I downloaded the new IDASCOPE and there was some small errors , just minors Unpack into plugins folder. Its important that you set up your config.py file proberly or it wont run. its located C:\Users\yourfolder\Downloads\ida\ida\plugins\IDAscope\idascope\config.py edit the lines where it says "yourfolder" Code (Python): configuration = { "config_path_sep": "\\", "plugin_only": False, "paths": { # "idascope_root_dir": "C:\\Users\\yourfolder\\Downloads\\ida\\ida\\plugins", "idascope_root_dir": "C:\\Users\\yourfolder\\Downloads\\ida\\ida\\plugins\\IDAscope", "semantics_file": "idascope\\data\\semantics.json", "semantics_folder": "idascope\\data\\semantics", "winapi_keywords_file": "idascope\\data\\winapi_keywords.json", "winapi_rootdir": "C:\\WinAPI\\" }, "winapi": { "search_hotkey": "ctrl+y", "load_keyword_database": True, "online_enabled": True }, "inspection": { "default_semantics": "win-ring3" }, "yara": { "yara_sigs": ["C:\\yara"] } } you can read a small guide here. http://pnx-tf.blogspot.no/2014/02/idascope-v11-yara-scanning.html If you want to use it, make sure to install YARA Python first and adjust the paths specified in ./idacope/config.py to your local collection of signature files. https://googledrive.com/host/0BznOMqZ9f3VUek8yN3VvSGdhRFU/yara-python-2.0.0.win32-py2.7.exe also get and unpack sigs into C:\yara\*.yara https://github.com/cabrel/yarasigs. Code (Text): ############################################# ___ ____ _ |_ _| _ \ / \ ___ ___ ___ _ __ ___ | || | | |/ _ \ / __|/ __/ _ \| '_ \ / _ \ | || |_| / ___ \\__ \ (_| (_) | |_) | __/ |___|____/_/ \_\___/\___\___/| .__/ \___| |_| ############################################# by Daniel Plohmann and Alexander Hanel ############################################# [+] Loading simpliFiRE.IDAscope [/] setting up shared modules... [|] loading DocumentationHelper [|] loading SemanticIdentifier [/] SemanticIdentifier: Starting (fast) scan by references of function semantics. [\] Analysis took 0.10 seconds. [|] Loading WinApiProvider [|] loading CryptoIdentifier [|] loading PatternManager [|] loading YaraScanner [\] this took 2.66 seconds. [/] setting up widgets... [|] loading FunctionInspectionWidget [|] loading WinApiWidget [|] loading CryptoIdentificationWidget [|] loading YaraScannerWidget [\] this took 0.20 seconds. Using FLIRT signature: Microsoft VisualC 2-10/net runtime loading rules from file: C:\yara\apt.yar (72) loading rules from file: C:\yara\APT_NGO_wuaclt.yar (1) loading rules from file: C:\yara\APT_NGO_wuaclt_PDF.yar (1) loading rules from file: C:\yara\avdetect.yar (1) [!] Could not load yara rules from file: C:\yara\cve.yar loading rules from file: C:\yara\dbgdetect.yar (3) loading rules from file: C:\yara\GeorBotBinary.yara (1) loading rules from file: C:\yara\GeorBotMemory.yara (1) loading rules from file: C:\yara\hangover.yar (16) [!] Could not load yara rules from file: C:\yara\index.yar loading rules from file: C:\yara\sandboxdetect.yar (1) loading rules from file: C:\yara\vmdetect.yar (1) loading rules from file: C:\yara\xplug.yar (2) [!] Performing YARA scan... download http://www.filedropper.com/idascope THX to Computer line for the PySide patch update!! download more yara sigs and put in C:\yara folder https://raw.github.com/jaimeblasco/AlienvaultLabs/master/malware_analysis/CommentCrew/apt1.yara
Someone had this problem, and have solution? C:/IDAscope/IDAscope.py Code (Text): -------------------------------------------------------------------------------------- Python 2.7.8 (default, Jun 30 2014, 16:03:49) [MSC v.1500 32 bit (Intel)] IDAPython v1.5.3 final (serial 3) (c) The IDAPython Team <idapython@googlegroups.com> -------------------------------------------------------------------------------------- [!] IDAscope.py is not present in root directory specified in "config.py", trying to resolve path... [+] IDAscope root directory successfully resolved. type object 'PluginForm' has no attribute 'FORM_CLOSE_LATER' Traceback (most recent call last): File "C:\Program Files (x86)\Ida6.1\python\idaapi.py", line 400, in IDAPython_ExecScript execfile(script, g) File "C:/IDAscope/IDAscope.py", line 261, in <module> main() File "C:/IDAscope/IDAscope.py", line 257, in main IDASCOPE.Show() File "C:/IDAscope/IDAscope.py", line 168, in Show options=(PluginForm.FORM_CLOSE_LATER | PluginForm.FORM_RESTORE | PluginForm.FORM_SAVE)) AttributeError: type object 'PluginForm' has no attribute 'FORM_CLOSE_LATER' IDAscope/testing/idascope_tests.py Code (Text): -------------------------------------------------------------------------------------- Python 2.7.8 (default, Jun 30 2014, 16:03:49) [MSC v.1500 32 bit (Intel)] IDAPython v1.5.3 final (serial 3) (c) The IDAPython Team <idapython@googlegroups.com> -------------------------------------------------------------------------------------- No module named idascope.core.helpers.GraphHelper Traceback (most recent call last): File "C:\Program Files (x86)\Ida6.1\python\idaapi.py", line 400, in IDAPython_ExecScript execfile(script, g) File "C:/IDAscope/testing/idascope_tests.py", line 36, in <module> from idascope.core.helpers.GraphHelper import GraphHelper ImportError: No module named idascope.core.helpers.GraphHelper
did you edit the idacope/config.py and set the path proberly. config.py Code (Text): "paths": { "idascope_root_dir": "C:\\Users\\zadow\\Downloads\\ida\\ida\\plugins\\IDAscope", remeber to set yara dir also i have mine in ida folder\plugins\IDAscope\Idascope.py
Yes I did but I have the same error in my dir : C:\Program Files (x86)\Ida6.1\plugins\IDAscope\idascope\config.py Code (Python): configuration = { "config_path_sep": "\\", "plugin_only": False, "paths": { # "idascope_root_dir": "C:\\Program Files (x86)\\Ida6.1\\plugins\\IDAscope", "idascope_root_dir": "C:\\Program Files (x86)\\Ida6.1\\plugins\\IDAscope", "semantics_file": "idascope\\data\\semantics.json", "semantics_folder": "idascope\\data\\semantics", "winapi_keywords_file": "idascope\\data\\winapi_keywords.json", "winapi_rootdir": "C:\\WinAPI\\" }, "winapi": { "search_hotkey": "ctrl+y", "load_keyword_database": True, "online_enabled": True }, "inspection": { "default_semantics": "win-ring3" }, "yara": { "yara_sigs": ["C:\\yara"] } }
the Code (Text): PluginForm.FORM_CLOSE_LATER is a PyQt4 error it cant create the QT forms Have you tried the exampels from idapython especially the PyQtexampel and pyside
Thanks friend a question which version of "PyQt4" you recommend for IDA 6.1 and Python 2.7.8 Another question, need I copy some dlls from "PyQt4" to IDA directory?
the build by @computerline works great http://techbliss.org/threads/settin...-it-makes-big-difference.211/page-3#post-1244 and PySide http://techbliss.org/threads/settin...-it-makes-big-difference.211/page-4#post-1319 and if it dosent work you can extract these dll into ida folder https://www.firedrive.com/file/2F21AF99229D5FB2