Skip to content

Truthlight/ida-referee

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 

Repository files navigation

Referee

This is a python port of James Koppel's Referee IDA plugin with some updates:
https://github.com/jkoppel/project-ironfist/tree/master/tools/Revitalize/Referee

What it is

It's much easier to reverse-engineer a structure when you can find every place its members are used. If you wish to reengineer the binary and modify a structure, finding every use is essential. Referee makes both of these tasks easier by marking accesses of structures in decompiled functions.

Requirements

  • IDA 7.0 or higher
  • Hex-Rays Decompiler 1.6 or higher

Installation

Copy the plugin into the IDA "plugins" folder

Usage

Referee will automatically run whenever a function is decompiled. It is recommended that you decompile the entire binary for maximum information. This can be done by going to File > Produce file > Create C file... and letting it complete. You can see the cross-references that Referee adds by opening a structure in the Structures window, highlighting a field of a structure, and pressing "X."

Referee does not do type inference; you will still need to give types to your functions for it to find structure uses.

Notes

  • If you annotate a function to remove a struct-member usage, decompiling the function again will remove the corresponding xrefs.
  • Referee only tracks accesses to structure members, not pointer-passing.
  • Configuring debug output: logging.getLogger('referee').setLevel(logging.DEBUG)

Related

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%