An intuitive query API for IDA Pro
All global variables with defined names and types are now accessible directly in IDAPython.
ida2py supports most IDA data types, including arrays, structs, pointers or a combination of the above. To convert a variable to a (primitive) Python object, simply call .pyval().
User defined types are available in Python as well.
You can either use Type @ address or Type(address).
Type() is a shorthand for Type @ idc.here(). You can use the * operator to create array types.
If your variable/type name is not a valid Python identifier, you can use the _ida(name) function to obtain a reference to it instead. For example, _ida("Node") == Node.
Using the angr_exec context manager, you can emulate functions by directly calling them.
You will need to have angr installed. The Unicorn engine will be used where possible. If you need more customization, you can pass proj and state arguments to angr_exec.
__usercall calling convention is supported, but Golang CC has not been tested and probably doesn't work. Passing floats as arguments is not currently supported.
Symbolic execution is not currently supported. Arguments passed to functions must be concrete.
Some functions, such as srand, time and rand, will not be emulated. You will need to implement these functions via angr hooks if required.
For more detailed/advanced usage, refer to the tests.
Simply copy ida2py.py to your IDA plugin directory.
You don't need to install angr to use ida2py's base features.
ida2py has been tested to work with angr 9.2.133, the latest version as of writing.
You can install it by running
python3 -m pip install angr==9.2.133ida2py supports 6 basic types:
- Integers
- Strings (this might be removed in the future)
- Arrays
- Structs
- Pointers
- Functions (more features coming here)
If ida2py cannot determine the type of a variable, or if it does not fit within the type system, the Unknown type will be returned.
Non-integral numeric types, such as floats and doubles, are not currently supported.
It is likely that some types will not be accurately represented, and the type system is quite complicated, so bug reports are always welcome.
The ctypes module is used to modify the PyObject of the current scope's globals() dictionary. By installing a fake globals class with a custom __getitem__ method, we can intercept variable accesses before they cause a NameError and instead return an appropriate object derived from IDA.
This is similar to, and builds upon, my previous 'C Types for Python' project.
Note that this is not official or intended Python behavior, so usage of this library may crash IDAPython or your entire IDA Pro application.