Want to Join Us ?

you'll be able to discuss, share and send private messages.

Python ida pro images by rr

Discussion in 'Plugins' started by storm shadow, Nov 1, 2016.

Share This Page

Tags:
  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    ida-images

    Image preview plugin for Ida disassembler.
    Application

    I made this plugin to ease finding image decoding routines - I can run some complex code and see if the memory contains the image I'm looking for afterwards.
    Features

    • Standalone frontend for analyzing plain files
    • Multiple pixel formats to choose from: RGB, BGR, alpha channels, etc.
    • Saving as PNG
    • Adjusting brightness (useful for searching for images using palettes)
    • Flipping vertically (useful for analyzing images using BMP-like layout)
    • Convenient keyboard shortcuts:
      • G - go to address (supports input such as edi)
      • Q - close
      • Ctrl + S - save as…
      • Ctrl + F - toggle vertical flip
      • H - shrink size horizontally by 1 pixel
      • J - expand size vertically by 1 pixel
      • K - shrink size vertically by 1 pixel
      • L - expand size horizontally by 1 pixel
      • Shift + H - shrink size horizontally by 25 pixels
      • Shift + J - expand size vertically by 25 pixels
      • Shift + K - shrink size vertically by 25 pixels
      • Shift + L - expand size horizontally by 25 pixels
      • ← - go backward by one byte
      • → - go forward by one byte
      • Shift + ← - go backward by 25 bytes
      • Shift + → - go forward by 25 bytes
      • Ctrl + ← - go backward by 1/10 a "page"
      • Ctrl + → - go forward by 1/10 a "page"
      • Ctrl + Shift + ← - go backward by one "page"
      • Ctrl + Shift + → - go forward by one "page"
    Additionally, I'm open to feature requests, as long as they won't make the code too bloated.
    Installing IDA plugin

    Either drop the rgb-ida.py file and librgb directory in C:\Program Files (x86)\IDA 6.6\plugins (or similar) and then run it via Ctrl + 3, or run the script manually with Alt + F9.
    Installing standalone version

    In this case you can either directly use ./rgb, or install it globally with sudo python setup.py install.
    Seeing it in action

    Viewing program code

    [​IMG]
    I have no idea what the gradients are there for, but it's certainly interesting!
    [​IMG]
    More mysterious data.
    Viewing actual bitmap

    [​IMG]
    Now all that's left is to localize the exact function that allocated this segment... and voilà.

    source https://github.com/rr-/ida-images
    i added a modded version for PyQt4, i couldent get the original to work
     

    Attached Files:

    m4n0w4r and Rip Cord like this.
Top