ida-x86emu 1.0.3

ida-x86emu is a plugin for the IDAPro Disassembler.
ida-x86emu is a plugin for the IDAPro Disassembler. Its purpose is to allow a reverse engineer the chance to step through x86 code while reverse engineering a binary.

The plugin can help you step through any x86 binary from any platform though it does not do library or system calls at the moment. I find it particularly useful for stepping through obfuscated code as it automatically reorganizes an IDA disassembly based on actual code paths.

Usage:

Here is a quick rundown of the buttons:

Step - Execute a single instruction at eip
Jump - Set eip to the current cursor location
Run - Runs until a breakpoint is encountered
Skip - Skip the instruction at eip, advancing eip to the next instruction
Run to cursor - Execute instructions from eip until eip == the cursor location. Could be dangerous. If you never actually reach the cursor location, there is no good way to regain control

Push - Opens an input window for you to push data onto the plugin's stack. Enter data as space separated values. Each value is treated as a 4 byte quantity. Values are pushed right to left, so you would enter them in the same order they appear in a C argument list for example.

Set Data - Opens a dialog where you can specify an address and data values to write at that address. Data values can be entered in a variety of formats depending on the radio button that you select

Segments - Opens the segment register dialog box. You can set 16 bit values for any segment register and 32 bit values for the segment base. This is a crude workaround for the current lack of a GDT. 16 bit addressing is not currently implemented. All address values are added to the appropriate segment base address (either implied or explicit)

last updated on:
November 2nd, 2010, 11:16 GMT
price:
FREE!
developed by:
Chris Eagle and Jeremy Cooper
license type:
GPL (GNU General Public License) 
category:
ROOT \ Programming \ Debuggers

FREE!

In a hurry? Add it to your Download Basket!

user rating 16

UNRATED
3.2/5
 

0/5

What's New in version 0.9.5a
  • fixed bug in stack growth algorithm
read full changelog

Add your review!

SUBMIT