IDA EA
Context Viewer
New context viewer for IDA, Features include:
Instuction Emulator
Heap Explorer
Explore current heap state of glibc binaries
Trace Dumper
CMD
Restyle
Install
Dependencies
No core dependencies for the plugin. Nevertheless certain fetures will be disabled without these python libraries installed:
Trace Dumper
source
https://github.com/1111joe1111/ida_ea
- A set of exploitation/reversing aids for IDA
Context Viewer
New context viewer for IDA, Features include:
- Recursive pointer derfereneces
- History browser
- Color coded memory
- Instruction rewind feature
- A similar interface to that of popular GDB plugings (eg. PEDA/GEF)
Instuction Emulator
- Live annotate the results if furture instructions in IDA using the Unicorn CPU emulator
- Can be hooked to breakpoints
- Visualise instructions before execution
Heap Explorer
Explore current heap state of glibc binaries
- Trace allocations
- Enumerate bins
- View all free and allocated chunks headers
- Useful for heap exploitation / debugging.
Trace Dumper
- Dump the results of an IDA trace into a Pandas Dataframe
- Analyze traces in Python using Pandas
CMD
- GDB bindings for IDA
- GDB style mem queries + searches
Restyle
- Restyle IDA using GUI.
Install
Dependencies
No core dependencies for the plugin. Nevertheless certain fetures will be disabled without these python libraries installed:
Trace Dumper
- Pandas
- Unicorn CPU emulator
- Capstone Dissasembler
- Place ida_ea folder in IDA Pro directory (C:\Users\{name}\AppData\Roaming\Hex-Rays\IDA Pro on Windows)
- Add line from ida_ea import ea_main to your idapythonrc file.
- Plugin is accessed via IDA EA tab added to the menu bar
- Only tested on Windows with IDA 6.8
- Only supports x86/x86-64 binaries
- Alpha release so expect many bugs!
source
https://github.com/1111joe1111/ida_ea