VirusTotal plugin for IDA Pro

In this blog post, we are going to illustrate how to use some of the new UI features introduced in IDA Pro 6.1 (embedded choosers, custom icons, etc…) by writing a VirusTotal reporting and file submission plugin for IDA Pro. The plugin will allow you to get reports from VirusTotal based on the input file MD5 or a file of your choice. The plugin will offer to upload the file if the file was not analyzed before.


Continue reading VirusTotal plugin for IDA Pro

IDA & Qt: Under the hood

Generally speaking most plugins for IDA can be written by using only the provided SDK. The API environment provided by IDA is vast and gives the plugin writer the capability to display graphical elements such as colored text views, graphs, forms and choosers.

However, there are cases when this is not enough. In idag the developer could use the Windows/.NET environment to go beyond the limits of the IDA SDK. While this is still possible in idaq, it is not advised, as it binds the code of the plugin to Windows and forces idaq to switch from alien widgets to system windows (more about that later).

Since accessing Qt from C++ requires setting up a development environment on every platform the developer wishes to deploy his plugin, one might take into consideration using PySide to access the Qt environment. The advantages of this approach are many. The first one is that the code once written will work on every platform without additional work. Moreover, there’s no need to recompile a plugin for every major Qt release deployed with idaq.

That being said, there might be cases where the developer/company needs or prefers to access the Qt framework directly from C++ and that is what is going to be covered in this article.

Continue reading IDA & Qt: Under the hood

IDA Pro 6 licenses

As many of you already know, IDA6 copies ship separately for Windows/Linux/Mac. Before we were giving the Linux/Mac versions for free because there was no GUI for them. Now we have full fledged GUIs for all platforms (and our development/techsupport costs increased because of that), so we separated the licenses. We could simply have increased the price of the whole package but since the absolute majority of our users stick to one platform, it is fairer to separate licenses. This way only the customers who really use multiple platforms pay extra. We believe this is the fairest solution for everyone.
Continue reading IDA Pro 6 licenses

IDA Pro, Python and Qt

IDA Pro 6.0 implements a cross-platform UI with the use of Qt framework. The good thing about it is that plugin writers can also develop cross-platform UI directly with Qt. But what about script writers?

In this blog post we are going to illustrate how to use PySide to create UI interfaces for IDA Pro using IDAPython.


Continue reading IDA Pro, Python and Qt

Calculating API hashes with IDA Pro

Many times when debugging malware you discover that the malware does not import any function, replaces API names by hashes and tries to resolve the addresses by looking up which API name has the desired hash!

In this blog post we are going to demonstrate how to use IDA Pro to solve this problem and uncover all API hashes.


Continue reading Calculating API hashes with IDA Pro

Extending IDC and IDAPython

Scripting with IDA Pro is very useful to automate tasks, write scripts or do batch analysis, nonetheless one problem is commonly faced by script writers: the lack of a certain function from the scripting language. In the blog post going to demonstrate how to extend both IDC and IDAPython to add new functions. Continue reading Extending IDC and IDAPython