Awesome
ida-images
Image preview plugin for Ida disassembler.
Application
I made this plugin to ease finding image decoding routines - I can run some complex code and see if the memory contains the image I'm looking for afterwards.
Features
- Standalone frontend for analyzing plain files
- Multiple pixel formats to choose from: RGB, BGR, alpha channels, etc.
- Saving as PNG
- Adjusting brightness (useful for searching for images using palettes)
- Flipping vertically (useful for analyzing images using BMP-like layout)
- Convenient keyboard shortcuts:
- <kbd>G</kbd> - go to address (supports input such as
edi) - <kbd>Q</kbd> - close
- <kbd>Ctrl</kbd> + <kbd>S</kbd> - save as…
- <kbd>Ctrl</kbd> + <kbd>F</kbd> - toggle vertical flip
- <kbd>H</kbd> - shrink size horizontally by 1 pixel
- <kbd>J</kbd> - expand size vertically by 1 pixel
- <kbd>K</kbd> - shrink size vertically by 1 pixel
- <kbd>L</kbd> - expand size horizontally by 1 pixel
- <kbd>Shift</kbd> + <kbd>H</kbd> - shrink size horizontally by 25 pixels
- <kbd>Shift</kbd> + <kbd>J</kbd> - expand size vertically by 25 pixels
- <kbd>Shift</kbd> + <kbd>K</kbd> - shrink size vertically by 25 pixels
- <kbd>Shift</kbd> + <kbd>L</kbd> - expand size horizontally by 25 pixels
- <kbd>←</kbd> - go backward by one byte
- <kbd>→</kbd> - go forward by one byte
- <kbd>Shift</kbd> + <kbd>←</kbd> - go backward by 25 bytes
- <kbd>Shift</kbd> + <kbd>→</kbd> - go forward by 25 bytes
- <kbd>Ctrl</kbd> + <kbd>←</kbd> - go backward by 1/10 a "page"
- <kbd>Ctrl</kbd> + <kbd>→</kbd> - go forward by 1/10 a "page"
- <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>←</kbd> - go backward by one "page"
- <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>→</kbd> - go forward by one "page"
- <kbd>G</kbd> - go to address (supports input such as
Additionally, I'm open to feature requests, as long as they won't make the code too bloated.
Installing IDA plugin
Either drop the rgb-ida.py file and librgb directory in C:\Program Files\IDA 7.0\plugins (or similar) and then run it via <kbd>Ctrl</kbd> +
<kbd>3</kbd>, or run the script manually with <kbd>Alt</kbd> + <kbd>F9</kbd>.
Tested on: IDA Pro 6.6, 6.8, 7.0
Installing standalone version
In this case you can either directly use ./rgb, or install it globally with
sudo python setup.py install.
Seeing it in action
Viewing program code
I have no idea what the gradients are there for, but it's certainly interesting!
More mysterious data.
Viewing actual bitmap
Now all that's left is to localize the exact function that allocated this segment... and voilà.