mIDA - MIDL Analyzer for IDA
Description
mIDA is a plugin for the IDA disassembler that can extract RPC interfaces from a binary file and recreate the associated IDL definition. mIDA is free and fully integrates with the latest version of IDA (5.0).
This plugin can be used to :
- Navigate to RPC functions in IDA
- Analyze RPC function arguments
- Understand RPC structures
- Reconstruct an IDL definition file
The IDL code generated by mIDA can be, most of the time, recompiled with the MIDL compiler from Microsoft (midl.exe).
mIDA is freely distributed to the community by Tenable in the hope it will be useful to you and help research engineers to work more effectively on RPC programs. However, Tenable does not provide support for this tool and offers no garantee regarding its use or output. Please read the end-user license agreement before using this program.
How to install mIDA
Copy the file "mida.plw" into the IDA plugins directory (usually C:\Program Files\IDA\plugins) and restart IDA.
How to use it
mIDA can be launched through the plugins menu or by the keyboard shortcut 'CTRL+7'. When the analysis is done, RPC interfaces are displayed in separate lists :
If a function name is already defined in IDA (for example if the symbol file is loaded) mIDA will use it when displaying the results. Otherwise, a function name is created by using the function opcode (eg: function_01).
It is possible to edit each function :
mIDA allows to edit (right click -> edit) :
- The function name
- The "MIDL_TypeFormatString" address
- The address of the function in "MIDL_ProcFormatString".
To obtain the IDL code of a RPC function, you must :
- Select the desired function
- Do a right click
- Click on "decompile"
Then, a new IDA window will appear with the IDL code (which can be edited). It is possible to decompile all functions by choosing "decompile all" instead of "decompile".
Download
You can download mIDA 1.0.8 here
|
|
|
