• Stars
    star
    602
  • Rank 74,409 (Top 2 %)
  • Language
    Python
  • Created over 4 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An integration for IDA and VS Code which connects both to easily execute and debug IDAPython scripts.

IDACode

IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The VS Code extension can be found on the marketplace.
IDACode is still in a very early state and bugs are to be expected. Please open a new issue if you encounter any issues.

Features

  • Speed: Quickly create and execute scripts.
  • Debugging: Attach a Python debugger at any time.
  • Compatibility: IDACode does not require you to modify your scripts in a specific way. All scripts can be executed from within IDA without changes.
  • Modularity: IDACode does not make extensive use of safe wrappers for thread synchronization, this allows you to import any module from any path at any given time. Instead IDACode synchronizes the script execution thread with IDAs main thread to avoid performance and unexpected issues.
  • Syncing: As IDACode uses debugpy for communication, it syncs the output window naturally with VS Code's output panel.

IDACode supports both Python 2 and Python 3!

Setup

To set up the dependencies for the IDA plugin run:

# make sure to use the correct Python version
# IDACode supports the latest debugpy as of version 3.0.0, make sure to upgrade!
python -m pip install --user debugpy tornado

Either clone this repository or download a release package from here. ida.zip reflects the contents of the ida folder in this repository. Copy all files into IDAs plugin directory.

The next step is to configure your settings to match your environment. Edit idacode_utils/settings.py accordingly:

  • HOST: This is the host address. This is always 127.0.0.1 unless you want it to be accessible from a remote location. Keep in mind that this plugin does not make use of authentication.
  • PORT: This is the port you want IDA to listen to. This is used for websocket communication between IDA and VS Code.
  • DEBUG_PORT: This is the port you want to listen on for incoming debug sessions.
  • PYTHON: This is the absolute path to the Python distribution that your IDA setup uses.
  • LOGGING: Determines whether the debugger should log into files. This is especially useful when you are running into issues with IDACode. Please submit a new issue if you find anything. The files are always located in your temp directory (e.g. Windows: %TEMP%). The files are called debugpy.*.log.

You can now start the plugin by clicking on IDACode in the plugins menu.

The VS Code extension is available on the marketplace. To configure the extension please refer to the extension's README.

Usage

IDA

Hit IDACode in the plugin menu. You should be greeted with the following text:

IDACode listening on 127.0.0.1:7065

VS Code

As of version 0.2.0 IDACode supports "Execute on save" which is enabled by default. VS Code will automatically execute your script in IDA as soon as you save the current document (for example with CTRL+S). This behavior can be disabled in the settings.

There are 4 commands at your disposal:

commands

Once you have a folder open that you want to put your scripts in (you must specify the folder when VS Code asks you to!) you are ready to connect to IDA. You can do so by either executing Connect to IDA or Connect and attach a debugger to IDA. Please keep in mind that a debug session is permanent until you restart IDA. You can not change the workspace folder once the debugger has started.
Ensure that the workspace folder is the folder that your main scripts are located in.
Once you are connected you are able to select Execute script in IDA.

Debugging

IDACode uses VS Code's remote debugger to connect to IDA. All VS Code features are supported. However, you have to specify the scripts entrypoint by using Python builtin functionality: breakpoint. This instruction tells the debugger to pause execution, if there's no debugger present it will just ignore the function. IDACode imports a helper package called dbg which implements an overload of breakpoint called bp. This function supports logging and conditionals:

name = idc.get_segm_name(segment)
dbg.bp(name==".text", f"found {name} at {segment}")

Please also note that a breakpoint() call should never occur at the end of a file, it must always be before any other line of code as it breaks on the next instruction in your code. Also note that if you decide to use the dbg package you must either remove all references or use the variable __idacode__ as conditional before executing it as a normal IDA script.
It is also important that attaching a debugger will create a new debugger instance. In most cases this is not what you want. If you disconnect from the debugger use VS Code's remote debugger to connect back.

Known Issues

  • Imported module doesn't reload after changes, refer to this for a work around.

Demo

demo

Contributors

More Repositories

1

dnpatch

.NET Patcher library using dnlib
C#
290
star
2

CVE-2020-16938

Bypassing NTFS permissions to read any files as unprivileged user.
C++
183
star
3

ceload

Loading dbk64.sys and grabbing a handle to it
C++
127
star
4

long_night

A collection of themes based on pastel colors, created for reverse engineers
CSS
115
star
5

vacation3-emu

VAC3 module emulator
C
87
star
6

llvm8

Statically recompiling CHIP8 to Windows and macOS using LLVM
C++
85
star
7

BlueGate

PoC for the Remote Desktop Gateway vulnerability - CVE-2020-0609 & CVE-2020-0610
Python
76
star
8

awesome-ui

A curated list of awesome UI libraries, frameworks & guidelines
65
star
9

SMBGhost

Scanner for CVE-2020-0796 - A SMBv3.1.1 + SMB compression RCE
Python
57
star
10

beeless

BeeByte Deobfuscator. Used it to deobfuscate an Unity3D Game. Alternatively, de4dot works aswell.
C#
44
star
11

kdbg-driver-vagrant

Batchfile
42
star
12

JodelAPI

API-Wrapper for the Jodel app in .NET
C#
36
star
13

dbgmon

Allows you to parse all messages sent to DbgPrint without any process interaction.
C++
29
star
14

pooldump

C++
28
star
15

dlsym_hook

Instrumenting a binary without source code to bypass anti-debug checks
C++
27
star
16

