Skip to content

xorhex/IDAExtras

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
documentation
documentation
 
 
idaextras
idaextras
 
 
IDAExtras.py
IDAExtras.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

What is IDA Extras?

IDA extras is a (growing) collection of IDA UI and other enhancements to overcome some challenges when using IDA. If it possible to do these things natively in IDA, please let me know.

How To Install?

Drop idaextras directory and IDAExtras.py into IDA's plugin directory.

What Are These Enhancements?

1. Exports

IDA Extras: Exports renders another tab similar to the default Exports tab but will provide additional detail about the exports. This interface came about due to wanting a quick way to find exports of interest when dealing with many exports where a number of them are just retn statements. There is even an AutoFilter option to remove all of the ones with retn mnemonic or where the Is Code flag is False.

Video

IDAExtrasExports.webm

The export screen is started in the video using the shortcut key. The menu item was not clicked; just shown.

2. Copy Bytes

Copy Bytes works in both the dissembler view and the hex view. This enchancement copies the bytes selected on the screen. It's not perfect, but it gets the job done.

The build-in IDA shortcut is Shift-E which gives the user more options but sometimes it's nice to have a quick copy bytes in the right click menu.

Caveat 1: When copying selected bytes in the dissassembler view it makes use of idc.read_selection_end() and idc.read_selection_start() which, when in the dissassembler view, means all of the bytes on each line are captured. So if the highlight starts in the middle of one line and ends in the middle of the next line then all of the instructions for both will be copied.

Caveat 2: When copying the bytes in the hex viewer, sometimes one additional byte gets added to the contents copied.

Caveat 3: When copying bytes in the hex viewer, the start and stop positions are determined by when the mouse was clicked and then let up - it does NOT match the contents that get highlighted!

Video: Dissassembler View

CopyBytes_DissassemblerView.webm
IDAExtrasCopyBytes_DissassemblerTake2.mp4

Video: Hex Viewer

IDAExtrasCopyBytes_HexView.mp4

3. sockaddr_in.sin_addr and sockaddr_in.sin_port

Right click on a DWORD or WORD in the dissassembly view to have the sin_addr and/or the sin_port number representation of those bytes displayed. Upon selecting the value in the context menu, the string representation is then added as a comment.

sockaddr_in.sin_addr representation

sockaddr_in.sin_port representation

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages