Lib.rs

Development tools
#ida #analysis #bindings #sdk #v9 #bindings-generator #idiomatic

idalib

Idiomatic bindings to IDA SDK

by Sam L. Thomas Co-owned by yeggor.

3 unstable releases

0.1.1+9.0.240930 Oct 27, 2024
0.1.0+9.0.240930 Sep 30, 2024
0.0.0 Aug 28, 2024

#395 in Development tools

Download history 158/week @ 2024-08-26 14/week @ 2024-09-16 9/week @ 2024-09-23 183/week @ 2024-09-30 7/week @ 2024-10-07 8/week @ 2024-10-14 66/week @ 2024-10-21 80/week @ 2024-10-28

164 downloads per month
Used in rhabdomancer

MIT/Apache

105KB
2.5K SLoC

idalib

Idiomatic Rust bindings for the IDA SDK, enabling the development of standalone analysis tools using IDA v9.0’s idalib.

IDA support and dependencies

The bindings and examples have been tested against IDA Pro v9.0 on Windows (11), Linux (Ubuntu 24.04 LTS), and macOS Sequoia (Apple Silicon).

In addition to the latest v9.0 IDA SDK and IDA itself, a recent version of LLVM/Clang is required (this is to help generate bindings from the SDK), it can be obtained from, e.g., here.

Developing with idalib

For development, only the IDA SDK is required, whereas to run tests, an IDA installation (with a valid license) is required. During build, the crates locate the SDK and IDA installation using the following environment variables:

  • IDASDKDIR set to the IDA Pro v9.0 SDK
  • IDADIR (optional) set to the directory containing the ida executable (e.g., /Applications/IDA Professional v9.0/Contents/macOS for macOS, or $HOME/ida-pro-9.0 for Linux). If not set, the build script will check common locations.

Examples

A minimal project to working with idalib requires the following components:

Cargo.toml:

name = "example-analyser"

# ...

[dependencies]
idalib = "0.1.0"

[build-dependencies]
idalib-build = "0.1.0"

build.rs:

fn main() -> Result<(), Box<dyn std::error::Error>> {
  idalib_build::configure_linkage()?;
  Ok(())
}

src/main.rs:

fn main() -> Result<(), Box<dyn std::error::Error>> {
  let idb = idalib::IDB::open("/path/to/binary")?;

  // ...

  Ok(())
}

More comprehensive examples can be found in idalib/examples. To run them:

Linux/macOS:

export IDASDKDIR=...
export IDADIR=...

cargo run --example=dump_ls

Windows:

$env:PATH="C:\Program Files\IDA Professional 9.0;$env:PATH"
$env:IDADIR="C:\Program Files\IDA Professional 9.0"
$env:IDASDKDIR=...

cargo run --example=dump_ls

Linking

The idalib-build crate provides various build script helpers to simplify linking:

  • idalib_build::configure_idalib_linkage: links against (lib)ida and (lib)idalib in the IDA installation directory.
  • idalib_build::configure_idasdk_linkage: links against the (lib)ida and (lib)idalib stub libraries bundled with the SDK.
  • idalib_build::configure_linkage: links against the (lib)ida and (lib)idalib stub libraries and for Linux/macOS sets the RPATH to refer to the detected (or specified via IDADIR) installation directory.

Extending idalib

To expose unimplemented IDA SDK functionality, modify the idasdk-sys crate, add appropriate high-level wrappers in idalib, and submit a pull request. Ensure that the additions are portable and build with the latest SDK. We won't accept PRs to support older beta releases.

Dependencies

~3–13MB
~174K SLoC