Skip to content

NyaMisty/ida_ipython

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

100 Commits

notebook/examples

notebook/examples

 
 

plugin

plugin

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

generate_kernels.py

generate_kernels.py

 
 

generate_kernels_wsl.py

generate_kernels_wsl.py

 
 

launch_ida.py

launch_ida.py

 
 

launch_ida_wsl.py

launch_ida_wsl.py

 
 

qtbasic.gif

qtbasic.gif

 
 

qtwithgraph.gif

qtwithgraph.gif

 
 

releasezip.py

releasezip.py

 
 

Repository files navigation

What's New

  • Pure Python

What and Why?

This is a plugin to embed an IPython kernel in IDA Pro. The Python ecosystem has amazing libraries (and communities) for scientific computing. IPython itself is great for exploratory data analysis. Using tools such as the IPython notebook make it easy to share code and explanations with rich media. IPython makes using IDAPython and interacting with IDA programmatically really fun and easy.

Example Uses

QT Console

You can just use IPython qtconsole for a better interactive python shell for IDA.

Image of Basic QT Usage

You can also use the QT console to graph things. This is an example creating a bar chart for the occurrences of each instruction mnemonic in a function (in notepad.exe).

Image of QT with graph

Notebooks

Another useful case is using IPython notebooks.

  • Function Entropy - Here is an example where we compute the entropy (using scipy stats module) of each function in notepad.exe and graph the result.
  • Cython and IDA - Here is an example where we use the cython cell magic to call IDA Api's that are not exposed via IDAPython.
  • Sark Snapshots - Example of screen snapshots using Sark.

More examples..soon...

How the plugin works

IDA is predominantly single threaded application, so we cannot safely run the kernel in a separate thread. So instead of using another thread, a timer is registered via IDAPython and the do_one_iteration method of the ipython kernel is executed each frame.

Installation

I suggest using the Anaconda distribution of Python as it comes with all the required python libraries pre-built and installed. To get IDA to use Anaconda, simply set the PYTHONHOME enviroment variable. Alternatively you can install IPython and the dependencies separately.

This plugin should work on all 6.X x86 QT versions of IDA on Windows, Linux, and OSX (only tested on Windows).

Basic Installation and QTConsole

  1. Download and extract the release
  2. Copy ida_ipython.py into IDA's plugins directory
  3. Launch IDA
  4. Under the View menu, click IDAIPython QtConsole or
  5. At the command line, start an IPython qtconsole with the kernel instance (outputted in the IDA console) e.g jupyter qtconsole --existing kernel-4264.json

Using the Notebook

  1. Change the paths to the idaq.exe and idaq64.exe executables in the kernel.json under the notebook-kernels\ida32 and notebook-kernels\ida64 directories respectively (the default is IDA 7.1 on Windows)
  2. Install the kernels using jupyter-kernelspec install (e.g. jupyter-kernelspec install --user notebook-kernels\ida64)
  3. When starting a notebook, choose the IDA32 or IDA64 kernels, depending on your desired IDA version.

About

An IDA Pro Plugin for embedding an IPython Kernel

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

7 tags

Packages

No packages published

Languages

  • Jupyter Notebook 95.6%
  • Python 4.4%