joxeankoret/idamagicstrings joxeankoret/idamagicstrings

  • Stars
    star
    304
  • Rank 137,274 (Top 3 %)
  • Language
    Python
  • License
    GNU Affero Genera...
  • Created almost 6 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
joxeankoret/idamagicstrings
github

joxeankoret

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An IDA Python script to extract information from string constants.

IDAMagicStrings

An IDA Python plugin to extract information from string constants. The current version of the plugin is able to:

  • Display functions to source files relationships (in a tree and in a plain list, a chooser in IDA language).
  • Display guessed function names for functions.
  • Rename functions according to the source code file their belong + address (for example, memory_mgmt_0x401050).
  • Rename functions according to the guessed function name.

Running the plugin

When the Python script is executed from within IDA it builds a list of ASCII and Unicode strings found by IDA and then applies a series of regular expressions to extract source code filenames, directories and candidate function names. Then, it shows 3 tabs with information:

  • Candidate function names: The function names guessed from the referenced string constants. Some basic and rudimentary false positive detection is implemented and this data is available in the column "FP?" ("False Positive?").
    • If available, it uses NLTK to detect the appropriate words that can be function name candidates (i.e., nouns, verbs and names).
  • Source code tree: Just a tree widget showing file names and, inside each one, the functions or references to the source file.
  • Source code files: A list (or chooser in the IDA's language) with source code filenames to function addresses and names.

Screenshots

Here are some basic screenshots of this IDA Python script functionality:

Guessed function names: Source code tree: Renaming some unnamed functions based on its filename:

License

The plugin is licensed under the GNU GPL v3 license.

More Repositories

1

diaphora

Diaphora, the most advanced Free and Open Source program diffing tool.
Python
3,639
star
2

pigaios

A tool for matching and diffing source codes directly against binaries.
Python
635
star
3

pyew

Official repository for Pyew.
Python
383
star
4

nightmare

A distributed fuzzing testing suite with web administration
Python
371
star
5

multiav

MultiAV scanner with Python and JSON API. Disclaimer: I don't maintain it any more.
Python
312
star
6

CVE-2017-7494

Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
Python
256
star
7

cosa-nostra

Cosa Nostra, a FOSS graph based malware clusterization toolkit.
Python
227
star
8

membugtool

A DBI tool to discover heap memory related bugs
C++
125
star
9

maltindex

Mal Tindex is an Open Source tool for indexing binaries and help attributing malware campaigns
Python
66
star
10

tahh

Source codes for "The Antivirus Hackers Handbook" book.
Python
58
star
11

mynav

Automatically exported from code.google.com/p/mynav
Python
28
star
12

oldidc

IDA Python's idc.py <= 7.3 compatibility module
Python
21
star
13

deeptoad

DeepToad is a library and a tool to clusterize similar files using fuzzy hashing
C
20
star
14

diaphora-ml

Diaphora Machine Learning tools and datasets
Python
18
star
15

ubsnippets

Undefined Behaviour Snippets
17
star
16

pyavast

Python bindings for Avast antivirus server version for Linux
Python
14
star
17

jkutils

My own Python Utility Libraries
Python
11
star
18

pinpack

A PIN Tool to unpack simple write and exec packers (for Linux)
C++
10
star
19

super-irudi

Super Irudi, a command line based tool to enhance photographs.
Python
5
star
20

pigaios-databases

Pigaios SQLite databases
3
star
21

tnsids

Automatically exported from code.google.com/p/tnsids
1
star