idapython_skill

This skill helps you automate IDA Pro reverse engineering tasks by leveraging modern ida_* modules to analyze, decompile, and manipulate IDA databases.
  • Python

5.6k

GitHub Stars

1

Bundled Files

3 weeks ago

Catalog Refreshed

2 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstart where the catalogue uses aiagentskills.

npx veilstart add skill mrexodia/ida-pro-mcp --skill idapython

  • SKILL.md4.9 KB

Overview

This skill provides practical IDAPython guidance and patterns for writing IDA Pro Python scripts focused on binary analysis, decompilation, and database manipulation. It emphasizes modern ida_* modules, common iterators from idautils, Hex-Rays decompiler usage, and best practices to avoid legacy pitfalls. Use it to accelerate scripting, automate triage, and safely modify an IDA database.

How this skill works

The skill maps common reverse-engineering tasks to the appropriate ida_* modules (bytes, functions, types, xrefs, decompiler, segments, etc.) and supplies concise code patterns for iteration, decoding, type application, and ctree traversal. It enforces critical rules: wait for autoanalysis, run SDK calls on the main thread, treat ea_t as 64-bit, and avoid manual hex/decimal conversions by using the int_convert tool. Examples show reading/patching bytes, enumerating functions and strings, working with tinfo_t, and walking the Hex-Rays AST.

When to use it

  • Writing or refactoring IDAPython scripts that target modern IDA APIs
  • Automating cross-reference, function, or string enumeration tasks
  • Applying or parsing types and structures from decompiled output
  • Interacting with the Hex-Rays decompiler (ctree) for data-flow or call analysis
  • Patching bytes, creating segments, or programmatically adding names and functions

Best practices

  • Prefer ida_* modules over legacy idc functions for stability and clarity
  • Call ida_auto.auto_wait() before reading analysis results
  • Run SDK/IDA calls on the main thread (use @idasync or execute_sync for background tasks)
  • Avoid hardcoded addresses; use names, xrefs, and patterns instead
  • Use idautils iterators (Functions, FuncItems, XrefsTo, Strings) for efficient traversal

Example use cases

  • Batch-rename functions using ida_name.get_name/set_name and idautils.Functions()
  • Decompile a function and extract local variable types via ida_hexrays.decompile and cfunc.lvars
  • Find all callers of an API using idautils.XrefsTo and classify call sites
  • Apply a parsed typedef to an address with ida_typeinf.parse_decl and apply_tinfo
  • Patch bytes across a range using ida_bytes.get_bytes and ida_bytes.patch_bytes while respecting autoanalysis

FAQ

No. Prefer ida_* modules; idc is legacy and can lead to brittle scripts.

How do I avoid blocking UI during long operations?

Use execute_sync() or run long tasks in background threads and marshal SDK calls to the main thread with @idasync.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational