Skills
skills/taardisaa/ida-script-helper/write-ida-script

write-ida-script

SKILL.md

Write IDA Script

Write an IDAPython script by first consulting the ida-api-mcp MCP tools to retrieve verified API call sequences, then composing the script from those patterns.

Process

Follow these steps in order:

1. Decompose the request

Break the user's request into discrete sub-tasks. For example, "list all functions and their cross-references" becomes:

  • Sub-task A: enumerate all functions
  • Sub-task B: get cross-references for each function

2. Retrieve workflows

For each sub-task, call get_workflows with a natural-language description:

get_workflows("enumerate all functions in the database")
get_workflows("get cross references to a function")

3. Look up unfamiliar APIs

For any API function in the workflow results that you're not confident about, call get_api_doc:

get_api_doc("xrefblk_t")
get_api_doc("get_func_name")

4. Find companion APIs if needed

If a workflow seems incomplete (e.g., you have iteration but no formatting), call list_related_apis:

list_related_apis("get_func")

5. Write the script

Compose the script following these conventions:

  • Explicit imports: import ida_funcs, not from ida_funcs import *
  • main() wrapper: All logic inside def main(): with if __name__ == "__main__": main()
  • None checks: Always check return values — get_func(), decompile(), etc. can return None
  • print() for output: Use print() in IDAPython, not ida_kernwin.msg()
  • Module-qualified calls: ida_funcs.get_func(ea), not bare get_func(ea)

Canonical style example:

"""
Short summary of what the script does.

Longer description of the workflow: what it takes as input,
what it produces, and any prerequisites.

Usage: Run in IDA Pro via File -> Script file...
"""

import ida_funcs
import ida_hexrays
import ida_kernwin


def main():
    ea = ida_kernwin.ask_addr(0, "Enter function address:")
    if ea is None:
        return

    pfn = ida_funcs.get_func(ea)
    if pfn is None:
        print("No function found at 0x%X" % ea)
        return

    print("Function: 0x%X - 0x%X" % (pfn.start_ea, pfn.end_ea))

    cf = ida_hexrays.decompile(pfn.start_ea)
    if cf is None:
        print("Decompilation failed at 0x%X" % pfn.start_ea)
        return

    print(str(cf))


if __name__ == "__main__":
    main()

6. Explain the script

After writing the script, briefly explain:

  • Which workflows/API patterns were used
  • What each major section does
  • Any limitations or assumptions

Example

User: "write an IDAPython script that lists all functions with their sizes"

  1. Sub-tasks: enumerate functions, compute size, format output
  2. get_workflows("enumerate all functions") → reveals idautils.Functions() + ida_funcs.get_func()
  3. get_api_doc("get_func") → confirms func_t has .start_ea and .end_ea
  4. Write script using idautils.Functions() iterator, ida_funcs.get_func() for each, size = end_ea - start_ea
Weekly Installs
3
Repository
taardisaa/ida-s…t-helper
GitHub Stars
1
First Seen
11 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
trae3
gemini-cli3
antigravity3
claude-code3
github-copilot3
codex3