Want to Join Us ?

you'll be able to discuss, share and send private messages.

Release qira

Discussion in 'Plugins' started by storm shadow, Jul 24, 2014.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    cd ~/
    wget -qO- https://qira.googlecode.com/git/releases/qira-0.4.tar.xz | unxz | tar x
    cd qira
    Preface the process you want to analyze with qira
    qira /bin/ls / # and for arm, QEMU_LD_PREFIX works, or run fetchlibs.sh
    Navigate to http://localhost:3002/ and view.
    To use in server mode(like socat)
    qira -s tests/ctf/ezhp
    nc localhost 4000 # web triggered forks listen on port 4001
    If you have IDA running with the plugin on the web browser machine it should connect
    Traces longer than 10,000,000 instructions don't work well
    x86-64 support is still experimental
    v0.4 -- Using 50x faster C++ database. strace support. argv and envp are there.
    v0.3 -- Built in socat, multiple traces, forks(experimental). Somewhat working x86-64 and ARM support
    v0.2 -- Removed dependency on mongodb, much faster. IDA plugin fixes, Mac version.
    v0.1 -- Initial release
    Is IDA needed to use this?
    No. Think of IDA like a joystick for a flight simulator or Push for Ableton. It helps you navigate around, but if you can navigate a program in gdb without IDA, you can navigate in QIRA without IDA.
    Why would I use this? I can do this all in gdb.
    Why would you use IDA when you can use objdump, a printer, scissors, and a gluestick?


    source https://code.google.com/p/qira/source/list
    Rip Cord likes this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    I did not know this but GeoHot actuelly started this.

    Her is a conferense tut on the tool.

    Debugger seems good, just not many functions at the moment.
    Rip Cord likes this.