Automation

An IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks

Installation

Copy DriverBuddyReloaded folder and DriverBuddyReloaded.py file into the IDA plugins folder (
e.g. C:Program Files (x86)IDA 7plugins) or wherever you have installed IDA.

Usage

To use the auto-analysis feature:

  1. Start IDA and load a Windows kernel driver.
  2. Go to Edit -> Plugins -> Driver Buddy Reloaded or press CTRL+ALT+A to start the auto-analysis.
  3. Check the “Output” window for the analysis results.

To decode an IOCTLs:

  1. Place the mouse cursor on the line containing a suspected IOCTL code.
  2. Right-click and select Driver Buddy Reloaded -> Decode IOCTL; alternatively press CTRL+ALT+D.

About Driver Buddy Reloaded

Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse
engineering tasks. It has a number of

 

 

 

To finish reading, please visit source site