Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Questions tagged [idapython]

A Python API to develop IDA Pro plugins which comes bundled with the paid versions of IDA. It allows automation of tasks and even writing loaders and plugins in Python themselves.

IDAPython is a Python API to develop IDA Pro plugins which comes bundled with the paid versions of IDA. It allows automation of tasks and even writing loaders and plugins in Python themselves.

371 questions
7
votes
4 answers

Change block/node color with idapython

How can I change color of node (or block?) with idapython? I know about SetColor, but this function does not work with blocks/nodes. EDIT: Solved, see the code snippet below. def get_bb_id(graph, ea): for block in graph: if…
DOD
  • 191
  • 1
  • 8
4
votes
3 answers

IDAPython: Get struct id defined at an address

Spotted an interesting problem when trying to determine which type of structure (since isStruct(getFlags(ea)) returns True) is defined at the given address in the DB. Reading through idc.py didn't help much. Define a struct in the "structures"…
Dmitry Janushkevich
  • 493
  • 3
  • 14
4
votes
1 answer

IDAPython on OSX

I wrote a simple IDAPython script that relies on some non-standard Python library. I'm able to build the library on Windows and run the script in IDA without issue. When I try to do this on OSX, IDA complains that the 3rd-party library doesn't…
mrduclaw
  • 4,066
  • 8
  • 27
  • 40
4
votes
1 answer

Enumerate all XefsTo a Segment in IDAPython

What is the best method to enumerate all xrefs to addresses in a particular segment? I came up with a brute-force approach (as seen below). The code scans each address in a segment and checks for an XrefTo the address. seg_list = [] for seg in…
alexanderh
  • 1,062
  • 8
  • 14
3
votes
2 answers

Making operand an offset in IDA Python

I working with ARM executable. Sometimes I have something like this MOV instruction: MOV R0, #0xCD548A40 where the number #0xCD548A40 is a valid offset but IDA doesn't recognize it as such automatically. I tried to reanalyze the executable with…
w s
  • 8,458
  • 1
  • 24
  • 40
3
votes
1 answer

IDAPython get current module name in a debugger

I have a script that catches say a value of 666 in the RDX register and pauses debugging. The problem is, that this value might be added to the register by other modules aside from the main application that I am debugging, for example by ntdll.dll,…
MartinRøde
  • 33
  • 2
3
votes
1 answer

How do you rename a memory address operand in IDAPython?

I need to rename some memory address "names" in IDAPython. I'm talking about the dword_805672 formatted ones. Please see the screenshot below: I've placed red boxes around the names which I would like to rename with IDAPython. I've searched the API…
the_endian
  • 1,860
  • 17
  • 39
2
votes
1 answer

How to open watch view using IDAPython?

I want to open the watch view and add watch in code. Do you know how? I didn't find open_window_ for it. I couldn't understand which function to use with BWN_... or IWID_... constants ( IWID_WATCH seems like watch view). Thanks
Eyal
  • 21
  • 1
2
votes
1 answer

BaseHTTPRequestHandler + ThreadingMixin = unclosed port

In developing a RESTful API for IDA >= 7.5 [https://github.com/sfinktah/idarest75], I have observed that a standard threaded webserver does not release it's socket when IDA terminates, unless it is run as a plugin. This behaviour may extend to all…
Orwellophile
  • 320
  • 1
  • 9
2
votes
2 answers

How can I load C header file with IDAPython in IDA Pro?

How can I load C header file with IDAPython in IDA Pro? I'm trying automatically load C header file with IDAPython, such as Load("filename.h").
user3881835
  • 31
  • 1
  • 2
2
votes
2 answers

IDA Python - Find highlighted register

In IDA's Graph View, when we select some register (for example, esp in the image below), every location that the register occurs is highlighted. Is it possible to read what the selected operand is? (I want to work with registers at the moment, but…
Jay Bosamiya
  • 155
  • 8
1
vote
0 answers

How to find prolog with idapython in non-disassambled function raw bytes?

I tried googling but I didn't find much info. I am trying to get the function prolog from an instruction inside a function. The function is in raw bytes. Is this possible to get?
Jôsùå
  • 11
  • 2
1
vote
1 answer

How to print custom name of an operand in IDA Python?

I'm starting to work on a plugin to port symbols(stack variable names, operand names, comments, etc) from functions in one database to functions in another database when function names match. I'm getting familiar with IDA api and now I can't find…
Revester
  • 23
  • 4
1
vote
2 answers

IDAPython: Is it possible to determine whether an instruction operand is a constant rather than a variable?

Here is my use case: I am trying to create a script that finds all instances of a particular instruction (in this case wrmsr) and traces back to find out whether the operands for the instruction are hard-coded literals or variables that are set at…
MrSynAckSter
  • 1,258
  • 1
  • 10
  • 24
1
vote
1 answer

How do you get the operand data type using idapython?

I know I can set the operand data type of my disassembly using functions such as OpBinary, OpOctal,OpDecimal, etc. Now, I'm trying to get the current operand data type of my disassembly instead. For example: mov eax, 200 should return decimal…
sololevelingreverser
  • 51
  • 4
1
2