GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lucasg → idarop

lucasg / idarop

Licence: MIT license
ROP database plugin for IDA

Programming Languages

python
139335 projects - #7 most used programming language

Labels

databaseidarop-gadgetsida-plugin

Projects that are alternatives of or similar to idarop

fa
Automation tool for locating symbols & structs in binary (primary IDA focused)
Stars: ✭ 58 (+123.08%)
Mutual labels:  ida, ida-plugin
Ponce
IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
Stars: ✭ 1,066 (+4000%)
Mutual labels:  ida, ida-plugin
Idarling
Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
Stars: ✭ 588 (+2161.54%)
Mutual labels:  ida, ida-plugin
Dsync
IDAPython plugin that synchronizes disassembler and decompiler views
Stars: ✭ 399 (+1434.62%)
Mutual labels:  ida, ida-plugin
ida2pwntools
a IDA 7.0 plugins that helps to attach process created by pwntools and debug pwn
Stars: ✭ 58 (+123.08%)
Mutual labels:  ida, ida-plugin
ida migrator
IDA Migrator is an IDA Pro plugin which helps migrate existing work from one database instance to another. It Conveniently migrates function names, structures and enums.
Stars: ✭ 65 (+150%)
Mutual labels:  ida, ida-plugin
Necromancer
IDA Pro V850 Processor Module Extension
Stars: ✭ 21 (-19.23%)
Mutual labels:  ida, ida-plugin
Polichombr
Collaborative malware analysis framework
Stars: ✭ 307 (+1080.77%)
Mutual labels:  ida, ida-plugin
Rematch
REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
Stars: ✭ 141 (+442.31%)
Mutual labels:  ida, ida-plugin
Jarvis
"Just Another ReVersIng Suite" or whatever other bullshit you can think of
Stars: ✭ 137 (+426.92%)
Mutual labels:  ida, ida-plugin
DriverBuddyReloaded
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
Stars: ✭ 210 (+707.69%)
Mutual labels:  ida, ida-plugin
Idangr
Use angr in the IDA Pro debugger generating a state from the current debug session
Stars: ✭ 214 (+723.08%)
Mutual labels:  ida, ida-plugin
Ipyida
IPython console integration for IDA Pro
Stars: ✭ 358 (+1276.92%)
Mutual labels:  ida, ida-plugin
idapm
idapm is IDA Plugin Manager via GitHub Repository.
Stars: ✭ 50 (+92.31%)
Mutual labels:  ida, ida-plugin
Scratchabit
Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
Stars: ✭ 369 (+1319.23%)
Mutual labels:  ida, ida-plugin
Hexrayspytools
IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
Stars: ✭ 873 (+3257.69%)
Mutual labels:  ida, ida-plugin
obfDetect
IDA plugin to pinpoint obfuscated code
Stars: ✭ 99 (+280.77%)
Mutual labels:  ida, ida-plugin
IDA7-FunctionStringAssociate
FunctionStringAssociate plugin by sirmabus, ported to IDA 7
Stars: ✭ 17 (-34.62%)
Mutual labels:  ida, ida-plugin
Flare Ida
IDA Pro utilities from FLARE team
Stars: ✭ 1,374 (+5184.62%)
Mutual labels:  ida, ida-plugin
Ida Batch decompile
*Decompile All the Things* - IDA Batch Decompile plugin and script for Hex-Ray's IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file
Stars: ✭ 198 (+661.54%)
Mutual labels:  ida, ida-plugin
View All Similar Projects ➔

Idarop : a ROP database plugin for IDA

Idarop is an IDA plugin which list and store all the ROP gadgets presents within the opened binary. The codebase is vastly copied from the unmaintained IDA plugin idaploiter. However idasploiter is built to work at runtime (lifting IDA debugger API), whereas idarop is aimed for a more static approach.

While there is an incredible variety of ROP assisting tools (just grep ROP in that list), most of them just output the found gadgets in the console which makes storing and searching through them a hassle. idarop aims to capitalize on the idb file format (and IDA) to store ROP gagdets along RE informations (assembly annotations, type infos, etc.) :

Listing ROP Gadgets in a specific list view in IDA

Using IDA to view gadgets allows the user to take advantage of the "advanced" list filtering IDA provides : in the following picture, only gadgets having a 0xff opcode and less than 4 bytes are shown (and the ones touching esp are highlighted).

Filtering ROP Gadgets using IDA Filters Tool

NB : This plugin only works on x86 binaries.

Dependencies

idarop rely on ida-netnode to store found gadgets address in the .idb database. If netnode not installed, the ROP search results will just be discarded at IDA's exit.

Usage

idarop provides two shortucts :

  • Maj+R to list found ROP gadgets
  • Ctrl+Maj+R to do a new gadgets search (wipes previous results)

Searching ROP gadgets within IDA

( The search configuration and UI is copied and adapted from idasploiter)

Install

idarop is on Pypi, so you can pip from it.

On Windows:

  • C:\Python27\Scripts\pip2.7.exe install idarop --install-option="--ida"
  • C:\Python27\Scripts\pip2.7.exe install idarop --install-option="--ida="6.9""

Ida is installed in the Program Files folder, so you need to run this command with Administrator rights.

Alternatively, you can clone the repo and type "C:\Python27\python.exe setup.py install --ida". idarop use a "clever" __ida_setup__.py script to override the traditionnal distools install command to install the plugin in the correct IDA plugins directory.

Credits

Since this project is largely a ersatz of it, it would be criminal of me not to thanks Peter Kacherginsky for its work on idasploiter.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].