CPU emulator
    • Can be hooked to breakpoints
    • Visualise instructions before execution
    [​IMG]
    Heap Explorer

    Explore current heap state of glibc binaries
    • Trace allocations
    • Enumerate bins
    • View all free and allocated chunks headers
    • Useful for heap exploitation / debugging.
    [​IMG]
    Trace Dumper

    • Dump the results of an IDA trace into a Pandas Dataframe
    • Analyze traces in Python using Pandas
    [​IMG]
    [​IMG]
    CMD

    • GDB bindings for IDA
    • GDB style mem queries + searches
    [​IMG]
    Restyle

    • Restyle IDA using GUI.
    [​IMG]
    Install

    Dependencies

    No core dependencies for the plugin. Nevertheless certain fetures will be disabled without these python libraries installed:
    Trace Dumper

    • Pandas
    Instruction Emulator

    • Unicorn CPU emulator
    • Capstone Dissasembler
    Install

    • Place ida_ea folder in IDA Pro directory (C:\Users\{name}\AppData\Roaming\Hex-Rays\IDA Pro on Windows)
    • Add line from ida_ea import ea_main to your idapythonrc file.
    • Plugin is accessed via IDA EA tab added to the menu bar
    Warning

    • Only tested on Windows with IDA 6.8
    • Only supports x86/x86-64 binaries
    • Alpha release so expect many bugs!
    Enjoy!

    source
    https://github.com/1111joe1111/ida_ea
     

    Attached Files:

    roocoon and Rip Cord like this.
Top