AI suggested IDAPython.
<Notice>
I don't have the intention to use IDAPython any more, since GPL tools are 10-100 times faster (!), they don't give timeouts due to demo restrictions, and they don't crash as often. Also, no more floating point errors when importing SymPy!
The GPL Tools/ARM console script includes a small compatibility layer for IDAPython. Not 100% compatible, but it helps porting existing scripts quite a bit.
This page will remain as a starting point for anyone who wants to try IDAPython. </Notice>
Tutorials[]
IDAPython/intro[]
How to decode an instruction, call an IDC function...
IDAPython/Tracing calls tutorial[]
Just a bit beyond the basics
Advanced stuff[]
Static analysis of ARM code[]
This is going to be similar to Brainfuck :)
... how about a Brainfuck decompiler in SymPy?
Tracing function calls in the firmware[]
Matching subs/structs/data in two firmware files[]
Code[]
My experimental code is here. Feel free to improve it.
Resources[]
- ASM introduction
- IDAPython home page: http://code.google.com/p/idapython/
- IDAPython docs: http://www.hex-rays.com/idapro/idapython_docs/
- IDC docs: http://www.hex-rays.com/idapro/idadoc/162.shtml
- Examples: http://code.google.com/p/idapython/wiki/ExampleScripts
- Requirements: IDA 5.x and Python 2.5 (some versions use 2.6). Works with IDA Demo and Wine :)
- Optional IPython support (does't work for me, I get a black window): https://www.openrce.org/blog/view/1509/Interactive_IPython_Shell_for_IDA_Python