SkillAgentSearch skills...

Idatips

IDAPython / IDC tips and tricks

GenerateConvertImprove

Install / Use

/learn @geeksonsecurity/Idatips
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

IDAPython >= 7.4

Clear output window

    form = ida_kernwin.find_widget("Output window")
    ida_kernwin.activate_widget(form, True)
    idaapi.process_ui_action("msglist:Clear")

Compute function length

def compute_function_length(ea):
    return idc.get_func_attr(ea, idc.FUNCATTR_END) - ea

C++ Name demangling

func_name = idc.get_func_name(f)
demangled_name = idc.demangle_name(func_name, idc.get_inf_attr(idc.INF_SHORT_DN))

Jump to from QModelIndex

# where 1 is the column with the address
idaapi.jumpto(int(item.sibling(item.row(), 1).data(), 16))

Get all subcalls from a function

def get_function_called(ea):
    funcs = []
    for h in idautils.FuncItems(ea):
        for r in idautils.XrefsFrom(h, 0):
            if r.type == idautils.ida_xref.fl_CF or r.type == idautils.ida_xref.fl_CN:
                funcs.append(r.to)
    return funcs

Search for pattern across whole binary

sequence = "83 F8 01"
found_ea = ida_ida.inf_get_min_ea()-1
end_ea = ida_ida.inf_get_max_ea()
print(f"Looking for pattern in {hex(found_ea+1)}-{hex(end_ea)}")
while True:
    found_ea = idaapi.find_binary(found_ea+1, end_ea, needle, 16, idaapi.SEARCH_DOWN)
    if found_ea == idaapi.BADADDR: break
    print(f"Found at {hex(found_ea)}")

Verify if address is mapped/valid

addr = 0xdeadbeef
if addr >= ida_ida.inf_get_min_ea() and addr <= ida_ida.inf_get_max_ea():
    print("Valid address!")

Start

from ida_dbg import start_process
start_process()

Debugging

Attach to a process

target = "Process.exe"
pis = ida_idd.procinfo_vec_t()
count = ida_dbg.get_processes(pis)
print(f"Found {count}")
for p in pis:
    print(f"{p.pid}: {p.name}")
    if target in p.name:
        print(f"Attaching to process {p.name}")
        ida_dbg.attach_process(p.pid)

Add breakpoint

from ida_dbg import add_bpt
add_bpt(address)

Refresh memory of debugger

from ida_dbg import refresh_debugger_memory
refresh_debugger_memory()

Read memory

from ida_bytes import *
get_byte(ea, size)
get_dword(ea)
get_qword(ea)

Read register

from ida_dbg import get_reg_val
rcx = get_reg_val("rcx")

PyQt5 related

Add QIcon without including a file (base64 encoded)

toolbar = QtWidgets.QToolBar()
saveImg = QtGui.QPixmap()
saveImg.loadFromData(base64.b64decode("BASE64ENCODEDICON))
saveAction = QtWidgets.QAction(QtGui.QIcon(saveImg), "Save", parent)
toolbar.addAction(saveAction)

Related Skills

node-connect

343.1k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

90.0k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

343.1k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

qqbot-media

343.1k

QQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。

geeksonsecurity

View profile

View on GitHub
GitHub Stars38
CategoryDevelopment
Updated1y ago
Forks3
geeksonsecurity/idatips

Security Score

60/100

Audited on Mar 27, 2025

No findings