Hi everybody.

Just wanna inform you of the release of the AZURE IDA Pro plugin, downloadable (binary for IDA 4.5) from http://polaris.kcmo.net

The AZURE plugin performs PE Scanning directly within IDA pro. It is useful to:

* detect packers (IDA Pro does not do that)
* check IDA pro's scannings
* enhance IDA pro's scannings

Details are available on website and in the readme.txt file.

Byez

Polaris

Sounds really nice, but that URL sadly seems to be dead?

sounds cool polaris

Hmmm... Just checked, everything seems to be ok.

@Delta: Did you get it? I am awaiting your feedback!

@Ben: Hey man, this will be released (hopely) soon even for PVDasm

Yep, got it now, looks nice. I'm really not the best man for the job to evaluate such a software though, since I'm not really much into unpacking.

But let's hear from some people who are, c'mon guys.

Yah. Lets have a plug for the plug-in. Where are all you IDA users?? Give it a shot and report back.

Regards,

@Polaris: That would be lovely

well... it falsely identified arma on dumped dll, neolite2 sections removed.

--> AZURE: Entry point at 10015474
--> AZURE: Signature Microsoft Visual C++ v6.0 DLL found!
--> AZURE: Signature Armadillo v1.xx - v2.xx found!

it is not as accurate and has less signatures than peid, so ... ehm ... whats the use of it ? telling EP is kinda useless too dont you think ? finaly what packer other than arma you may think of disasming before you dump mem ?

is just my opinion

Hmm.... You go straight to the point, eh?

However:



It could be a bug... Please send me the file in mail (if possible).



The idea is to add functionality to IDA... Also consider this is the first version, and stuff will be added to it. Anything you wanna see implemented? Feel free to contact me!



That's the remainder of debug release... Sorry!

Byez!

AZURE now runs even on PVDasm 1.5d... Download will be available soon.

Byez,

Polaris

yeah, looks great,
thanks for your support Polaris

We do appreciate you efforts, even if the early code is not perfect in every way or doesn't have every bell and whistle those who don't code anything for the community might wish for. That's what the development process and field testing is designed to help move forward.

Regards,

why do i need this plugin? petools or peid can show the same info.

Why do we need PEiD when we already have this plugin?
Why do we need your opinion when we already have out own?

Because competition and variety is never bad.

well, plugins can save up time.
insted of openning zillions of tools, you can have them 'collected' in 1 main tool
well, you get the idea.

btw, if you are a Pvdasm user and want to check out the azure plugin for it, you can download it now from either polaris's site or from pvdasm site.

note that azure is for pvdasm 1.5d, which has released by now.

greetz,
Bengaly

AZURE binary for IDA Pro 4.7 is available for download at:

http://polaris.kcmo.net

Byez,

Polaris

this adding functionality idea seems good, but rather then just identify the packer i think you should take it a step further (u should definetly get a teamf or this) and identify some of the critical functions of the packers in addition to identifying it.. i.e. detecting xprotector-> then it signatures someof the functions that may be optional such as "found X amount of potential CRC's" "is using high number of decryptors" etc,this way even if the versions of the packer changes it still may identify some of the critical algo / protection elements allowing one to understand deeper the code and if done with good enough will also help in general debugging/dumping... maybe (: sounds like a lot of work now that i typed it heh.