A little plugin for IDA 5. It’s born just for fun while I was studying a malware. The malware I was looking at has some sections, one of them is filled with an executable file (which is runned by the malware itself). Ida has the multi-view option but I always prefer to look at the malware’s files separatly so the idea is to let plugin to extract and analyze the hidden file without having to run the malware.
The plugin extracts the bytes between a selected range of addresses, creates a new file with the selected bytes and then load the file inside a new Ida’s instance. Here is a picture of the plugin dialog:
Pretty easy to use. It’s a really stupid plugin, maybe not so interesting but it lets you avoid some more mouse clicks. If there are other obvious ways for doing such a thing don’t hesitate to tell me. This is the 0.0001 version, as always I’ll fix/improve the plugin as soon as I need to fix/improve something.