Skip to content

Instantly share code, notes, and snippets.

View icecr4ck's full-sized avatar

Hugo icecr4ck

76 followers · 9 following
View GitHub Profile
@icecr4ck
icecr4ck / idapython_ctree.md
Last active July 5, 2025 10:29
Notes on CTREE usage with IDAPython

IDAPython CTREE

Important links

Description

The CTREE is built from the optimized microcode (maturity at CMAT_FINAL), it represents an AST-like tree with C statements and expressions. It can be printed as C code.

@icecr4ck
icecr4ck / decrypt_from_args_mc.py
Created October 9, 2019 16:57
Example of IDA Microcode script to parse the arguments of a call to a decryption function
import idautils
import ida_range
import ida_hexrays as hr
class decryptor(hr.mop_visitor_t):
def visit_mop(self, op, type, is_target):
if op.t != hr.mop_f:
return 0
@icecr4ck
icecr4ck / plugin_ida.py
Last active December 6, 2023 12:36
IDAPython plugin template.
import idaapi
class ExamplePlugin(idaapi.plugin_t):
flags = idaapi.PLUGIN_DRAW
comment = "This plugin does nothing useful"
help = "No help is needed"
wanted_name = "Example"
wanted_hotkey = "Alt-F11"
def init(self):
@icecr4ck
icecr4ck / idapython_cheatsheet.md
Last active July 9, 2025 09:25
Cheatsheet for IDAPython
@icecr4ck
icecr4ck / bn_miasm_jitter.py
Created June 26, 2019 20:04
Using Miasm Jitter in Binary Ninja.
from binaryninja import *
from miasm.jitter.csts import PAGE_READ, PAGE_WRITE
from miasm.analysis.machine import Machine
def stop_sentinelle(jitter):
jitter.run = False
jitter.pc = 0
return True
def emulate(bv, addr):
@icecr4ck
icecr4ck / ida_mc_notes.md
Last active May 24, 2025 00:05
Some notes about the IDA Microcode (intermediate language).
@icecr4ck
icecr4ck / binja_ui_template.py
Created June 12, 2019 19:33
Template for writing Binary Ninja UI plugins.
import sys
from PySide2.QtWidgets import (QApplication, QDialog, QPushButton, QLabel, QHBoxLayout)
from PySide2.QtCore import Qt
from binaryninjaui import (UIAction, UIActionHandler, Menu)
class GreatUI(QDialog):
def __init__(self, parent=None):
super(GreatUI, self).__init__(parent)
self.setWindowModality(Qt.NonModal)
@icecr4ck
icecr4ck / disass_multiple.py
Created June 10, 2019 16:11
Disassemble at multiple offsets with Miasm
from miasm.analysis.binary import Container
from miasm.analysis.machine import Machine
from miasm.core.asmblock import AsmCFG
cont = Container.from_string("\xff\xe0\x89\xc0\x89\xd8\xeb\x05\x89\xc8\xeb\x01\x90\xc3")
bs = cont.bin_stream
machine = Machine("x86_32")
mn, dis_engine = machine.mn, machine.dis_engine
@icecr4ck
icecr4ck / get_ircfg.py
Created June 2, 2019 20:59
Basic script to extract intermediate representation CFG with Miasm (and apply simplifications)
import sys
from miasm.analysis.machine import Machine
from miasm.analysis.binary import Container
from miasm.analysis.simplifier import IRCFGSimplifierSSA, IRCFGSimplifierCommon
cont = Container.from_stream(open(sys.argv[1], 'rb'))
machine = Machine('x86_64')
mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
@icecr4ck
icecr4ck / get_asmcfg.py
Last active August 9, 2021 06:14
Basic script to extract assembly CFG with Miasm
import sys
from miasm.analysis.machine import Machine
from miasm.analysis.binary import Container
#def cb_example(cur_bloc, loc_db, offsets_to_dis, *args, **kwargs):
#if len(cur_bloc.lines) < 1:
#return
cont = Container.from_stream(open(sys.argv[1], 'rb'))