About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> sagar's Blog

Created: Tuesday, October 13 2009 13:36.01 CDT Modified: Friday, October 16 2009 10:22.51 CDT
Printer Friendly ...
Interactive IPython Shell for IDA Python
Author: sagar # Views: 14732

(post updated)

We all use IDA Python and it kicks ass!

But sometimes opening scripts all the time by hitting ALT+9 is annoying.
So why don't we have an interactive console with all IDA Python features?

I've created an IDA Python script that creates an interactive console based on IPython.
This console lets you run any IDA Python function but interactively.
Since it's based on IPython you can also take advantage of its cool features, like tab autocompletion, magic commands, command history, aliases, etc (http://ipython.scipy.org/doc/manual/html/interactive/tutorial.html).

Some screenshots:






You can get the script at:
http://www.ribadeohacklab.com.ar/tools/scripts/IPythonShell/IPythonShellGTK.py

Requirements:
- pyGTK, pyGobject and pyCairo (http://www.pygtk.org/)
- IPython (http://ipython.scipy.org/moin/FrontPage)

A minor problem this still has is that you must close the IPython Console before closing IDA Pro or it will give an access violation. I'll work on that in another release.

I've been told this blocks IDA. So far I only had problems while running the debugger. If the console is used when doing a static analysis it seems nothing is blocked.
If you find issues, please let me know.

Some ideas for the future:
- create a nicer console with some built-in things you can run just pressing buttons in a toolbar.
- another version but using pyQT.

Hope you enjoy it!

Sagar (RibadeoHackLab)


Blog Comments
lallous Posted: Wednesday, October 14 2009 03:11.06 CDT
Good work Sagar!

If you can make it not block IDA while the console is showing it would be even nicer.

ero Posted: Wednesday, October 14 2009 04:36.18 CDT
Very cool!

Although it's probably worth mentioning that since IDA 5.5 one can use IDA's command-line with Python, interactively. Definitely not as cool as using IPython, but it doesn't block and gets the job done.

sagar Posted: Wednesday, October 14 2009 06:34.16 CDT
Thanks for the feedback guys.

@lallous: Honestly, I did this very quickly, so I didn't notice it was blocking IDA :(
I'll see if I can fix that.

@ero: I knew about the command-line, but as you said, is much cooler having IPython features (magic commands, autocomplete, full CMD shell, etc).

Any ideas to include in this console will be appreciated!

QvasiModo Posted: Wednesday, October 14 2009 11:58.54 CDT
Very good work! :)

Just out of curiosity, how feasible would it be to do this without GTK, using a normal Windows console only?

sagar Posted: Wednesday, October 14 2009 22:05.12 CDT
I have an IPython shell running embedded in a windows console.
The main thing here is that in order to do that we would need to run the window console in other process, so the python enviroment (which is running in idag.exe process) won't be the same.
The good thing about running this with pyGTK is that it is really running in ida process and that is why you can do things interactively.

I thought about creating a simple XMLRPC server which exposes an IPython shell running so you could connect any console (with any GUI you like) and use it.

I haven't tested this too much but so far it seems that a basic XMLRPC server doesn't block IDA. But if I try to run an RPYC server it does.

Another option might be to patch the IDAPython plugin to be able to run the embedded python interpreter in a different thread without blocking anything.

I don't have much experience developing IDA plugins so these are just random thoughts.

Thanks everyone!

lallous Posted: Thursday, October 15 2009 02:35.22 CDT
sagar: Note that IDA does not support multi-threading yet, so any call to IDA's API must be carried from the main thread.

There is a new function in 5.5 called execute_sync() that will  execute instructions in IDA's main thread context.

NCR Posted: Thursday, October 15 2009 11:34.06 CDT
Great script! Thanks!.

forgot Posted: Wednesday, January 20 2010 20:10.26 CST
nonblock in 5.2 but not work in 5.5

sagar Posted: Saturday, December 18 2010 16:28.57 CST
Script updated to work with IDA Pro 5.5 and IDAPython 1.2 or greater :)



Add New Comment
Comment:









There are 31,313 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit