This is a python port of James Koppel's Referee IDA plugin with some updates:
What it is
It's much easier to reverse-engineer a structure when you can find every place its members are used. If you wish to reengineer the binary and modify a structure, finding every use is essential. Referee makes both of these tasks easier by marking accesses of structures in decompiled functions.
- IDA 6.2 or higher
- Hex-Rays Decompiler 1.6 or higher
Copy the plugin into the IDA "plugins" folder
Referee will automatically run whenever a function is decompiled. It is recommended that you decompile the entire binary for maximum information. You can see the cross-references that Referee adds by opening a structure in the Structures window, highlighting a field of a structure, and pressing "X."
Referee does not do type inference; you will still need to give types to your functions for it to find structure uses.
- If you annotate a function to remove a struct-member usage, decompiling the function again will remove the corresponding xrefs.
- Referee only tracks accesses to structure members, not pointer-passing.
- Configuring debug output: