IDA Portabelization

Just a small message.

For a number of personal reasons, I like to carry my toolkit on a flash drive or external hard drive. One tool is IDA 6.8.

After working with systems, I do not like when there are any tails in the registry or in the form of files. And unfortunately, IDA and its modules (in particular, BinnDiff) are sinful.

Well, there was a desire to get a fully portable complex.

Well, to the best of my modest knowledge and understanding of the problem, three solutions were visible:

1. Wrap everything up in ThinApp or TurboStudio. The result was large, cumbersome, with limited ability to update plug-ins, etc. It did not fit.
2. Write a resident who tracks changes and rolls them back after completing an IDA session. The result was quite voluminous (several megabytes), or required the presence of libraries in the system to run. When the nature of the "tails" changed, it was necessary to rewrite and compile the code. Not that.
3. Get by with the built-in Windows tools. About this - more.

In fact, it is quite possible to eliminate tails as files and residues in the registry in a simple Windows command file, even without Powershell. The code in my case came out like this:

@ECHO Off rem Определяем разрядность системы rem По умолчанию IDA запустится с такой же разрядностью set xOS=x64& If "%PROCESSOR_ARCHITECTURE%"=="x86" (If Not Defined PROCESSOR_ARCHITEW6432 Set xOS=x86) rem Также считываем параметр строки переданный при запуске set param=%~1 rem На всякий случай бекапим файлы с настроек - вдруг у пользователя тоже есть IDA? xcopy /E /I /C /Y /Q /H /R "%appdata%\zynamics" ".\Backup\zynamics" xcopy /E /I /C /Y /Q /H /R "%appdata%\Hex-Rays" ".\Backup\Hex-Rays" xcopy /E /I /C /Y /Q /H /R "%appdata%\IDA Pro" ".\Backup\IDA Pro" rem Чистим папки, процедура описана ниже call :removedir "%appdata%\zynamics" call :removedir "%appdata%\Hex-Rays" call :removedir "%appdata%\IDA Pro" rem Копируем в профиль пользователя все необходимые файлы настроек xcopy /E /I /C /Y /Q /H /R ".\BinDiff\INI" "%appdata%\" xcopy /E /I /C /Y /Q /H /R ".\Hex-Rays" "%appdata%\" xcopy /E /I /C /Y /Q /H /R ".\Hex-Rays\IDA Pro" "%appdata%\IDA Pro" rem Бекапим ветку реестра IDA reg export HKEY_CURRENT_USER\Software\Hex-Rays backup.reg /y rem ... и перезаписываем своими параметрами reg import settings.reg rem Теперь посмотрим, какие параметры переданы в командной строке rem Это позволит запустить IDA в другой разрядности, например х32 в Windows x64 if "%param%"=="32" goto x32 if "%param%"=="64" goto x64 if "%param:~1%"=="32" goto x32 if "%param:~1%"=="64" goto x64 if "%xOS%"=="x64" goto x64 if "%xOS%"=="x32" goto x32 rem Запускаем IDA x32 и висим в виде резидента, ожидая завершения программы :x32 start /wait idaq.exe goto end rem Запускаем IDA x64 и висим в виде резидента, ожидая завершения программы :x64 start /wait idaq64.exe goto end rem Тут процедура удаления папок :removedir del /F /Q /S %1 > nul rmdir /s /q %1 exit /b rem И завершение работы :end rem Записываем настройки из реестра в файл reg export HKEY_CURRENT_USER\Software\Hex-Rays settings.reg /y rem ... а из профиля пользователя копируем все файлы xcopy /E /I /C /Y /Q /H /R "%appdata%\zynamics\*" ".\BinDiff\INI\zynamics" xcopy /E /I /C /Y /Q /H /R "%appdata%\Hex-Rays\*" ".\Hex-Rays" xcopy /E /I /C /Y /Q /H /R "%appdata%\IDA Pro" ".\Hex-Rays\IDA Pro" rem Чистим ветку реестра reg delete HKEY_CURRENT_USER\Software\Hex-Rays /f rem ... и восстанавливаем то, что там было до нас reg import backup.reg rem Чистим все хвосты del /F /Q backup.reg call :removedir "%appdata%\zynamics" call :removedir "%appdata%\Hex-Rays" call :removedir "%appdata%\IDA Pro" rem Восстанавливаем папки в профиле пользователя, которые были до запуска xcopy /E /I /C /Y /Q /H /R ".\Backup\*" "%appdata%\" rem ... и удаляем этот бекап call :removedir Backup 

A side effect of such a batch file is the black window that hangs during the IDA. Therefore, I collected it all in Quick Batch Compiler , as a result, the program became completely "invisible."

Thus, it turned out to portabelize the program using the minimum file size without the need for additional libraries, exclusively with the built-in Windows tools that have been part of the operating system for more than 10 years out of the box. At the same time, the ability to change plug-ins, scripts and settings of the IDA itself is not limited.

This “project” (very loudly) is on the githab, in the same place - the collected file. Accepted criticism and additions.

PS: I know that since IDA 7.0, the paths and affected files have changed. But I use 6.8 due to the fact that some plugins are not rewritten under 7.0, and indeed I didn’t like 7.0. Nevertheless, the proposed concept easily adapts to new versions of IDA.