Skip to main content
Reverse Engineering

Questions tagged [idapro-sdk]

Ask Question

Software development kit of the IDAPro software suite, allow to develop processor modules, loaders and various extensions.

75 questions
Newest Active Bountied Unanswered
2 votes
1 answer
653 views

With idapython I would like to get demangled names with the name simplification (bottom of page) applied to them. For example, the following function: Python> ida_name.demangle_name(idc....
Blub's user avatar
  • 123
1 vote
1 answer
267 views

I'm developing a python script for IDA Pro that analyzes 32 bit PE files containing an anti-disassembly technique, the problem is that the function that contains the technique isn't being listed in ...
Luca's user avatar
  • 121
2 votes
0 answers
75 views

Let's look at this very simple example: we have an AX (16-bit) register, which splits into two 8-bit registers: AH and AL (imagine x86). Then, imagine that these registers are memory mapped starting ...
none32's user avatar
  • 111
2 votes
0 answers
77 views

Right now I have a obfuscated driver, that in order to call something like KeDelayExecutionThread, it does the following: mov rax, cs:KeDelayExecutionThrea lea r8, [rsp+28h+arg_0] xor edx, ...
OneAndOnly's user avatar
  • 528
2 votes
0 answers
90 views

Ida has a really weird feature/bug that when you input a non-normal PE file like a memory dump of a kernel buffer, or an EFI file (even though EFI is PE..), you cannot select the windbg as the ...
OneAndOnly's user avatar
  • 528
3 votes
0 answers
217 views

I'm developing a processor module for a specific microcontroller. There are cases, when instruction modifies some register (lets call it STATUS) indirectly. By indirectly, I mean, that STATUS is not ...
none32's user avatar
  • 111
2 votes
1 answer
250 views

I'm developing a python script for IDA Pro and I seem to have a problem with idaapi.FlowChart because it retrieves another basic block that isn't present in the graph view of the GUI of IDA. As you ...
Luca's user avatar
  • 121
2 votes
1 answer
127 views

I'm wondering whether it is possible to write a plugin for IDA and/or Hex-Rays which would use Python callbacks to perform certain tasks. In particular I am wondering if there is an official way to ...
0xC0000022L's user avatar
  • 11k
2 votes
0 answers
258 views

I need to convert into op code bytes the instructions that I have disassembled but I can't find a function that lets me do it, I've tried idc.get_bytes but it doesn't seem to work. This is my python ...
Luca's user avatar
  • 121
1 vote
1 answer
155 views

I am trying to tell apart the following two instructions: 8D 02 lea eax, [rdx] // auxfix = 0x1810 67 8D 02 lea eax, [edx] // auxfix = 0x810 The only difference is in the insn_t....
bernd feinman's user avatar
  • 463
1 vote
1 answer
164 views

i have a c++ module that removes empty block it used to work well but now I'm porting it to ida 7.7 I'm having issues. mba_t *mba; mba->remove_empty_blocks(); It throws following error "...
Ronny's user avatar
  • 73
1 vote
1 answer
789 views

I think my question is probably related to this one: API to force reanalyze of function (Alt-P) When I define a function at a certain location with IDAPython, I want IDA to analyze it immediately, ...
thejoelpatrol's user avatar
  • 76
1 vote
1 answer
376 views

I want to know for example that if a ReadFile is happening and the handle number is 100, which file or whatever this handle belongs to? lets assume for whatever reason i cannot trace CreateFiles to ...
Notoriouss's user avatar
  • 176
4 votes
1 answer
2k views

I am confused on the differences between using 64 bit and 32 bit IDA versions on a 32 bit application. If I use 64 bit IDA on the 32 bit application, will it make use of 64 bit or 32 bit architecture?
bonijad383's user avatar
  • 41
2 votes
0 answers
149 views

I create a local type in Ida and put in some places this local type. How can I got all the references to dhat Local type?
yfr24493AzzrggAcom's user avatar
  • 301

15 30 50 per page
1
2 3 4 5