IDA’s functionality can easily be extended by the use of programmable plug-ins. Plugins may be written to automate routine tasks, for example to enhance the analysis of hostile code or to add specific functionality to our disassembler. Plugins should be written in C++. They may be linked to hot keys or menu items and have full access to the IDA database and may examine or modify the program or use I/O functions. Our SDK contains
- 4 sample plugins
- a simple “hello world” type plugin.
- a sample processor extension plugin (adds 2 NEC V20 specific instructions to the 80×86 processor module).
- a sample pdb file loader ( as used by IDA itself ).
- a sample executable decryption plugin.
- a sample graphing
plugin. [ image 1 ] [ image
2 ]
- the source code
to a 30+ processor modules !
- the source code
to a 20+ loaders
- header
files
(almost 19.000 lines of heavily commented documentation to IDA’s exported
interface).
- import
libraries for Borland
C/C++ (32 & 64 bits), Microsoft Visual C++
6 (32 & 64 bits), GNU C/C++ (32 & 64 bits), Watcom 11
The SDK is free to any registered IDA user
- if you received IDA on a CD, the SDK can be found in the SDK directory.
- if you received IDA as a download, the SDK download information can be found in the e-mail you have received.
additional free plugins, from Ilfak’s blog
- stealth: stealth against anti-debugging tricks.
- findcrypt: identifies some frequently used block ciphers.
- highlighter: highlights code that has been single stepped through in a debugging session.
- unispector: extracts unicode strings from an IDA database.