a IDA python plugin to search different types of data in IDA databases, supports searching for different types of data such as bytes, comments, codes, etc., supports yara rule detection, and can copy and export search results.
Copy SearchTool.py to IDA plugins directory.
- IDA version >= 7.5(Only fully tested in IDA Pro 7.7)
- Python version >= 3.8
- PyQt5 module needs to be installed in Python
- (Optional) Install the fuzzywuzzy module to enable the fuzzy search function
- (Optional) Install the yara-python module to enable the yara rule detection function
Use the hotkey Shift+F to open the plugin window, or open it from the Search/Search Tool option in the toolbar.
Searching string literals
Search for a specific sequence of bytes
This model uses the ida_bytes.bin_search() interface, the following is the reference format
# Intercepted from ida_bytes.py parse_binpat_str() Commented Document
'''
CD 21 - bytes 0xCD, 0x21
21CD - bytes 0xCD, 0x21 (little endian ) or 0x21, 0xCD (big-endian)
"Hello", 0 - the null terminated string "Hello"
L"Hello" - 'H', 0, 'e', 0, 'l', 0, 'l', 0, 'o', 0
B8 ? ? ? ? 90 - byte 0xB8, 4 bytes with any value, byte 0x90
'''
When searching for code, an independent instruction filling interface will be opened. You can fill in instructions normally or leave blanks in certain operand positions.
