IDA PRO auto-renaming plugin with tagging support
Some screenshots of TAGS view:
How TAGs look in unexplored code:
You can easily rename function using its context menu or just pressing n hotkey:
Just copy auto_re.py to the IDA\plugins directory and it will be available through Edit -> Plugins -> Auto RE menu
A nice option would be to allow a right click on a function name to rename it (e.g. you see a function is calling open, read, close you could just rename it form the view as readfullfile or something like that)
If you look at the current AutoRE view, you see all the functions that call functions that are defined in the TAG list.
However, the functions in the TAG list will most times only be a small part of the overall functions that are imported from various libraries. And it will never be feasible to adapt your python script to have all possible imports in the TAG list.
So, a second view (because the already existing view is good and should not be changed) could show every imported functions call in a function.
See the unrar binary we assessed. it also imports time(), umask(), wmemmove() and lots of other functions. So a second view that would show which functions call which imports, not only those in a TAG list, would be handy and give a very good quick overview what is happening in which function.
(in a next step you could even go as fas as renaming functions to imports that are not in the TAG list if the function only calls one imported function and no other call or far jmp)
I hope I explained it better now?
Hi,
I am running ida64 on Windows and in this example I am loading a linux x64 unrar.
Then I run the AutoRE plugin via Edit->Plugins->AutoRE
The AutoRE window is displayed however is completely empty.
The output window only shows "Note: FormToPyQtWidget: importing 'sip' module into <module 'main' from ''>"
As you can see, there are a lot of imports:
I thought maybe your TAG{} list is not matching things which might be the problem so I add a file: [ 'open', ... ], in there, but that did not change anything.
What could be the issue?
How about support for IDA 7.0 ?
:)
Hey!
Love the plugin for a quick snapshot. As of 7.3 on Mac, running the plugin does relabel the function names but opening the AutoRE window is empty. Definitely miss this snapshot view. Any chance of fixing it? (is it just my machine?)
improve:Failure to identify
repair:Failed to display in the window.
The initial autoanalysis has been finished.
fn: 0x401040: 1 calls, 0 math possible name: ??0CWinApp@@QAE@PBD@Z, normalized: au_re_0CWinApp
fn: 0x4010b0: 1 calls, 0 math possible name: ??1CWinApp@@UAE@XZ, normalized: au_re_1CWinApp
fn: 0x4010f0: 1 calls, 0 math possible name: au_re_0CWinApp, normalized: au_re_0CWinApp
fn: 0x401110: 1 calls, 0 math possible name: _atexit, normalized: au_re__atexit
fn: 0x401130: 1 calls, 0 math possible name: au_re_1CWinApp, normalized: au_re_1CWinApp
fn: 0x401250: 1 calls, 0 math possible name: ??3@YAXPAX@Z, normalized: au_re_alloc
fn: 0x4012b0: 1 calls, 0 math possible name: ??0CDialog@@QAE@IPAVCWnd@@@z, normalized: au_re_0CDialog
fn: 0x401320: 1 calls, 0 math possible name: ??1CDialog@@UAE@XZ, normalized: au_re_1CDialog
fn: 0x401940: 1 calls, 0 math possible name: ?AfxGetModuleState@@YGPAVAFX_MODULE_STATE@@xz, normalized: au_re_AfxGetModuleState
fn: 0x4019f0: 1 calls, 0 math possible name: DrawIcon, normalized: au_re_DrawIcon
fn: 0x401a20: 1 calls, 0 math possible name: AppendMenuA, normalized: au_re_AppendMenuA
fn: 0x401a50: 1 calls, 0 math possible name: SendMessageA, normalized: au_re_SendMessageA
fn: 0x401ab0: 1 calls, 0 math possible name: IsIconic, normalized: au_re_IsIconic
fn: 0x401ad0: 1 calls, 0 math possible name: GetClientRect, normalized: au_re_GetClientRect
fn: 0x401b00: 1 calls, 0 math possible name: SendMessageA, normalized: au_re_SendMessageA
fn: 0x401b30: 1 calls, 0 math possible name: ?Default@CWnd@@IAEJXZ, normalized: au_re_Default
fn: 0x401b50: 1 calls, 0 math possible name: ?Default@CWnd@@IAEJXZ, normalized: au_re_Default
fn: 0x401b70: 1 calls, 0 math possible name: ?Default@CWnd@@IAEJXZ, normalized: au_re_Default
fn: 0x401b90: 1 calls, 0 math possible name: EnableWindow, normalized: au_re_EnableWindow
fn: 0x401bc0: 1 calls, 0 math possible name: EnableWindow, normalized: au_re_EnableWindow
fn: 0x402120: 1 calls, 0 math possible name: au_re_1CDialog, normalized: au_re_1CDialog
fn: 0x402140: 1 calls, 0 math possible name: ??1CPaintDC@@UAE@XZ, normalized: au_re_1CPaintDC
Note: FormToPyQtWidget: importing 'sip' module into <module 'main' from ''>
Loading Interactive Function List...Command "OpHex" failed
not showed in the plugin menu
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