Curveball

PoC for CVE-2020-0601 - CryptoAPI exploit
C
21
star
17

RACEAC

Bypassing EAC integrity checks by abusing a TOCTOU in Dead by Daylight.
C++
21
star
18

dnpatch.script

dnpatch script engine stand alone
C#
16
star
19

kdbg-driver-workstation

Batchfile
14
star
20

rapid-kdbg-hyperv

13
star
21

master-duel

Python
13
star
22

SteamManifestFixer

Patches Steam to download depot files without manifest data.
C++
13
star
23

FallGuys

FallGuys cheat that used internal functions present in one of the first published releases of the game. Includes speed hacks and no-stun.
C++
12
star
24

DeadByDaylight

Dead by Daylight utilities created while researching
C++
11
star
25

excusemewtf

Our team's CTF writeups
Jupyter Notebook
11
star
26

rw

allowing um r/w through km from um ioctl ™
C++
11
star
27

dnSpy.dnpatch

dnpatch plugin for dnSpy!
C#
8
star
28

GitSpector

Desktop application to monitor Git repos and their build statuses, built with the power of Electron.
JavaScript
8
star
29

MaterialMessageBox

Custom QMessageBox/MessageDialog in QML for Qt Quick Controls 2.0
QML
7
star
30

hidenseek

Playing hide and seek in kernel mode.
C
7
star
31

Maze

C++
6
star
32

Wingman

The pluginbased Postman in C#
C#
5
star
33

NeptuneCI

Fast Continuous Integration Solution for GitHub
JavaScript
5
star
34

Switcheroo

Steam account switcher
C++
5
star
35

windows-driver-boilerplate-rs

pasted driver boilerplate
Rust
5
star
36

cve-info

Fetches information given a CVE
TypeScript
5
star
37

NETCompile

A library with functions to easily compile .NET apps/libs!
C#
5
star
38

snesutilities

SNES Rom extraction utilites.
Rust
5
star
39

kernel

Header-only library that assists you with exploiting the Windows kernel
C++
4
star
40

machina

Manage and execute assembly at runtime.
Rust
4
star
41

sam-rs

rust compiler plugin for compile time instruction assembling
Rust
4
star
42

llvm_test

Simple Hello World with LLVM
CMake
4
star
43

mmap-kernel-exploit

Gaining root by exploiting the mmap handler of a kernel module.
C
3
star
44

ll

some c++ stuff
C++
3
star
45

is-vm

Detecting VMs using the CPUID instruction
Assembly
3
star
46

Medusa

Medusa - .NET Multi-Scanner [BETA]
C#
3
star
47

ionScript

My own scriptlanguage using .NET as interpreter.
C#
3
star
48

sam

Compile time instruction assembler for Rust.
Rust
3
star
49

bn_memcpy

C++
3
star
50

docker-compiler-explorer

Dockerfile
2
star
51

dnSpyUpdater

Updater for dnSpy.
C#
2
star
52

sbb

Rust
2
star
53

pub.ioncodes.com

The index page of my public projects website
HTML
2
star
54

uwu

I should have never named this uwu...
C++
2
star
55

aseprite-ci

Build configurations to compile Aseprite via a GitLab CI Runner on Windows.
Batchfile
2
star
56

urldecode

Decodes a URL encoded String.
Rust
2
star
57

otf2ttf

Shell script for converting *.otf font files to *.ttf (Just want to get the SF font from my 🍎 on my Windows machine 😛)
Shell
2
star
58

ida_scripts

Python
2
star
59

cpp-makefile-template

Makefile
1
star
60

JodelWindows

Windows version of the Jodel app using my own API (JodelAPI on GitHub).
C#
1
star
61

iRecover

Password Recovery utility and library writtin in .NET
C#
1
star
62

RoguueLiike

Rogue-like game in MonoGame C#
C#
1
star
63

brainfuck_recompiler

Brainfuck recompiler to x64 asm
Rust
1
star
64

Axon

Objective-C header file parser
Swift
1
star
65

sam-web

Online assembler
JavaScript
1
star
66

ioncodes

1
star
67

eta-wen

HTML
1
star
68

Xiu

gameboy emulator in Rust
Rust
1
star
69

ionTheme

C# and VB.NET Theme as replacement for the odd windows style
C#
1
star
70

ctf

Docker image for CTFs
Dockerfile
1
star
71

Quickie

Find icons from different icon sets.
JavaScript
1
star
72

Korpus

Has nothing to do with IKEA, it's a remote tool
JavaScript
1
star
73

iRC

Simple commandline irc client
C#
1
star
74

Korpus.Server

Still has nothing to do with IKEA, it's the server for Korpus
JavaScript
1
star
75

efi-boilerplate

C++
1
star
76

exploit-templates

Templates for binary exploits
Python
1
star
77

CFade

Console Fader Animator class in C++
C++
1
star
78

ProxyDB

Database that manages all your proxies.
C#
1
star
79

wrapper

WinAPI C++ wrapper
C++
1
star
80

bs

IDPA
JavaScript
1
star
81

winconfig

My configs I use on Windows
Shell
1
star
82

nesextract

Tool to extract sprites from NES roms.
Rust
1
star
83

disrupt

Fast commandline disassembler
JavaScript
1
star
84

BeautySharpVS

Visual Studio Extension working with a PHP API for fast code publishing.
C#
1
star
85

snek

Snek forwards your iOS notifcations to Snek Server, Slack or Discord. Built for iOS 11.
Logos
1
star
86

yolo

yolo like a hipster does demos in 2k17
C++
1
star
87

yolo-rs

yolor - demotool
Rust
1
star
88

dnconventions

Convert the naming conventions of a .NET application
C#
1
star