Tagada - IDA plugin for Windows RE tasks

An IDA python plugin to help with common Windows oriented reversing tasks.

Usage Link to heading

Tagada provides (un)installation scripts within the /scripts/ folder.

The wanted hot key is Alt+f8.

Features Link to heading

The plugin handles the following:

• Memory pool tags
• IOCTLs
• BugCheck
• NTStatus
• Highlight unsafe functions
• FailFast

Memory pool tags Link to heading

This module will create enums for each configured entry. At this point, only ntoskrnl.exe is configured.

IOCTLS Link to heading

This module will create enums for each configured entry (ntoskrnl.exe included) and try to find isolated IOCTL values within the code sections. It will also decode IOCTLs.

BugChecks Link to heading

This module will create enums for each configured entry. ntoskrnl.exe is configured as for KeBugCheck, PoShutdownBugCheck, …

NTStatus Link to heading

This module will try to enumerate NTSTATUS values within the code sections.

Highlight unsafe functions Link to heading

This module will print sensitive/unsafe functions within the code base. This is not Windows specific (e.g. memcpy, gets, …).

FailFast Link to heading

This module will find and apply enum values to the __failfast/KiRaiseSecurityFailure call sites.

Cons Link to heading

• Arguments propagation

Download Link to heading

Get a copy with additional instructions of asmshell at github.com/valkheim/tagada.