Skip to content

tonybounty/DynDataResolver

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 

Repository files navigation

Dynamic Data Resolver (DDR) IDA Pro Plug-in

Version 0.1 alpha

Tested on IDA 7.2

Copyright (C) 2019 Cisco Talos
Autor: Holger Unterbrink ([email protected])

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Blog

You can find an overview video and detailed installation instructions at:

https://blog.talosintelligence.com/2019/01/ddr.html

Python Requirements

- Requests    (http://docs.python-requests.org)   # on the IDA machine (Analyst PC)
- Flask       (http://flask.pocoo.org/)           # only on the ddr_server.py machine (Malware host)
- PyOpenSSL   (https://pyopenssl.org/en/stable/)  # only on the ddr_server.py machine (Malware host)

e.g.  
pip install -U requests  
pip install -U Flask  
pip install -U pyOpenSSL  

Other Requirements

- DynamoRIO (https://www.dynamorio.org/) # only on ddr_sever.py machine (Malware host)

Hint: Make sure you install these requirements for the same Python version IDA is using.

Disclaimer
Talos is releasing this alpha version knowing that it may contain a few bugs and can be improved upon in the future. Nevertheless, we think it is a useful tool that we want to share with the community at an early stage. Please see the source code for where to send issues, bug reports and feature requests. Feel free to contact the author if you run into issues.

Roadmap

  • Automatically copy sample file from IDA to DDRserver.py side
  • Manually enter logging address space range via 'Trace' context menu
  • Create separated config file
  • Return more info to plugin if sample execution returns and error
  • Kill DynamoRIO client after n seconds to fight sleepers
  • Get last n values for instructions which are executed multiple times
  • Improve input checks for user-provided data
  • Improve API implementation
  • Code cleanup needs to be better structured for easier implementation of new features.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 67.1%
  • C 32.9%