Windows>> ida-images>> 返回
项目作者: rr-

项目描述 :
Image preview plugin for IDA disassembler.
高级语言: Python
项目地址: git://github.com/rr-/ida-images.git
创建时间: 2015-03-16T20:57:44Z
项目社区:https://github.com/rr-/ida-images
开源协议:MIT License
下载


ida-images

Image preview plugin for Ida disassembler.

Application

I made this plugin to ease finding image decoding routines - I can run some
complex code and see if the memory contains the image I’m looking for
afterwards.

Features

  • Standalone frontend for analyzing plain files
  • Multiple pixel formats to choose from: RGB, BGR, alpha channels, etc.
  • Saving as PNG
  • Adjusting brightness (useful for searching for images using palettes)
  • Flipping vertically (useful for analyzing images using BMP-like layout)
  • Convenient keyboard shortcuts:
    • G - go to address (supports input such as edi)
    • Q - close
    • Ctrl + S - save as…
    • Ctrl + F - toggle vertical flip
    • H - shrink size horizontally by 1 pixel
    • J - expand size vertically by 1 pixel
    • K - shrink size vertically by 1 pixel
    • L - expand size horizontally by 1 pixel
    • Shift + H - shrink size horizontally by 25 pixels
    • Shift + J - expand size vertically by 25 pixels
    • Shift + K - shrink size vertically by 25 pixels
    • Shift + L - expand size horizontally by 25 pixels
    • - go backward by one byte
    • - go forward by one byte
    • Shift + - go backward by 25 bytes
    • Shift + - go forward by 25 bytes
    • Ctrl + - go backward by 1/10 a “page”
    • Ctrl + - go forward by 1/10 a “page”
    • Ctrl + Shift + - go backward by one “page”
    • Ctrl + Shift + - go forward by one “page”

Additionally, I’m open to feature requests, as long as they won’t make the code
too bloated.

Installing IDA plugin

Either drop the rgb-ida.py file and librgb directory in C:\Program Files\IDA 7.0\plugins (or similar) and then run it via Ctrl +
3, or run the script manually with Alt + F9.

Tested on: IDA Pro 6.6, 6.8, 7.0

Installing standalone version

In this case you can either directly use ./rgb, or install it globally with
sudo python setup.py install.

Seeing it in action

Viewing program code

A piece of code

I have no idea what the gradients are there for, but it’s certainly
interesting!

Are you LZSS?

More mysterious data.

Viewing actual bitmap

A bitmap

Now all that’s left is to localize the exact function that allocated this
segment… and voilà.