Igor’s Tip of the Week #124: Scripting examples

Although IDA was initially created for interactive usage and tries to automate as much of the tedious parts of RE as possible, it still cannot do everything for you and doing the still necessary work manually can take a long time. To alleviate this, IDA ships with IDC and IDAPython scripting engines, which can be used for automating some repetitive tasks. But it can be difficult to know where to start, so let’s see where you can find some examples to get started.

 

IDC samples

Although IDC is quite old fashioned, it has the advantage of being built-in into IDA and does not require any additional software. It is also the only scripting language available in IDA Free. For some sample IDC scripts, see the idc directory in IDA’s install location:

Please note that some of these files are not stand-alone scripts but are used by IDA for various tasks such as customized startup actions (ida.idc, onload.idc) or batch analysis (analysis.idc).

A few user-contributed scripts are also available under the “User contributions” section in our Download center. Note that due to their age and the big API refactoring which unified IDA API  and IDC, some of them may need adjustments to run in recent IDA versions.

IDAPython examples

IDAPython project had examples from the beginning, and you can find them in the source repository, but we’re also shipping them with IDA, in the python/examples directory.

 

The provided index.html can be opened in a browser to see the list of the examples with short descriptions and also a list of used IDAPython APIs/keywords to help you find examples of a specific API’s usage.

There are also countless examples of IDAPython scripts and plugins created by our users. Some of then can be found on our plugin contest pages and plugin repository, while even more might be found on code-sharing websites (GitHub, GitLab etc.), or individual authors’ websites and blogs. Oftentimes, searching for an API name on the Web can bring you to examples of its usage.

In addition to the examples made just for demonstration purposes, there are a few Python-based loaders and processors modules shipped with IDA. They can be found by looking for .py files under loader and procs directories of IDA.

 

Article Link: Igor’s Tip of the Week #124: Scripting examples – Hex Rays