IDAPython note

IDAPython is an IDA plugin which makes it possible to write scripts for IDA in the Python programming language. IDAPython provides full access to both the IDA API and any installed Python module.

At first it should be downloaded separately, at github to pull its src and bin, until in IDA Pro 6.8 it was designed to be built-in.

IDA Python API

We can visit IDAPython documentation for a complete API document, and IDC APIs at IDA Help: Alphabetical list of IDC functions
(More IDA helps at IDA Help: The Interactive Disassembler Help Index)

However, there are API changes between different versions of IDA Pro, so 2 solutions:

1. Visit Porting from IDAPython 6.x-7.3, to 7.4 to migrate older APIs to the latest Version. [Recommended]

• If you don’t have the latest IDA Pro but version 7.0,
  IDA 7.0 SDK: Porting from IDA 4.9-6.x API to IDA 7.0 API

2. Or add from idc_bc695 import * (to replace idc lib with idc_bc695 in situ) at the head of idapython script, change the value of AUTOIMPORT_COMPAT_IDA695 to be true in /path/to/IDA/cfg/idapython.cfg, then you can still use old APIs.

• See the official page IDA 7.0: IDAPython backward-compatibility with 6.95 APIs

Run in Command Line

As in the doc IDA Help: Command line switches writes detailed parameter explaination, here emphasizes some and gives sample usages.

$ ida -L"/path/to/logfile" -c -A -S"/path/to/script argv[1] argv[2] argv[3]" /path/to/target_file

In the command above:

• -L is important, since you needs error/warning report to know whether your script works fine.
  • Note: no space for parameter and value.
  • to let script prints in stdout rather than logfile, add this in /path/to/IDA/python/3/init.py:

    sys.stdout = sys.stderr = IDAPythonStdOut()

• -c to clean the old database.
• -A autonomous mode.
  • IDA will not display dialog boxes. (like CLI, but needs X Window)
  • Designed to be used together with -S switch.
• -S to execute a script file when the database is opened.
  • support multi args
  • Note: no space for parameter and value.
• the target_file is normally the binary to apply the idapython script.
• the -B parameter is often used, batch mode.
  • IDA will generate .IDB and .ASM files automatically
  • like -A it will make it silent, without IDA window popping up.

Attention: the ida and ida64 are for GUI, and the idat and idat64 are for TUI, all of them can be used for idapython scripts. They may behave differently when executing scripts, and from the command line to start GUI requires X Window support (by the terminal software you use), or you get errors like QXcbConnection: Could not connect to display (even just running idapython scripts in silence). Using idat and idat64 to run scripts is preferred.