repnz/ida-plugins

Stars
131
Rank 275,867 (Top 6 %)
Language
Python
Created over 4 years ago
Updated over 4 years ago

repnz/ida-plugins

repnz

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A collection of my IDA plugins

IDA Plugins

My collection of plugins for IDA Pro.

Installing plugins

Install sark.

You can simply put the script in the %idafolder%\plugins directory, But I recommend that you use the plugins loader:

Take the plugins loader plugin:

https://github.com/tmr232/Sark/blob/master/plugins/plugin_loader.py

It allows you to manage your plugins by editing a plugins.list file.

Put plugin_loader.py in the "plugins" directory of IDA.
Open IDA as administrator and close it (so the plugins.list file will be created at %idafolder%\cfg)
Add the path of the wanted plugin in this file (for example, c:\...\reg_xref.py)

Register Cross References

When looking at disassembly, it's useful to find usages of a register - That's why I created reg_xref. Simply install the plugin and use Shift-Z to get a view like this:

A notable mention is Oregami, But the main difference is that Oregami tries to analyze and find where the same value is used, and display only these references. This is useful for example in case you want to mark a register as a pointer to a structure. I wanted something simpler that shows all of the references to a register inside a function.

windbg-cheat-sheet

My personal cheat sheet for using WinDbg for kernel debugging

etw-providers-docs

Document ETW providers

autochk-rootkit

Reverse engineered source code of the autochk rootkit

apc-research

APC Internals Research Code

ReversingMinesweeper

Reverse Engineering Minesweeper: Reconstruct Minesweeper Source Code

shellcode2exe

Batch script to compile a binary shellcode blob into an exe file

windows-inspector

A driver to intercept low level windows events

windows-imports-searcher

Support Windows OS Reversing by searching easily for references to functions across many DLLs

snax86

A snake game written in x86 Assembly language for windows console

rpcmon

RPC Monitor based on The ETW Microsoft-Windows-Rpc provider

practical-reverse-engineering

Code for the solutions of practical reverse engineering

autoit-analysis

AutoIt Analysis Library: Parser & Emulator For Malware Researchers

simple-os

Simple Protected Mode Kernel for i386

auto-makefile

Generic Makefile Template with Automatic Dependency Generation

PE

PE.Parser, PE.Dumper, PE.Loader

checkpoint-ctf-2018

Solutions to the challenges of the checkpoint CSA CTF

set-critical-thread

Use NtSetInformationThread(ThreadBreakOnTermination) for anti-debugging

real-kernel

16 bit Real mode operating system kernel

tracelogging-providers

A dump of all the trace logging providers from system32

simple-etw-provider

hello world ETW provider

repnz.github.io

The deployed version of my blog

gamekid

Gameboy Emulation Library

supple

Supple way to load dynamic XML configuration files

bluehat-il-2019-slotd

BlueHat IL 2019 vulnerable debugging interface

nc8-reversing-ctf

Solution to the NC8 CTF & nc8 instruction set emulation API

pytreecli

A command line library that allows to build a tree structures command line easily

c-streams

Wrapper for custom streams in the C language

dotflow

DotNet Actor Model POC library

calculator-driver

Simple calculator windows driver