Skip to content
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.

Latest commit

 

History

History
62 lines (31 loc) · 2.71 KB

README.md

File metadata and controls

62 lines (31 loc) · 2.71 KB

⚠️ Important Note: ⚠️

Notice: This project is deprecated and no longer actively maintained. For a more comprehensive and feature-rich alternative, we recommend checking out The Codex Rebirth, which includes Step Tracing functionality and provides a more advanced and up-to-date solution. We encourage you to migrate to The Codex Rebirth for better performance and a wider range of features.


EasyRe plugin

tags arch version

IDA Python 3 plug-in to make your RE life easier. Trace execution and save code/memory for detailed exploration. It allow in a easy way to compare data given to specific part of the code between different calls.

NEW

Go checkout frida-ultimap.

Usage

You tube video link (old version) :

demo


Installation :

pip3 install idna easygui

Shortcut :

Open the plugin : crtl+shift+u

Usage :

Function Tracing

Function tracing puts breakpoints on the whole code of a function and its direct children in order to register each step. The goal is to capture the whole trace in order to understand what's going on thanks to the trace explorer integrated in this plug-in.

Important: In order to use it you must place a single breakpoint at the start of the function you want to analyze and hit that breakpoint with IDA, then launch the tracing.

Surgical Tracing

In case you only want to monitor specific places in the code, this option is the right choice. It allows you to put breakpoints at different places in the code, and then choose the number of times you want to pass over them. This allows us to compare the values of the registers and the stack between several passes.

Step Over, Step Into, Resume

As the name suggest, simply go to the next instruction and register the data in the current trace.

Load And Save

The plug-in has the capacity to save the trace in order to load it the next time you need it.

Windows API hook

If you are tired of placing breakpoints on windows functions that are entry points for the kernel and are often used by malware, here is a feature that should be of interest to you. It will automatically place breakpoints on a number of system functions, even if they are not in the imports, in order to make reversing easier.

Extra Note:

Some improvements will come in the next months, like an accurate parent tracing.