Skip to content

Latest commit

 

History

History
62 lines (46 loc) · 2.49 KB

README.md

File metadata and controls

62 lines (46 loc) · 2.49 KB

Dynamic Data Resolver (DDR) IDA Pro Plug-in

Version 0.1 alpha

Tested on IDA 7.2

Copyright (C) 2019 Cisco Talos
Autor: Holger Unterbrink ([email protected])

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Blog

You can find an overview video and detailed installation instructions at:

https://blog.talosintelligence.com/2019/01/ddr.html

Python Requirements

- Requests    (http://docs.python-requests.org)   # on the IDA machine (Analyst PC)
- Flask       (http://flask.pocoo.org/)           # only on the ddr_server.py machine (Malware host)
- PyOpenSSL   (https://pyopenssl.org/en/stable/)  # only on the ddr_server.py machine (Malware host)

e.g.  
pip install -U requests  
pip install -U Flask  
pip install -U pyOpenSSL  

Other Requirements

- DynamoRIO (https://www.dynamorio.org/) # only on ddr_sever.py machine (Malware host)

Hint: Make sure you install these requirements for the same Python version IDA is using.

Disclaimer
Talos is releasing this alpha version knowing that it may contain a few bugs and can be improved upon in the future. Nevertheless, we think it is a useful tool that we want to share with the community at an early stage. Please see the source code for where to send issues, bug reports and feature requests. Feel free to contact the author if you run into issues.

Roadmap

  • Automatically copy sample file from IDA to DDRserver.py side
  • Manually enter logging address space range via 'Trace' context menu
  • Create separated config file
  • Return more info to plugin if sample execution returns and error
  • Kill DynamoRIO client after n seconds to fight sleepers
  • Get last n values for instructions which are executed multiple times
  • Improve input checks for user-provided data
  • Improve API implementation
  • Code cleanup needs to be better structured for easier implementation of new features.