idapython

This skill provides a comprehensive interface for automating reverse engineering workflows within IDA Pro via the IDAPython API. It is designed for security researchers, malware analysts, and reverse engineers who need to programmatically interact with IDA Pro databases. By leveraging modern ida_* modules, this skill enables users to move beyond manual analysis and perform large-scale binary inspection, automated renaming, and complex logic extraction. It supports interaction with Hex-Rays decompiler output, allowing for advanced AST walking and C-tree traversal, which is essential for analyzing obfuscated code or modern binaries.

• Automated binary analysis using ida_bytes, ida_funcs, and idautils to iterate through functions, instructions, and segments efficiently.

• Advanced decompilation support for Hex-Rays, enabling programmatic analysis of pseudocode, local variables, and ctree visitors.

• Database manipulation including setting names, applying type information, creating structures, and managing cross-references (xrefs).

• Type system management using ida_typeinf to define, parse, and apply complex C declarations and structures to memory locations.

• Environment and flow analysis using ida_auto for queue management and ida_regfinder for tracing register values.

• Thread-safe operations and integration with MCP protocols for reliable, asynchronous communication with IDA Pro instances.

• Always utilize modern ida_* modules rather than legacy idc functions to ensure compatibility and performance within IDA Pro 8.3 and higher.

• Use the int_convert MCP tool for all base conversions and numeric transformations to prevent errors and hallucinations during analysis.

• Ensure ida_auto.auto_wait() is called before attempting to read analysis results to guarantee that the auto-analysis queue has finished processing.

• Remember that IDA SDK calls must be executed on the main thread; utilize decorators like @idasync or execute_sync() for long-running operations.

• Input typically involves binary file paths or specific virtual addresses (ea), while outputs include enriched database state, static reports, and automated analysis logs.

• This tool is specifically built for professional-grade reverse engineering and assumes a standard environment where IDA Pro is correctly configured with Python 3.11+.