🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
DemoInstallSign in
Socket
DemoInstallSign in

ida-domain

Package Overview
Dependencies
Maintainers
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ida-domain

IDA Domain API

0.0.1.dev20
PyPI
Maintainers
3

IDA Domain API

⚠️ This is a dev pre-release version. APIs may change without notice and pre-release versions may be deleted at any time.

The IDA Domain API provides a Domain Model on top of IDA SDK

Prerequisites

Environment Setup

Set the IDADIR environment variable to point to your IDA installation directory:

export IDADIR="[IDA Installation Directory]"

Example:

export IDADIR="/Applications/IDA Professional 9.1.app/Contents/MacOS/"

Note: If you have already installed and configured the idapro Python package, setting IDADIR is not required.

Documentation

The IDA Domain API documentation is available at: https://hexrayssa.github.io/ida-api-domain/

Usage example:

import argparse
import ida_domain

parser = argparse.ArgumentParser(description="IDA Domain usage example, version {ida_domain.VersionInfo.api_version}")
parser.add_argument("-f", "--input-file", help="Binary input file to be loaded", type=str, required=True)
args = parser.parse_args()

print(f"IDA Domain usage example, version {ida_domain.VersionInfo.api_version}")

ida_options = (ida_domain.IdaCommandBuilder()
                .auto_analysis(True)
                .new_database(True))

db = ida_domain.Database()

if db.open(args.input_file, ida_options):
    print(f"Entry point: {hex(db.entry_point)}")

    print(f"Metadata:")
    for key, value in db.metadata.items():
        print(f" {key}: {value}")

    for f in db.functions.get_all():
        print(f"Function - name {f.name}, start ea {hex(f.start_ea)}, end ea {f.end_ea}")

    for s in db.segments.get_all():
        print(f"Segment - name {s.label}")

    for t in db.types.get_all():
        if t.name is not None:
            print(f"Type - name {t.name}, id {t.get_tid()}")
        else:
            print(f"Type - id {t.get_tid()}")

    for c in db.comments.get_all(False):
        print(f"Comment - value {c}")

    for s1 in db.strings.get_all():
        print(f"String - value {s1}")

    for n in db.names.get_all():
        print(f"Name - value {n}")

    for b in db.basic_blocks.get_between(db.minimum_ea, db.maximum_ea):
        print(f"Basic block - start ea {hex(b.start_ea)}, end ea {hex(b.end_ea)}")

    for inst in db.instructions.get_between(db.minimum_ea, db.maximum_ea):
        ret, dec = db.instructions.get_disassembly(inst)
        if ret:
            print(f"Instruction - ea {hex(inst.ea)}, asm {dec}")

    db.close(False)

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign

Research

Security News

60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign

Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.

By Kirill Boychenko  -  May 23, 2025