/FIDL

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Primary LanguagePythonMIT LicenseMIT

GitHub PyPI - Status GitHub release (latest by date) PyPI PyPI - Python Version Documentation Status

███████╗██╗██████╗ ██╗     
██╔════╝██║██╔══██╗██║     
█████╗  ██║██║  ██║██║     
██╔══╝  ██║██║  ██║██║     
██║     ██║██████╔╝███████╗
╚═╝     ╚═╝╚═════╝ ╚══════╝

FLARE IDA Decompiler Library

FIDLing with the decompiler API

This is a set of utilities wrapping the decompiler API into something sane. This code focus on vulnerability research and bug hunting, however most of the functionality is generic enough to be used for broader reverse engineering purposes.

Installation

The recommended way to install this is to use python's pip. Keep in mind that you have to use the pip corresponding to the Python installation IDA is using. In case you have more than one installation (for example 32 and 64 bits), you can find which one IDA uses by typing this into the console:

import sys
sys.version

cd to the directory containing setup.py

Release mode: pip install .

Development (editable) mode: pip install -e .[dev]

In development mode, pip will install pytest and some linters helpful while developing, as well as creating symbolic links under python's packages directory instead of copying FIDL to it. This allows you to modify your .py files and test on the fly, without needing to reinstall every time you make a change :)

Documentation

You can find up to date documentation online here

The source distribution has built-in documentation here