Image preview plugin for Ida disassembler.
I made this plugin to ease finding image decoding routines - I can run some complex code and see if the memory contains the image I'm looking for afterwards.
- Standalone frontend for analyzing plain files
- Multiple pixel formats to choose from: RGB, BGR, alpha channels, etc.
- Saving as PNG
- Adjusting brightness (useful for searching for images using palettes)
- Flipping vertically (useful for analyzing images using BMP-like layout)
- Convenient keyboard shortcuts:
- G - go to address (supports input such as
edi) - Q - close
- Ctrl + S - save as…
- Ctrl + F - toggle vertical flip
- H - shrink size horizontally by 1 pixel
- J - expand size vertically by 1 pixel
- K - shrink size vertically by 1 pixel
- L - expand size horizontally by 1 pixel
- Shift + H - shrink size horizontally by 25 pixels
- Shift + J - expand size vertically by 25 pixels
- Shift + K - shrink size vertically by 25 pixels
- Shift + L - expand size horizontally by 25 pixels
- ← - go backward by one byte
- → - go forward by one byte
- Shift + ← - go backward by 25 bytes
- Shift + → - go forward by 25 bytes
- Ctrl + ← - go backward by 1/10 a "page"
- Ctrl + → - go forward by 1/10 a "page"
- Ctrl + Shift + ← - go backward by one "page"
- Ctrl + Shift + → - go forward by one "page"
- G - go to address (supports input such as
Additionally, I'm open to feature requests, as long as they won't make the code too bloated.
Either drop the rgb-ida.py file and librgb directory in C:\Program Files\IDA 7.0\plugins (or similar) and then run it via Ctrl +
3, or run the script manually with Alt + F9.
Tested on: IDA Pro 6.6, 6.8, 7.0
In this case you can either directly use ./rgb, or install it globally with
sudo python setup.py install.
I have no idea what the gradients are there for, but it's certainly interesting!
More mysterious data.
Now all that's left is to localize the exact function that allocated this segment... and voilà.