Extending IDC and IDAPython

Scripting with IDA Pro is very useful to automate tasks, write scripts or do batch analysis, nonetheless one problem is commonly faced by script writers: the lack of a certain function from the scripting language. In the blog post going to demonstrate how to extend both IDC and IDAPython to add new functions. Continue reading Extending IDC and IDAPython

Kernel debugging with IDA Pro / Windbg plugin and VirtualKd

The other day we received an email support question asking if IDA Pro / Windbg debugger plugin works with VirtualKd, a tool that allows speeding up (up to 45x) Windows kernel module debugging using VMWare and VirtualBox virtual machines. After we installed and experimented with VirtualKd, our answer was “yes, certainly”. This blog entry aims at illustrating how to configure VirtualKd to be used with IDA Pro / Windbg plugin and VMWare.

Continue reading Kernel debugging with IDA Pro / Windbg plugin and VirtualKd

Book Review: The Art of Assembly Language, 2nd Edition

Have you ever tried to teach x86 assembly language programming to someone coming from high level language programming background and discovered that it was hard?

Before being able to write a simple “Hello World” program one needs to know a fair deal about the x86 architecture, the assembler language and the operating system. Obviously this is not the case with high level languages such as C for example.

I was reading The Art of Asssembly Language, 2nd edition book by Randall Hyde the other day and really enjoyed his approach to teaching the assembly language programming.

Continue reading Book Review: The Art of Assembly Language, 2nd Edition

Environment variable editor

Normally, to change environment variables in a running process, one has to terminate the process, edit the environment variables and re-run the process. In this blog entry we are going to write an IDAPython script that allows us to add, edit or delete environment variables in a running process directly. To achieve this we will use Appcall to manage the variables and a custom viewer that serves as the graphical interface.

envedit.gif

Continue reading Environment variable editor

Using custom viewers from IDAPython

Custom viewers can be used to display arbitrary textual information and can be used in any IDA plugin.They are used in IDA-View, Hex-View, Enum and struct views and the Hex-Rays decompiler.

In this blog entry we are going to write an ASM file viewer in order to demonstrate how to create a custom viewer and populate it with colored lines.
asmview.gif

Continue reading Using custom viewers from IDAPython

Scriptable Processor modules

One of the new features we are preparing for the next version of IDA is the ability to write processor modules using your favorite scripting language.
After realizing how handy it is to write file loaders using scripting languages, we set out to making the same thing for processor modules. As an exercise for this new feature, we implemented a processor module for the EFI bytecode.

Continue reading Scriptable Processor modules

New IDC improvement in IDA Pro 5.6

Scripting with IDA Pro has always been a very handy feature, not only when used in scripts but also in expressions, breakpoint conditions, form fields, etc…
In IDA Pro 5.6 we improved the IDC language and made it more convenient to use by adding objects, exceptions, support for strings with embedded zeroes, string slicing and references.

Continue reading New IDC improvement in IDA Pro 5.6