About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

IDA Plugins: mIDA

File Information
Category Open Source # Downloads Version
IDA Plugins No N/A 1.0.10

Download Page

Last updated on Oct 21, 2008 with the following description:
v1.0.10
------

- Adds support for NDR version 0x50004

v1.0.9
------

- Really fix FC_XSTRUCT with FC_ALIGNMX element (Thanks to Cody Pierce)
- Add debug statements if the key "HKLM\SOFTWARE\Tenable\mIDA - Debug" is set to 1

v1.0.8
------

- Display [ref] if set
- Fix FC_XSTRUCT with FC_ALIGNMX element (Thanks to Cody Pierce)


v1.0.7
------


- Add support for FC_CVSTRUCT
- Ndr version 0x10001 can be an interpreted stub too
- Fix encapsulated union display to work with midl.exe

v1.0.6
------

- Fix an access violation error if the NDR version is not supported (Thanks to Alexander Sotirov)
- Fix Union if multiple cases refer to the same element
- Fix field reference if the structure contains an encapsulated union
- Add support for FC_USER_MARSHAL attribute (just display the size to send)
- Add support for NDR version 0x60001 used in Vista:
* Add support for FC_SUPPLEMENT
* Add support for FC_FORCED_BOGUS_STRUCT
* Add support for FC_EXPR (complex size_is/length_is are now encoded using a Reverse Polish Notation)
* Add support for new range type

v1.0.5
------

- Bugfix for special return values for inline stubs


v1.0.4
------
- Display FC_CALLBACK address instead of '?'
- Generated IDL code can now be compiled with a midl compiler
- FC_ENUM16 is now displayed as a short
- Add support for obsolete keywords FC_ALIGNMX
- Add support for FC_BYTE_COUNT_POINTER
- Fix function name if a pdb file is used in IDA
- Fix the address of the argument structure in the edit box
- Wait that IDA has processed enerything in the queues before scanning
- If RPC functions are not defined as function, ask IDA to define them (useful for inline functions)
- Raise an Exception if the loop recursion limit is reached
- Display information about the RPC stub in the decompilation window
- Added ofile option for bash mode
- Ported to IDA5.0

Author Information
Username Name E-Mail URL
  nicoP nicolaspouveslegmailcom http://

Description mIDA is a plugin for the IDA disassembler that can extract RPC interfaces from a binary file and recreate the associated IDL definition. mIDA is free and fully integrates with the latest version of IDA (5.2 or later).
This plugin can be used to :

    * Navigate to RPC functions in IDA
    * Analyze RPC function arguments
    * Understand RPC structures
    * Reconstruct an IDL definition file

The IDL code generated by mIDA can be, most of the time, recompiled with the MIDL compiler from Microsoft (midl.exe).

mIDA is freely distributed to the community by Tenable in the hope it will be useful to you and help research engineers to work more effectively on RPC programs. However, Tenable does not provide support for this tool and offers no garantee regarding its use or output. Please read the end-user license agreement before using this program.

Screenshot

There are 29,898 total registered users.


Recently Created Topics
Decompiling raw bina...
May/22
Incorrect bitness wh...
May/20
PaiMei stalker modul...
May/19
Attach to program us...
May/13
IDA PRO how to make ...
May/12
FACT: OpenRCE is dead.
May/08
Int 3 anti debug?
May/05
help needed - Beginn...
May/03
Attaching IDA Pro to...
Apr/27
File type
Apr/21


Recent Forum Posts
Ollydbg 2.0 - Plugin...
openrce...
IDA PRO how to make ...
codeinject
FACT: OpenRCE is dead.
codeinject
IDA Resource Viewer ...
r2x64
FACT: OpenRCE is dead.
djnemo
FACT: OpenRCE is dead.
codeinject
FACT: OpenRCE is dead.
pedram
help needed - Beginn...
araujo
Attaching IDA Pro to...
codeinject
Int 3 anti debug?
codeinject


Recent Blog Entries
lowpriority
Apr/13
OllyMigrate Plugin for Olly...
everdox
Mar/08
2 anti-trace mechanisms spe...
everdox
Mar/07
Advanced debugging techniques
everdox
Mar/06
Branch tracing and LBR acce...
everdox
Mar/05
Using pre-paged in virtual ...
More ...


Recent Blog Comments
clarisonic on:
Apr/03
New version of Ollydbg!
clarisonic on:
Apr/03
New version of Ollydbg!
trackerx90 on:
Mar/04
SuppressDebugMsg As Anti-De...
coachfactory on:
Feb/25
Portable Executable Format ...
coachfactory on:
Feb/25
A new Anti-Olly trick.
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit