from
Carlos Garcia Prado
Milf (beta)
An IDA Pro swiss army knife (with a sexy name!)
Who's that girl?
MILF is an IDA Pro plugin which automates several typical tasks in a RE session.
It has been written with a main focus on vulnerability discovery and security research. However a lot of her capabilities can be used in any generic RE project.
It's written in Python making use of the IDAPython API interface.
Anti-plagiarism Disclaimer
Some of this code has been inspired by some work presented by Aaron Portnoy (of TippingPoint?) in Toorcon Seattle 2008. This has been pointed out within the code comments where pertinent.
Aaron, you are the man!
What can she do?
Mark dangerous functions
Zip
https://github.com/carlosgprado/MILF/zipball/master
Tar
https://github.com/carlosgprado/MILF/tarball/master
https://github.com/carlosgprado/MILF
I just love this plugin
Carlos Garcia Prado
Milf (beta)
An IDA Pro swiss army knife (with a sexy name!)
Who's that girl?
MILF is an IDA Pro plugin which automates several typical tasks in a RE session.
It has been written with a main focus on vulnerability discovery and security research. However a lot of her capabilities can be used in any generic RE project.
It's written in Python making use of the IDAPython API interface.
Anti-plagiarism Disclaimer
Some of this code has been inspired by some work presented by Aaron Portnoy (of TippingPoint?) in Toorcon Seattle 2008. This has been pointed out within the code comments where pertinent.
Aaron, you are the man!
What can she do?
Mark dangerous functions
- Find immediate compares
- Mark switches
- Show paths between functions
- Show paths between basic blocks within a function
- Find File IO
- Find Network IO
- Find Allocations
- Find dangerous „size params“
- Create IDA (connection) graphs
- Create „custom viewers“
- Mark dangerous functions
- Look for references to "dangerous" functions within a binary and colour them for easy spotting.
- For example: "call memcpy"
- Find immediate compares
- Mark all immediate compares in the current function. This is specially useful when analysing a huge function we suspect acts as a parser.
- For example: cmp esi, 14h
- Mark switches
- Show paths between functions
- Show paths between basic blocks within a function
- Find File IO
- Find functions calling file i/o imports.
- Find Network IO
- Find functions calling network i/o imports.
- Find Allocations
- Find functions allocating/freeing memory.
- Find dangerous „size params“
- Still a naive approach but interesting. Checks for calls to known problematic functions which accept a "size" parameter. If this argument is not a constant, it's worth it to take a look in case we can control it
- Still a naive approach but interesting. Checks for calls to known problematic functions which accept a "size" parameter. If this argument is not a constant, it's worth it to take a look in case we can control it
- Create IDA (connection) graphs
- A class for creating IDA embedded Graphs, showing the paths between two functions and some other info.
- Create „custom viewers“
- Useful to display info (for example results of Find Network IO) in an embedded viewer within IDA Pro.
- Integration with Intel PIN trace files
- and much more
Zip
https://github.com/carlosgprado/MILF/zipball/master
Tar
https://github.com/carlosgprado/MILF/tarball/master
https://github.com/carlosgprado/MILF
I just love this plugin