OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Tuesday, October 13 2009 13:36.01 CDT

Modified: Friday, October 16 2009 10:22.51 CDT

Printer Friendly ...

Interactive IPython Shell for IDA Python

Author: sagar

# Views: 5878

(post updated)

We all use IDA Python and it kicks ass!

But sometimes opening scripts all the time by hitting ALT+9 is annoying.
So why don't we have an interactive console with all IDA Python features?

I've created an IDA Python script that creates an interactive console based on IPython.
This console lets you run any IDA Python function but interactively.
Since it's based on IPython you can also take advantage of its cool features, like tab autocompletion, magic commands, command history, aliases, etc (http://ipython.scipy.org/doc/manual/html/interactive/tutorial.html).

Some screenshots:

You can get the script at:
http://www.ribadeohacklab.com.ar/tools/scripts/IPythonShell/IPythonShellGTK.py

Requirements:
- pyGTK, pyGobject and pyCairo (http://www.pygtk.org/)
- IPython (http://ipython.scipy.org/moin/FrontPage)

A minor problem this still has is that you must close the IPython Console before closing IDA Pro or it will give an access violation. I'll work on that in another release.

I've been told this blocks IDA. So far I only had problems while running the debugger. If the console is used when doing a static analysis it seems nothing is blocked.
If you find issues, please let me know.

Some ideas for the future:
- create a nicer console with some built-in things you can run just pressing buttons in a toolbar.
- another version but using pyQT.

Hope you enjoy it!

Sagar (RibadeoHackLab)

Blog Comments

lallous	Posted: Wednesday, October 14 2009 03:11.06 CDT
Good work Sagar! If you can make it not block IDA while the console is showing it would be even nicer.

ero	Posted: Wednesday, October 14 2009 04:36.18 CDT
Very cool! Although it's probably worth mentioning that since IDA 5.5 one can use IDA's command-line with Python, interactively. Definitely not as cool as using IPython, but it doesn't block and gets the job done.

sagar	Posted: Wednesday, October 14 2009 06:34.16 CDT
Thanks for the feedback guys. @lallous: Honestly, I did this very quickly, so I didn't notice it was blocking IDA :( I'll see if I can fix that. @ero: I knew about the command-line, but as you said, is much cooler having IPython features (magic commands, autocomplete, full CMD shell, etc). Any ideas to include in this console will be appreciated!

QvasiModo	Posted: Wednesday, October 14 2009 11:58.54 CDT
Very good work! :) Just out of curiosity, how feasible would it be to do this without GTK, using a normal Windows console only?

sagar

Posted: Wednesday, October 14 2009 22:05.12 CDT

I have an IPython shell running embedded in a windows console.
The main thing here is that in order to do that we would need to run the window console in other process, so the python enviroment (which is running in idag.exe process) won't be the same.
The good thing about running this with pyGTK is that it is really running in ida process and that is why you can do things interactively.

I thought about creating a simple XMLRPC server which exposes an IPython shell running so you could connect any console (with any GUI you like) and use it.

I haven't tested this too much but so far it seems that a basic XMLRPC server doesn't block IDA. But if I try to run an RPYC server it does.

Another option might be to patch the IDAPython plugin to be able to run the embedded python interpreter in a different thread without blocking anything.

I don't have much experience developing IDA plugins so these are just random thoughts.

Thanks everyone!

lallous	Posted: Thursday, October 15 2009 02:35.22 CDT
sagar: Note that IDA does not support multi-threading yet, so any call to IDA's API must be carried from the main thread. There is a new function in 5.5 called execute_sync() that will execute instructions in IDA's main thread context.

NCR	Posted: Thursday, October 15 2009 11:34.06 CDT
Great script! Thanks!.

forgot	Posted: Wednesday, January 20 2010 20:10.26 CST
nonblock in 5.2 but not work in 5.5

sagar	Posted: Saturday, December 18 2010 16:28.57 CST
Script updated to work with IDA Pro 5.5 and IDAPython 1.2 or greater :)

Active in Last 5 Minutes
	phifli

There are 28,212 total registered users.

Recently Created Topics
Reverse Engineering ...	Jan/23
Career: DoD Agency I...	Jan/22
"Disappearing&q...	Jan/17
Career: Software Sec...	Jan/11
Where is the call st...	Jan/07
IDA Pro 6.1 Breakpoi...	Jan/01
How to create data s...	Dec/30
can i search all mod...	Dec/23
IDA symbol table exp...	Dec/20
An anti-attach trick	Dec/17

Recent Forum Posts
Reverse Engineering ...	NirIzr
"Disappearing&q...	NirIzr
Reverse Engineering ...	charlie
"Disappearing&q...	charlie
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
Looking for value in...	NirIzr

Recent Blog Entries
	Ludwig	Feb/04
chi on sale
	Ludwig	Feb/04
Monster In The Vicinity Of ...
	Ludwig	Feb/04
Supra footwear Online
	waleedassar	Jan/31
Yet Another Anti-Debug Trick
	RolfRolles	Jan/22
Finding Bugs in VMs with a ...
More ...

Recent Blog Comments
	waleedassar on:	Feb/01
Yet Another Anti-Debug Trick
	NirIzr on:	Jan/31
Yet Another Anti-Debug Trick
	jackchen on:	Jan/10
nike mercurial vapor iii
	waleedassar on:	Dec/27
A new Anti-Olly trick.
	PeterFerrie on:	Dec/27
A new Anti-Olly trick.
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit