Locatespace is an IDAPython plugin for finding calls to user-defined dangerous functions and highlighting them in Hex-Rays pseudocode.
- Scan for calls to dangerous functions
- Highlight matched pseudocode lines in red
- Jump from the results list to the callsite
- Manage dangerous functions through a GUI rule manager
- Store the dangerous function list inside the current IDB
- IDA Pro with IDAPython
- Hex-Rays decompiler
Copy or symlink locate_danger.py into your IDA plugins directory:
ln -s /path/to/ida_plugin/locate_danger.py /path/to/IDA/plugins/locate_danger.pyFor this machine:
ln -s /home/starlight/CtfTools/ida_plugin/locate_danger.py /home/starlight/CtfTools/IDA9.4/plugins/locate_danger.pyAfter restarting IDA:
- Open a target binary.
- Run
Edit -> Plugins -> Locatespace: Scan dangerous calls. - If no dangerous functions are configured yet, the plugin opens a rule manager window.
- In the rule manager, use insert/edit/delete to manage dangerous functions.
- Run the scan again, or use
Shift-Alt-D.
Each rule has:
- Function name
- Category
- Severity
- Dangerous functions are stored in the current IDB.
- The plugin hotkey is
Shift-Alt-D.