03-13-2025, 07:15 PM
Keypatch:
Keypatch is a versatile assembler designed for multiple architectures within IDA Pro. While IDA Pro offers the ability to patch bytes in disassembled binaries, its process can be awkward and inefficient. To address this, Keypatch was developed as a plugin to streamline the experience, making it significantly simpler to modify bytes in IDA Pro.
Link: https://github.com/keystone-engine/keypatch
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Patching:
Patching is an interactive plugin for binary patching in IDA Pro, built as a slight variation of Keypatch. It relies on the keystone-engine to function and offers a straightforward design, supporting x86_32, x86_64, and ARM architectures. Although it may seem redundant if you already use Keypatch, Patching stands out with a superior interface compared to both IDA Pro and Keypatch. Compact and user-friendly, this plugin can be accessed via the context menu or the Plugins menu.
Link: https://github.com/gaasedelen/patching
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
VulChatGPT:
VulChatGPT is a HexRays decompiler enhanced with OpenAI (ChatGPT) integration to detect potential vulnerabilities in binary files. Drawing inspiration from Gepetto, VulChatGPT extends its capabilities by introducing a vulnerability-querying feature while retaining Gepetto’s core functionality. It also renames function variables and provides explanations of the decompiled output’s purpose.
Link: https://github.com/ke0z/VulChatGPT
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
BinDiff:
BinDiff is an open-source utility designed to compare binary files, helping vulnerability researchers and engineers efficiently identify differences and similarities in disassembled code. It operates as a standalone binary diffing tool, but it includes plugins for IDA Pro as well.
Link: https://github.com/google/bindiff
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ScyllaHide:
ScyllaHide is a sophisticated usermode tool designed to counter anti-debugging techniques. Many protectors and malware attempt to hook certain Windows APIs to block debugging efforts. This plugin serves as a top-tier solution to thwart such anti-debugging strategies. ScyllaHide offers plugins compatible with IDA Pro and other debuggers, such as x64dbg.
Link: https://github.com/x64dbg/ScyllaHide
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CAPA:
CAPA is a versatile tool capable of analyzing PE, ELF, and shellcode files, producing a clear and practical report that details the input’s behavior—such as whether it requires an HTTP request, internet connection, or could potentially be a backdoor. This makes it highly valuable for malware reverse engineers. The CAPA Explorer plugin for IDA Pro replicates this functionality directly within the IDA Pro environment, relying solely on IDA Pro’s database for analysis. Additionally, CAPA Explorer allows users to create custom rules as needed.
Link: https://github.com/mandiant/capa
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
efiXplorer:
efiXplorer is an IDA plugin designed to automate the analysis and reverse engineering of UEFI firmware. Paired with it, efiXloader serves as an IDA Pro loader module that handles the processing of UEFI drivers within a single IDA Pro session. While analyzing UEFI drivers, efiXloader detects the entry point of each driver.
Link: https://github.com/binarly-io/efiXplorer
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ComIDA:
ComIDA is an IDA plugin that aids in analyzing modules utilizing COM. It functions by identifying data references to recognized COM GUIDs (Classes or Interfaces) and, for users of the Hex-Rays plugin, deduces the types associated with specific functions/methods, including:
Link: https://github.com/airbus-cert/comida
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ClassInformer:
ClassInformer is an IDA Pro plugin designed to locate, name, repair, and list class virtual function tables (vftables). It assists reverse engineers in identifying virtual function tables and, despite being an older plugin, remains compatible with the latest versions of IDA Pro.
Link: https://github.com/herosi/classinformer
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
OllyDumpEx:
OllyDumpEx is an improved version of the OllyDump plugin, developed by its author to support multiple tools, including OllyDbg, Immunity Debugger, and IDA Pro. This plugin serves as a process memory dumper for debuggers and includes support for native 64-bit processes across tools like IDA Pro, WinDbg, and x64dbg. It also automatically computes various parameters, such as RawSize, RawOffset, VirtualOffset, and more.
Link: https://low-priority.appspot.com/ollydumpex/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
SmartJump:
SmartJump is a plugin that upgrades the functionality of IDA Pro's JumpAsk g command. When activated, it allows users to navigate to labels or names in addition to standard jumps. By using brackets, you can also jump to memory addresses referenced within the code.
Link: https://github.com/PwCUK-CTO/SmartJump
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
HexRaysPyTools:
HexRaysPyTools is an IDA Pro plugin that enhances the HexRays decompiler experience by streamlining the reconstruction of structures and classes. It supports the identification of virtual tables and the creation of classes and structures. Additionally, it speeds up the transformation of decompiler output and enables tasks that would otherwise be unfeasible.
Link: https://github.com/igogo-x86/HexRaysPyTools
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Yagi:
Yagi is an IDA plugin which includes the Ghidra decompilers into both IDA Pro and IDA Free. After installing it, you can use the F3 key to use the plugin.
Link: https://github.com/airbus-cert/Yagi
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
IDAFuzzy:
IDAFuzzy is a fuzzy search utility for IDA Pro that assists in locating commands, functions, structures, and more. It’s particularly helpful when you can’t recall exact shortcuts, function names, or structure names, making navigation and discovery easier.
Link: https://github.com/HongThatCong/IDAFuzzy
Keypatch is a versatile assembler designed for multiple architectures within IDA Pro. While IDA Pro offers the ability to patch bytes in disassembled binaries, its process can be awkward and inefficient. To address this, Keypatch was developed as a plugin to streamline the experience, making it significantly simpler to modify bytes in IDA Pro.
