Support installing diaphora as an IDA plugin
Closed this issue ยท 7 comments
Summary
At the moment, diaphora is run as an IDA script. But I think it would be nice if it would be possible to install it as a plugin instead.
diaphora in FLARE-VM
At the moment, diaphora is installed as part of FLARE-VM by downloading it to the Utilities folder, but we got the feedback that it is not being noticed and I would like to install it as a plugin so that after you install IDA Pro in FLARE-VM, you automatically have it available in the plugins menu: mandiant/VM-Packages#994. This would make it easier for users to find it and use it. We are doing this with several other plugins already:
Implementation
If diaphora would be turned into a Python module (which would involved prepending diaphora. to most of the imports), the IDA plugin code should be something like this:
import idaapi
import diaphora
class DiaphoraPlugin(idaapi.plugin_t):
wanted_name = "Diaphora"
version = "3.2.0"
wanted_hotkey = ""
comment = "Diaphora by joxeankoret"
website = "https://github.com/joxeankoret/diaphora"
help = "Very useful help message"
flags = 0
def init(self):
return idaapi.PLUGIN_KEEP
def term(self):
pass
def run(self, arg):
"""
called when IDA is running the plugin as a script
"""
# Run diaphora
return True
def PLUGIN_ENTRY():
return DiaphoraPlugin()
I think the modification in the code is a bit tedious but not difficult. diaphora_help.pdf mentions maintaince problems as the reason to not support installing diaphora as a plugin. I am not sure if this is because of a bug that may have been already fixed, as for example the code of the capa_explorer plugin is simple (similar to the template above) and I do not think there has been any issue since it was introduced 4 years ago. But I would very interested in knowing more details about possible issues.
Please let me know what you think and how I can help in case you are interested in supporting installing diaphora as a plugin. ๐
+1
I also agree, I think this would be a great improvement!
Hi @Ana06!
Back in the day, in the days of IDA 6.X and the beginning of 7.X, there were various problems running long loops from a plugin instead of from a script like, for example, the "Running command" dialog would not be shown and it wasn't possible to cancel the export or diffing processes; the auto-update dialog was not being shown or replaced or hidden correctly due to IDA bugs in this or that version when running from a plugin instead of from a script. And, well, I simply never thought about implementing it again since I don't even remember how many years.
Let me take a look because I'm 99% sure these problems don't apply anymore and It Should Be Easy (TM) to add support for running it as a plugin.
I have added a very simplistic (for now) IDA plugin for Diaphora. Please take a look to this:
๐
Using an absolute path in the cfg file, it works as expected! ๐ Thanks @joxeankoret
Minor improvement suggestion: Changing the name from Diaphora: Run Diaphora to just Diaphora.
@joxeankoret are you planing to create a new GH release that include the plugin? We are currently using the GH release in FLARE-VM and our bot tries to update to the latest version everytime you release (if the file names that are copied don't change the update should work). ๐
Hey!
Minor improvement suggestion: Changing the name from Diaphora: Run Diaphora to just Diaphora.
Sure, no problem.
Regarding a release, yes, I will do at some point this week together with another small enhancement. I wish I could have more time, alas, it's a single person project.
Looking forward to the release! Thanks for the work @joxeankoret! ๐
And done! Sorry for taking so long.