Boring rainy day, I decided to fill some spare time writing my first IDA plugin. I have never tried before but I have to admit it’s a powerful tool after all.
The idea of the plugin comes from a malware I was analysing in these days, it’s packed… As the name suggests the plugin reveals imports of a dumped process. It will come in handy when you need to analyze a dump without rebuilding the file using an external tool.
The plugin could be bugged, it seems to work fine with simple packers but I didn’t test it too much. I don’t want to test the plugin for days (I don’t have to sell it :p), I’ll just use the plugin and when a bug will come out I’ll try to fix it.
Usage: put the plugin inside IDA plugin directory and to run the plugin hit ALT+Z.
Here is a screeshot. As you can see the plugin creates a new window filled with revealed imports.
You are welcome to send me a note about one or more bug.
Download the plugin from here