A curated list of IDA x64DBG and OllyDBG plugins. IDA is a powerful disassembler and debugger that allows to analyze binary, it also includes a decompiler. X64DBG is an open-source x64/x32 debugger for Windows. OllyDbg is a 32-bit assembler level analysing debugger for Windows.
- Keypatch: Friendly assembly-level patching/searching plugin (using multi-arch assembler framework Keystone engine inside).
- Lazy ida: Add functionalities such as function return removing, converting data, scanning for string vulnerabilities.
- IDAemu: Use for emulating code in IDA Pro. It is based on unicorn-engine.
- IDA_EA: A set of exploitation/reversing aids for IDA.
- Labeless: System for labels/comments synchronization with a debugger backend.
- Idadiff: A diffing tool using Machoc Hash.
- IDA Skin: Plugin providing advanced skinning support for IDA Pro utilizing Qt stylesheets, similar to CSS.
- Auto Re: Auto-renaming dummy-named functions, which have one API call or jump to the imported API.
- IDA IPython: An IDA Pro Plugin for embedding an IPython.
- IDA Sploiter: An exploit development and vulnerability research plugin.
- IDATropy: It is designed to generate charts of entropy and histograms using the power of idapython and matplotlib.
- IDA Patcher: It is designed to enhance IDA's ability to patch binary files and memory.
- IDAHunt: Analyze binaries with IDA Pro and hunt for things in IDA Pro.
- IDA for Delphi: IDA Python Script to Get All function names from Event Constructor (VCL).
- IDA ARM Highlight: Highlighting and decoding ARM system instructions.
- BinDiff: It is a comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
- Diaphora: It is a program diffing plugin for IDA, similar to Zynamics Bindiff.
- Yaco: Collaborative Reverse-Engineering for IDA.
- IDASignSrch: It can recognize tons of compression, multimedia and encryption algorithms and many other things like known strings and anti-debugging code.
- Findcrypt2: It searches constants known to be associated with cryptographic algorithm in the code.
- Driver Buddy: It assists with the reverse engineering of Windows kernel drivers.
- Heap Viewer: Used to examine the glibc heap, focused on exploit development.
- IDAScope: It consists of multiple tabs, containing functionality to achieve different goals such as fast identification of semantically interesting locations.
- HexRayPytools: Assist in the creation of classes/structures and detection of virtual tables.
- Ponce: Symbolic Execution just one-click away!
- idenLib.py: idenLib (Library Function Identification ) plugin for
IDA Pro
- J.A.R.V.I.S A plugin for IDA Pro to assist you with the most common reversing tasks. It integrates with the (J.A.R.V.I.S) tracer.
- golang_loader_assist: Making GO reversing easier in IDA Pro
- FindYara: IDA python plugin to scan binary with yara rules.
- Checksec: x64dbg plugin to check security settings.
- ClawSearch: A memory scanner plugin for x64dbg, inspired by Cheat Engine.
- x64DBGPYLIB: Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.
- xAnalyzer: It is capable of doing various types of analysis over the static code of the debugged application to give more extra information to the user.
- x64DBGIDA: Official x64dbg plugin for IDA Pro.
- x64dbg Dark Theme: Simple dark theme.
- X64DBG YaraGen: Generate Yara rules from function basic blocks.
- Diff: Very simple plugin to diff a section in memory with a file.
- Unpacking Script: Unpacking script for x64dbg.
- Anti Anti: Open-source user-mode Anti-Anti-Debug plugin.
- ScyllaHide: https://github.com/x64dbg/ScyllaHide
- Highlightfish: Plugin to customize x64dbg.
- TitanHide: It is a driver intended to hide debuggers from certain processes.
- idenLibX: idenLib (Library Function Identification ) plugin for
x32dbg
/x64dbg
- OllyDumpEx: This plugin is process memory dumper for OllyDbg.
- OllyDeobfuscator: Deobfuscator for Olly.
- Phantom: Anti anti-debug trick.
- TLSCatch 0.3: This plugin simply intercepts any new module loaded into the current process address space, searches it for TLS callbacks.
- AnalyzeThis: Assisting for unpacking.