rev-idapython
rev-idapython - IDAPython / IDALib Script Reference
IDAPython script snippets for IDA interactive use and IDALib headless analysis. Use as reference when generating IDAPython code.
- IDAPython: scripts run inside IDA GUI (Script Command, plugin, or IDC console)
- IDALib: headless mode introduced in IDA 9.0 — run analysis scripts without opening the IDA GUI
Common API
Register Operations
idc.get_reg_value('rax')
idaapi.set_reg_val("rax", 1234)
Debug Memory Operations
More from p4nda0s/reverse-skills
rev-frida
Generate Frida hook scripts using modern Frida API. Activate when the user wants to write Frida scripts, hook functions at runtime, trace calls or arguments or return values, intercept native or ObjC or Java methods, dump memory or exports, or handle native module load timing for Android and other targets.
485rev-struct
Reconstruct data structures by analyzing memory access patterns across functions
441rev-symbol
Restore function symbols by analyzing code patterns, strings, constants, and cross-references
435rev-dex-dumper
Dump DEX files from a running Android app for unpacking/deobfuscation. Activate when the user wants to unpack an Android APK, dump DEX from memory, extract decrypted DEX files, or defeat class-loading packing.
415rev-unicorn-debug
Debug and emulate specific code fragments or functions using the Unicorn engine. Activate when the user wants to emulate a function with Unicorn, trace binary execution without running the full program, decrypt or decode data by emulating the algorithm, or bypass environment dependencies (JNI, syscalls, libc) during emulation.
415rev-u3d-dump
Dump Unity IL2CPP symbols from iOS/Android builds. Extract method names, addresses, and type info from IL2CPP binaries and global-metadata.dat, then generate IDA/Ghidra import scripts.
380