IDA Portabelization

    Just a small message.

    For a number of personal reasons, I like to carry my toolkit on a flash drive or external hard drive. One tool is IDA 6.8.

    After working with systems, I do not like when there are any tails in the registry or as files. And unfortunately, IDA and its modules (in particular, BinnDiff) are sinful.

    Well, there was a desire to get a fully portable complex.

    Well, to the best of my modest knowledge and understanding of the problem, three solutions were visible:

    1. Wrap everything up in ThinApp or TurboStudio. The result was large, cumbersome, with limited ability to update plug-ins, etc. It did not fit.
    2. Write a resident who tracks changes and rolls them back after completing an IDA session. The result was quite voluminous (several megabytes), or required the presence of libraries in the system to run. When the nature of the "tails" changed, it was necessary to rewrite and compile the code. Not that.
    3. Get by with the built-in Windows tools. About this - more.

    In fact, it is quite possible to eliminate tails as files and residues in the registry in a simple Windows command file, even without Powershell. The code in my case came out like this:

    @ECHO Off
    rem Определяем разрядность системы
    rem По умолчанию IDA запустится с такой же разрядностью
    set xOS=x64& If "%PROCESSOR_ARCHITECTURE%"=="x86" (If Not Defined PROCESSOR_ARCHITEW6432 Set xOS=x86)
    rem Также считываем параметр строки переданный при запуске
    set param=%~1
    rem На всякий случай бекапим файлы с настроек - вдруг у пользователя тоже есть IDA?
    xcopy /E /I /C /Y /Q /H /R "%appdata%\zynamics" ".\Backup\zynamics"
    xcopy /E /I /C /Y /Q /H /R "%appdata%\Hex-Rays" ".\Backup\Hex-Rays"
    xcopy /E /I /C /Y /Q /H /R "%appdata%\IDA Pro" ".\Backup\IDA Pro"
    rem Чистим папки, процедура описана ниже
    call :removedir "%appdata%\zynamics"
    call :removedir "%appdata%\Hex-Rays"
    call :removedir "%appdata%\IDA Pro"
    rem Копируем в профиль пользователя все необходимые файлы настроек 
    xcopy /E /I /C /Y /Q /H /R ".\BinDiff\INI" "%appdata%\"
    xcopy /E /I /C /Y /Q /H /R ".\Hex-Rays" "%appdata%\"
    xcopy /E /I /C /Y /Q /H /R ".\Hex-Rays\IDA Pro" "%appdata%\IDA Pro"
    rem Бекапим ветку реестра IDA
    reg export HKEY_CURRENT_USER\Software\Hex-Rays backup.reg /y
    rem ... и перезаписываем своими параметрами
    reg import settings.reg
    rem Теперь посмотрим, какие параметры переданы в командной строке
    rem Это позволит запустить IDA в другой разрядности, например х32 в Windows x64
    if "%param%"=="32" goto x32
    if "%param%"=="64" goto x64
    if "%param:~1%"=="32" goto x32
    if "%param:~1%"=="64" goto x64
    if "%xOS%"=="x64" goto x64
    if "%xOS%"=="x32" goto x32
    rem Запускаем IDA x32 и висим в виде резидента, ожидая завершения программы
    start /wait idaq.exe
    goto end
    rem Запускаем IDA x64 и висим в виде резидента, ожидая завершения программы
    start /wait idaq64.exe
    goto end
    rem Тут процедура удаления папок
    del /F /Q /S %1 > nul
    rmdir /s /q %1
    exit /b
    rem И завершение работы
    rem Записываем настройки из реестра в файл
    reg export HKEY_CURRENT_USER\Software\Hex-Rays settings.reg /y
    rem ... а из профиля пользователя копируем все файлы
    xcopy /E /I /C /Y /Q /H /R "%appdata%\zynamics\*" ".\BinDiff\INI\zynamics"
    xcopy /E /I /C /Y /Q /H /R "%appdata%\Hex-Rays\*" ".\Hex-Rays"
    xcopy /E /I /C /Y /Q /H /R "%appdata%\IDA Pro" ".\Hex-Rays\IDA Pro" 
    rem Чистим ветку реестра
    reg delete HKEY_CURRENT_USER\Software\Hex-Rays /f
    rem ... и восстанавливаем то, что там было до нас
    reg import backup.reg
    rem Чистим все хвосты
    del /F /Q backup.reg
    call :removedir "%appdata%\zynamics"
    call :removedir "%appdata%\Hex-Rays"
    call :removedir "%appdata%\IDA Pro"
    rem Восстанавливаем папки в профиле пользователя, которые были до запуска
    xcopy /E /I /C /Y /Q /H /R ".\Backup\*" "%appdata%\"
    rem ... и удаляем этот бекап
    call :removedir Backup

    A side effect of such a batch file is the black window that hangs during the IDA. Therefore, I collected it all in Quick Batch Compiler , as a result, the program became completely "invisible."

    Thus, it turned out to portabelize the program using the minimum file size without the need for additional libraries, exclusively with the built-in Windows tools that have been part of the operating system for more than 10 years out of the box. At the same time, the ability to change plug-ins, scripts and settings of the IDA itself is not limited.

    This “project” (very loudly) is on the githab, in the same place - the collected file. Accepted criticism and additions.

    PS: I know that since IDA 7.0, the paths and affected files have changed. But I use 6.8 due to the fact that some plugins are not rewritten under 7.0, and indeed I didn’t like 7.0. Nevertheless, the proposed concept easily adapts to new versions of IDA.

    Also popular now: