Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

IDA Pro Multi

БесплатноНе проверен

Extends IDA Pro with multi-instance support and vulnerability scanning for AI-assisted reverse engineering.

GitHubEmbed

Описание

Extends IDA Pro with multi-instance support and vulnerability scanning for AI-assisted reverse engineering.

README

English | 中文

📌 Based on: This project is developed based on mrexodia/ida-pro-mcp, extending it with multi-instance support and vulnerability scanning capabilities.

A powerful MCP Server for AI-assisted reverse engineering in IDA Pro, with support for analyzing multiple binaries simultaneously.

Why This Project?

The original ida-pro-mcp is an excellent tool for AI-assisted reverse engineering, but we encountered limitations in real-world scenarios:

Problem 1: Single Instance Limitation

When reverse engineering complex software, you often need to analyze multiple related binaries:

  • A main executable (main.exe)
  • Multiple DLLs/shared libraries (helper.dll, crypto.dll, etc.)
  • Third-party libraries

The original project only supports one IDA instance at a time, making cross-binary analysis tedious and inefficient.

Problem 2: No Built-in Vulnerability Detection

Security researchers need to quickly identify potentially dangerous code patterns. Manually searching for vulnerable function calls is time-consuming.

New Features

🔗 Multi-Instance Support

Analyze multiple binaries simultaneously with a Gateway architecture:

AI Client ──MCP──> Gateway (port 13337) ──> IDA Instance 1 (main.exe, port 13338)
                                        ──> IDA Instance 2 (helper.dll, port 13339)
                                        ──> IDA Instance 3 (crypto.dll, port 13340)

How It Works:

  1. The first IDA instance automatically starts a Gateway Server (port 13337)
  2. Each subsequent IDA instance registers with the Gateway and gets a unique port
  3. AI clients connect to the Gateway, which routes requests to the appropriate instance

Instance Management Tools:

Tool Description
list_instances() List all registered IDA instances
switch_instance(target) Switch the default target instance (by ID or binary name)
get_current_instance() Get info about the current default instance
check_instance_health(target) Check if an instance is responding
open_library(name) Auto-search and open a library file in a new IDA instance

Auto-Open Library:

When analyzing a program that uses external libraries, you can ask AI to open them automatically:

  • Searches the current directory and subdirectories for the library file
  • Auto-detects architecture (x86/x64/ARM)
  • Opens in IDA Pro with automatic analysis (no dialogs)
  • MCP plugin starts automatically after loading

Targeting Specific Instances:

Most tools accept an optional target parameter:

{
  "method": "decompile",
  "params": {
    "addr": "0x401000",
    "target": "helper.dll"
  }
}

Legacy Mode:

To disable multi-instance support:

IDA_MCP_LEGACY=1

🔍 Vulnerability Scanning

Comprehensive vulnerability scanning to identify potentially dangerous function calls with advanced detection:

Tools:

Tool Description
vuln_scan(output_dir, categories, min_risk) Scan binary for vulnerabilities, returns summary
vuln_scan_details(category, limit, offset, risk_level) Get detailed findings for a specific category
vuln_scan_function(addr) Scan a specific function for vulnerability patterns
vuln_categories() List all vulnerability categories and associated functions

Supported Vulnerability Categories (11 categories, 150+ dangerous functions):

Category Dangerous Functions Description
Format String printf, sprintf, scanf, snprintf, syslog, etc. Non-constant format strings, %s without width limit
Buffer Overflow strcpy, memcpy, gets, recv, fread, etc. Unbounded copies, controllable sizes, %s in scanf
Command Injection system, popen, exec*, CreateProcess, ShellExecute, etc. Non-constant commands
Integer Overflow malloc, calloc, realloc, alloca, VirtualAlloc, etc. Potentially overflowing sizes
Use After Free free, delete, HeapFree, VirtualFree, etc. Potential UAF/double-free
Path Traversal fopen, open, CreateFile, CopyFile, etc. Controllable paths
SQL Injection sqlite3_exec, mysql_query, PQexec, etc. Non-constant SQL queries
Unchecked Return malloc, setuid, setgid, chdir, etc. Missing return value checks
Race Condition access, stat, lstat, etc. TOCTOU vulnerabilities
Information Leak write, send, sendto, fwrite, etc. Potentially leaking data
Signed Comparison strncmp, memcmp, memchr, etc. Size parameters with signed comparison

Detection Features:

  • Format String Analysis: Checks for non-constant format strings AND dangerous %s specifiers without width limits
  • strlen Check: Detects if strlen() was called before unbounded copy operations
  • Return Value Check: Verifies if return values from malloc/setuid/etc. are properly validated
  • MSVC Secure Functions: Handles _s suffix variants (strcpy_s, sprintf_s, etc.)
  • glibc Fortified Functions: Handles _chk suffix variants (__printf_chk, __memcpy_chk, etc.)
  • Risk Assessment: High/Medium/Low/Info based on parameter controllability

Workflow:

  1. Ask AI to "scan for vulnerabilities"
  2. AI calls vuln_scan() to get a summary by category and risk level
  3. Review the summary and select categories for deep analysis
  4. AI uses vuln_scan_details(category) and decompile() to analyze specific findings

Note: Detailed results are saved to .ida-mcp-vuln/ folder to minimize token usage.

