1.0.3 GPL (GNU General Public License)    
3.2/5 16
ida-x86emu is a plugin for the IDAPro Disassembler.





ida-x86emu is a plugin for the IDAPro Disassembler. Its purpose is to allow a reverse engineer the chance to step through x86 code while reverse engineering a binary.

The plugin can help you step through any x86 binary from any platform though it does not do library or system calls at the moment. I find it particularly useful for stepping through obfuscated code as it automatically reorganizes an IDA disassembly based on actual code paths.


Here is a quick rundown of the buttons:

Step - Execute a single instruction at eip
Jump - Set eip to the current cursor location
Run - Runs until a breakpoint is encountered
Skip - Skip the instruction at eip, advancing eip to the next instruction
Run to cursor - Execute instructions from eip until eip == the cursor location. Could be dangerous. If you never actually reach the cursor location, there is no good way to regain control

Push - Opens an input window for you to push data onto the plugin's stack. Enter data as space separated values. Each value is treated as a 4 byte quantity. Values are pushed right to left, so you would enter them in the same order they appear in a C argument list for example.

Set Data - Opens a dialog where you can specify an address and data values to write at that address. Data values can be entered in a variety of formats depending on the radio button that you select

Segments - Opens the segment register dialog box. You can set 16 bit values for any segment register and 32 bit values for the segment base. This is a crude workaround for the current lack of a GDT. 16 bit addressing is not currently implemented. All address values are added to the appropriate segment base address (either implied or explicit)
Last updated on November 2nd, 2010

0 User reviews so far.