Kali
FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. This is not a competitor to tools like Diaphora or BinNavi, but it is ideal to find a known function in a new binary for …
Continue reading “FindFunc : Advanced Filtering/Finding of Functions in IDA Pro”
VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions (such as strcpy, sprintf, system, etc.). For cases where a Hexrays decompiler can be used, it will attempt to rule …
Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow designed for rapid iteration. This project is currently powered by a minor fork of the ubiquitous Keystone …
Continue reading “Patching : An Interactive Binary Patching Plugin For IDA Pro”
Hashdb-Ida is tool for Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm …
Continue reading “Hashdb-Ida : HashDB API Hash Lookup Plugin For IDA Pro”
Virtuailor is an IDAPython tool that reconstructs vtables for C++ code written for intel architecture, both 32bit and 64bit code and AArch64 (New!). The tool constructed from 2 parts, static and dynamic. The first is the static part, contains the following capabilities: Detects indirect calls. Hooks the value assignment of the indirect calls using conditional …
Continue reading “Virtuailor : IDAPython Tool For Creating Automatic C++ Virtual Tables In IDA Pro”
IDArling is a collaborative reverse engineering plugin for IDA Pro and Hex-Rays. It allows to synchronize in real-time the changes made to a database by multiple users, by connecting together different instances of IDA Pro. The main features of IDArling are: hooking general user events structure and enumeration support Hex-Rays decompiler syncing replay engine and …
Continue reading “IDArling : Collaborative Reverse Engineering Plugin for IDA Pro & Hex-Ray”
.png)
.png)