Link: https://github.com/keystone-engine/keypatch
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Patching:
Patching is an interactive plugin for binary patching in IDA Pro, built as a slight variation of Keypatch. It relies on the keystone-engine to function and offers a straightforward design, supporting x86_32, x86_64, and ARM architectures. Although it may seem redundant if you already use Keypatch, Patching stands out with a superior interface compared to both IDA Pro and Keypatch. Compact and user-friendly, this plugin can be accessed via the context menu or the Plugins menu.
Link: https://github.com/gaasedelen/patching
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
VulChatGPT:
VulChatGPT is a HexRays decompiler enhanced with OpenAI (ChatGPT) integration to detect potential vulnerabilities in binary files. Drawing inspiration from Gepetto, VulChatGPT extends its capabilities by introducing a vulnerability-querying feature while retaining Gepetto’s core functionality. It also renames function variables and provides explanations of the decompiled output’s purpose.
Link: https://github.com/ke0z/VulChatGPT
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
BinDiff:
BinDiff is an open-source utility designed to compare binary files, helping vulnerability researchers and engineers efficiently identify differences and similarities in disassembled code. It operates as a standalone binary diffing tool, but it includes plugins for IDA Pro as well.
Link: https://github.com/google/bindiff
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ScyllaHide:
ScyllaHide is a sophisticated usermode tool designed to counter anti-debugging techniques. Many protectors and malware attempt to hook certain Windows APIs to block debugging efforts. This plugin serves as a top-tier solution to thwart such anti-debugging strategies. ScyllaHide offers plugins compatible with IDA Pro and other debuggers, such as x64dbg.
Link: https://github.com/x64dbg/ScyllaHide
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CAPA:
CAPA is a versatile tool capable of analyzing PE, ELF, and shellcode files, producing a clear and practical report that details the input’s behavior—such as whether it requires an HTTP request, internet connection, or could potentially be a backdoor. This makes it highly valuable for malware reverse engineers. The CAPA Explorer plugin for IDA Pro replicates this functionality directly within the IDA Pro environment, relying solely on IDA Pro’s database for analysis. Additionally, CAPA Explorer allows users to create custom rules as needed.
Link: https://github.com/mandiant/capa
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
efiXplorer:
efiXplorer is an IDA plugin designed to automate the analysis and reverse engineering of UEFI firmware. Paired with it, efiXloader serves as an IDA Pro loader module that handles the processing of UEFI drivers within a single IDA Pro session. While analyzing UEFI drivers, efiXloader detects the entry point of each driver.
Link: https://github.com/binarly-io/efiXplorer
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ComIDA:
ComIDA is an IDA plugin that aids in analyzing modules utilizing COM. It functions by identifying data references to recognized COM GUIDs (Classes or Interfaces) and, for users of the Hex-Rays plugin, deduces the types associated with specific functions/methods, including:
CoCreateInstanceCoGetCallContextQueryInterfaceLink: https://github.com/airbus-cert/comida
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ClassInformer:
ClassInformer is an IDA Pro plugin designed to locate, name, repair, and list class virtual function tables (vftables). It assists reverse engineers in identifying virtual function tables and, despite being an older plugin, remains compatible with the latest versions of IDA Pro.
Link: https://github.com/herosi/classinformer
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
OllyDumpEx:
OllyDumpEx is an improved version of the OllyDump plugin, developed by its author to support multiple tools, including OllyDbg, Immunity Debugger, and IDA Pro. This plugin serves as a process memory dumper for debuggers and includes support for native 64-bit processes across tools like IDA Pro, WinDbg, and x64dbg. It also automatically computes various parameters, such as RawSize, RawOffset, VirtualOffset, and more.
Link: https://low-priority.appspot.com/ollydumpex/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
SmartJump:
SmartJump is a plugin that upgrades the functionality of IDA Pro's JumpAsk g command. When activated, it allows users to navigate to labels or names in addition to standard jumps. By using brackets, you can also jump to memory addresses referenced within the code.
Link: https://github.com/PwCUK-CTO/SmartJump
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
HexRaysPyTools:
HexRaysPyTools is an IDA Pro plugin that enhances the HexRays decompiler experience by streamlining the reconstruction of structures and classes. It supports the identification of virtual tables and the creation of classes and structures. Additionally, it speeds up the transformation of decompiler output and enables tasks that would otherwise be unfeasible.
Link: https://github.com/igogo-x86/HexRaysPyTools
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Yagi:
Yagi is an IDA plugin which includes the Ghidra decompilers into both IDA Pro and IDA Free. After installing it, you can use the F3 key to use the plugin.
Link: https://github.com/airbus-cert/Yagi
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
IDAFuzzy:
IDAFuzzy is a fuzzy search utility for IDA Pro that assists in locating commands, functions, structures, and more. It’s particularly helpful when you can’t recall exact shortcuts, function names, or structure names, making navigation and discovery easier.
Link: https://github.com/HongThatCong/IDAFuzzy
![[Image: fd9cec19e1111719.png]](https://external-content.duckduckgo.com/iu/?u=https://dump.li/image/get/fd9cec19e1111719.png)
![[Image: 755c9a17c09b27f6.png]](https://external-content.duckduckgo.com/iu/?u=https://dump.li/image/get/755c9a17c09b27f6.png)
