Skip to content
/ ida-embed-arch-disasm Public

Allows IDA PRO to disassemble x86-64 code (WOW64) in 32-bit database

License

Apache-2.0 license
25 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

a1ext/ida-embed-arch-disasm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
docs
docs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ida-embed-arch-disasm.py
ida-embed-arch-disasm.py
 
 

Repository files navigation

IDA Embed arch disasm

Allows you to disassemble x86-64 code (like inlined WOW64 one) while you using 32-bit IDA database. This would be helpfull to analyze WOW64 mode switches.

Dependencies

  • capstone Python module

In case you use IDA 7 and newer make sure you download and install capstone for appropriate Python version and architecture, because since IDA 7 by default is 64-bit. You could find the binary installer here

Installation

  • Install capstone

  • Download the main plugin module ida-embed-arch-disasm.py (Right click the link -> Save link as...) and save it to IDA plugins folder

Showcase

Before

before0.png

Select the range you want to disassemble

open_menu0.png

After (disassembled instructions are in comments)

after0.png

About

Allows IDA PRO to disassemble x86-64 code (WOW64) in 32-bit database

Topics

x86-64 ida-pro ida-plugin idapython disasm

Resources

Readme

License

Apache-2.0 license
Activity

Stars

25 stars

Watchers

3 watching

Forks

9 forks
Report repository

Releases 2

IDA 7.7 support Latest
Dec 27, 2021
+ 1 release

Packages

No packages published

Languages