IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The VS Code extension can be found on the marketplace.
IDACode is still in a very early state and bugs are to be expected. Please open a new issue if you encounter any issues.
debugpy
for communication, it syncs the output window naturally with VS Code’s output panel.IDACode supports both Python 2 and Python 3!
To set up the dependencies for the IDA plugin run:
make sure to use the correct Python version
IDACode supports the latest debugpy as of version 3.0.0, make sure to upgrade!
python -m pip install –user debugpy tornado
Either clone this repository or download a release package from here. ida.zip
reflects the contents of the ida
folder in this repository. Copy all files into IDAs plugin directory.
The next step is to configure your settings to match your environment. Edit idacode_utils/settings.py
accordingly:
HOST
: This is the host address. This is always 127.0.0.1
unless you want it to be accessible from a remote location. Keep in mind that this plugin does not make use of authentication.PORT
: This is the port you want IDA to listen to. This is used for websocket communication between IDA and VS Code.DEBUG_PORT
: This is the port you want to listen on for incoming debug sessions.PYTHON
: This is the absolute path to the Python distribution that your IDA setup uses.LOGGING
: Determines whether the debugger should log into files. This is especially useful when you are running into issues with IDACode. Please submit a new issue if you find anything. The files are always located in your temp directory (e.g. Windows: %TEMP%
). The files are called debugpy.*.log
.You can now start the plugin by clicking on IDACode
in the plugins menu.
The VS Code extension is available on the marketplace. To configure the extension please refer to the extension’s README.
Hit IDACode
in the plugin menu. You should be greeted with the following text:
IDACode listening on 127.0.0.1:7065
As of version 0.2.0 IDACode supports “Execute on save” which is enabled by default. VS Code will automatically execute your script in IDA as soon as you save the current document (for example with CTRL+S). This behavior can be disabled in the settings.
There are 4 commands at your disposal:
Once you have a folder open that you want to put your scripts in you are ready to connect to IDA. You can do so by either executing Connect to IDA
or Connect and attach a debugger to IDA
. Please keep in mind that a debug session is permanent until you restart IDA. You can not change the workspace folder once the debugger has started.
Ensure that the workspace folder is the folder that your main scripts are located in.
Once you are connected you are able to select Execute script in IDA
.
IDACode uses VS Code’s remote debugger to connect to IDA. All VS Code features are supported. However, you have to specify the scripts entry point by using Python builtin functionality: breakpoint
. This instruction tells the debugger to pause execution, if there’s no debugger present it will just ignore the function. IDACode imports a helper package called dbg
which implements an overload of breakpoint
called bp
. This function supports logging and conditionals:
name = idc.get_segm_name(segment)
dbg.bp(name==”.text”, f”found {name} at {segment}”)
Please also note that a breakpoint()
call should never occur at the end of a file, it must always be before any other line of code as it breaks on the next instruction in your code. Also note that if you decide to use the dbg
package you must either remove all references or use the variable __idacode__
as conditional before executing it as a normal IDA script.
It is also important that attaching a debugger will create a new debugger instance. In most cases this is not what you want. If you disconnect from the debugger use VS Code’s remote debugger to connect back.
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…