qira icon indicating copy to clipboard operation
qira copied to clipboard

Published 20 hours ago verified publisher icon geohot

Enhancement: IDA Tracing and Process Hooking

Open bannsec opened this issue 9 years ago • 1 comments

Hey all,

Recently been making another push at understanding this tool. I can totally see the benefit, but from an outsider it is difficult to get up to speed. A "QIRA In A Nutshell" would be nice.

Anyway, my real purpose here is to comment on some useful features IMHO. One of them would be the ability to attach to already running processes. The second one would be to be able to ingest an IDA Pro full trace file. The reasons for both of these are to help deal with complicated code. While QIRA does have the ability to not start until a given spot, I feel like being able to take advantage of IDA's more powerful tracing would allow us to use QIRA to display and navigate it better.

bannsec avatar Jan 22 '16 22:01 bannsec

Love both these ideas! Write up the docs, and we can add them to the main website. And always looking for feature pull requests.

geohot avatar Jan 27 '16 16:01 geohot