Prerequisites

  • IDA Pro (8.3 or higher, 9 recommended)
  • Any MCP-compatible client (Claude, Cursor, VS Code, Roo Code, etc.)

Installation

For Users Who Have Installed the Original ida-pro-mcp

If you have previously installed the original ida-pro-mcp, you need to uninstall it first and then force reinstall:

# Uninstall old versions
"D:\your\path\to\ida\python311\python.exe" -m pip uninstall -y ida-pro-mcp ida-pro-mcp-multi

# Force reinstall the new version
"D:\your\path\to\ida\python311\python.exe" -m pip install --no-cache-dir --force-reinstall --upgrade git+https://github.com/QYmag1c/ida-pro-mcp-multi

# Reinstall IDA plugin and configure MCP clients
"D:\your\path\to\ida\python311\Scripts\ida-pro-mcp.exe" --install

# View MCP configuration
"D:\your\path\to\ida\python311\Scripts\ida-pro-mcp.exe" --config

Then restart IDA Pro and your MCP client.


Fresh Installation

Step 1: Install MCP Package

Open a terminal in IDA's Python directory and run:

# Navigate to IDA's Python directory
cd "D:\your\path\to\ida\python311"

# Install the MCP package
python.exe -m pip install --upgrade git+https://github.com/QYmag1c/ida-pro-mcp-multi

Step 2: Install IDA Plugin and Configure MCP Clients

# Install IDA plugin and configure MCP clients
"D:\your\path\to\ida\python311\Scripts\ida-pro-mcp.exe" --install

# View MCP configuration for manual setup
"D:\your\path\to\ida\python311\Scripts\ida-pro-mcp.exe" --config

Note: Replace D:\your\path\to\ida with your actual IDA Pro installation path.

Step 3: Restart

Important: Restart IDA Pro and your MCP client completely for the installation to take effect.

Verify Installation

  1. Open IDA Pro and load a binary
  2. Go to Edit → Plugins → MCP (or press Ctrl+Alt+M)
  3. You should see [MCP] Server started in the output window

Architecture

src/ida_pro_mcp/
├── server.py              # MCP server + instance management tools
├── gateway.py             # Gateway Server for multi-instance routing
├── ida_mcp.py             # IDA plugin loader (registers with Gateway)
└── ida_mcp/
    ├── api_core.py        # Core functions (decompile, disasm, etc.)
    ├── api_analysis.py    # Analysis operations
    ├── api_vuln.py        # Vulnerability scanning (NEW)
    ├── api_memory.py      # Memory operations
    ├── api_types.py       # Type operations
    ├── api_modify.py      # Modification operations
    ├── api_stack.py       # Stack frame operations
    ├── api_debug.py       # Debugger operations
    └── ...

All Available Tools

This project includes all tools from the original project, plus the new multi-instance and vulnerability scanning features.

Instance Management (NEW)

  • list_instances(), switch_instance(), get_current_instance(), check_instance_health()

Vulnerability Scanning (NEW)

  • vuln_scan(), vuln_scan_details(), vuln_scan_function(), vuln_categories()

Core Functions

  • lookup_funcs(), int_convert(), list_funcs(), list_globals(), imports(), decompile(), disasm(), xrefs_to(), callees()

Modification Operations

  • set_comments(), patch_asm(), declare_type(), rename()

Memory Operations

  • get_bytes(), get_int(), get_string(), get_global_value(), patch(), put_int()

Analysis Operations

  • py_eval(), analyze_funcs(), find_regex(), find_bytes(), find_insns(), find(), basic_blocks(), callgraph()

Type Operations

  • set_type(), infer_types(), read_struct(), search_structs()

Stack Operations

  • stack_frame(), declare_stack(), delete_stack()

Debugger Operations (requires --unsafe flag)

  • dbg_start(), dbg_exit(), dbg_continue(), dbg_step_into(), dbg_step_over(), etc.

Acknowledgments

License

MIT License - See LICENSE for details.

from github.com/QYmag1c/ida-pro-mcp-multi

Установка IDA Pro Multi

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/QYmag1c/ida-pro-mcp-multi

FAQ

IDA Pro Multi MCP бесплатный?

Да, IDA Pro Multi MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для IDA Pro Multi?

Нет, IDA Pro Multi работает без API-ключей и переменных окружения.

IDA Pro Multi — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить IDA Pro Multi в Claude Desktop, Claude Code или Cursor?

Открой IDA Pro Multi на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare IDA Pro Multi with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai