/ida-images

Image preview plugin for IDA disassembler.

Primary LanguagePythonMIT LicenseMIT

ida-images

Image preview plugin for Ida disassembler.

Application

I made this plugin to ease finding image decoding routines - I can run some complex code and see if the memory contains the image I'm looking for afterwards.

Features

  • Standalone frontend for analyzing plain files
  • Multiple pixel formats to choose from: RGB, BGR, alpha channels, etc.
  • Saving as PNG
  • Adjusting brightness (useful for searching for images using palettes)
  • Flipping vertically (useful for analyzing images using BMP-like layout)
  • Convenient keyboard shortcuts:
    • G - go to address (supports input such as edi)
    • Q - close
    • Ctrl + S - save as…
    • Ctrl + F - toggle vertical flip
    • H - shrink size horizontally by 1 pixel
    • J - expand size vertically by 1 pixel
    • K - shrink size vertically by 1 pixel
    • L - expand size horizontally by 1 pixel
    • Shift + H - shrink size horizontally by 25 pixels
    • Shift + J - expand size vertically by 25 pixels
    • Shift + K - shrink size vertically by 25 pixels
    • Shift + L - expand size horizontally by 25 pixels
    • - go backward by one byte
    • - go forward by one byte
    • Shift + - go backward by 25 bytes
    • Shift + - go forward by 25 bytes
    • Ctrl + - go backward by 1/10 a "page"
    • Ctrl + - go forward by 1/10 a "page"
    • Ctrl + Shift + - go backward by one "page"
    • Ctrl + Shift + - go forward by one "page"

Additionally, I'm open to feature requests, as long as they won't make the code too bloated.

Installing IDA plugin

Either drop the rgb-ida.py file and librgb directory in C:\Program Files\IDA 7.0\plugins (or similar) and then run it via Ctrl + 3, or run the script manually with Alt + F9.

Tested on: IDA Pro 6.6, 6.8, 7.0

Installing standalone version

In this case you can either directly use ./rgb, or install it globally with sudo python setup.py install.

Seeing it in action

Viewing program code

A piece of code

I have no idea what the gradients are there for, but it's certainly interesting!

Are you LZSS?

More mysterious data.

Viewing actual bitmap

A bitmap

Now all that's left is to localize the exact function that allocated this segment... and voilà.