funcap icon indicating copy to clipboard operation
funcap copied to clipboard

Published 20 hours ago verified publisher icon deresz

db of function calls with IDA gui integration

Open deresz opened this issue 11 years ago • 2 comments

some database interface for collected data + UI plugin in IDA - so that right click on a function call in IDA will show the table with links to different captures for that particular call. This would be really cool.

deresz avatar Mar 25 '13 22:03 deresz

Sounds a bit like Malwasm - https://code.google.com/p/malwasm/ - always thought that needed an IDA plugin...

ostraconify avatar Apr 04 '13 09:04 ostraconify

Yeah this would be almost perfect ... Having malwasm write to IDA directly. "Almost" because malwasm has some limitations:

  • only x86 support currently
  • no interactivity, e.g. you can not run it from the middle of a debugging section (because cuckoo is used) - as the name says it's an "offline debugger"
  • no kernel mode support (PIN does not support)
  • has a GUI to browse the results, but it is far from what IDA provides

It also has many advantages though

  • the usage of PIN which means fast tracing with no "messy" breakpoints plus easy following of dynamically created code
  • thanks to coockoo it will follow the code as it travels through the system (e.g. code injections)
  • said database - it is already there

deresz avatar Apr 04 '13 14:04 deresz