State-of-the-art binary code analysis tools

Scripting allows you to automate tasks in IDA which can be repetitive or take a long time to do manually. We previously covered how to run them in batch (headless) mode, but how can they be used interactively?

Script snippets

File > Script Command… (Shift+F2)

Although this dialog is mainly intended for quick prototyping and database-specific snippets, you can save and load scripts from external files via the “Export” and “Import” buttons. There is some basic syntax highlighting but it’s not a replacement for a full-blown IDE. Another useful feature is that the currently selected snippet can be executed using  the Ctrl+Shift+X shortcut (“SnippetsRunCurrent” action) even when the focus is in another widget.

Command Line Interface (CLI)

The input line at the bottom of IDA’s screen can be used for executing small one-line expressions in IDC or Python (the interpreter can be switched by clicking on the button).

While somewhat awkward to use for bigger tasks, it has a couple of unique features:

  • the result of entered expression is printed  in the Output Window (unless inhibited with a semicolon). In case of IDC, values are printed in multiple numeric bases and objects are pretty-printed recursively.
  • It supports limited Tab completion.

Running script files

If you already have a stand-alone script file and simply want to run it, File > Script file.. (Alt+F7) is probably the best and quickest solution. It supports both IDC and Python scripts.

Recent scripts

The scripts which were executed through the “Script file…” command are remembered by IDA and can be executed again via the Recent Scripts list  (View > Recent scripts, or Alt+F9). You can also invoke an external editor (configured in Options > General…, Misc tab) to edit the script before running.

Examples

IDA ships with some example scripts which can be found in “idc” directory for IDC and “python/examples” for IDAPython. There are also some user-contributed scripts in the download area.