IDA Technology: Open Plug-In Architecture

IDA’s functionality can easily be extended by the use of programmable plug-ins. Plugins may be written to automate routine tasks, for example to enhance the analysis of hostile code or to add specific functionality to our disassembler. Plugins should be written in C++. They may be linked to hot keys or menu items and have full access to the IDA database and may examine or modify the program or use I/O functions. Our SDK contains

  • 4 sample plugins
    • a simple “hello world” type plugin.
    • a sample processor extension plugin (adds 2 NEC V20 specific instructions to the 80×86 processor module).
    • a sample pdb file loader ( as used by IDA itself ).
    • a sample executable decryption plugin.
    • a sample graphing plugin. [ image 1 ] [ image 2 ]
  • the source code to a 30+ processor modules !
  • the source code to a 20+ loaders
  • header files (almost 19.000 lines of heavily commented documentation to IDA’s exported interface).
  • import libraries for Borland C/C++ (32 & 64 bits), Microsoft Visual C++ 6 (32 & 64 bits), GNU C/C++ (32 & 64 bits), Watcom 11

The SDK is free to any registered IDA user

  • if you received IDA on a CD, the SDK can be found in the SDK directory.
  • if you received IDA as a download, the SDK download information can be found in the e-mail you have received.

additional free plugins, from Ilfak’s blog

  • stealth: stealth against anti-debugging tricks.
  • findcrypt: identifies some frequently used block ciphers.
  • highlighter: highlights code that has been single stepped through in a debugging session.
  • unispector: extracts unicode strings from an IDA database.