[31/03/2026]#reverse-engineering#ida#tooling#ai

idaxport

the backstory

every time i asked claude for help it couldn't stop inventing things and asking for more and more context and/or giving vague answers, so i needed to be copypasting. you know the drill, you open ida, you stare at the decompile, claude asks "what does function sub_41A0 do" and you copy paste it in. then claude asks about sub_41A0's callers. then xrefs. then the vtable. then the struct layout. 30 minutes in, you've manually copy-pasted like 12 things and you realize claude is basically blind and you're the usb cable.

at some point claude just started inventing functions. like literally making up what it thinks the code does because it didn't have enough context. that's when i was like: dude, no, there has to be a way to just dump the whole ida database as text and let you read it yourself.

there was. sorta. i found P4nda0s/IDA-NO-MCP, this chinese ida plugin that exports stuff. it was very much vibecoded though. and i mean, like, very. claude was literally listed as a contributor on the repo, and the code had 🎉🎉🎉 emojis sprinkled everywhere. exported like 5 things. plugin-only, so you had to have ida open with the binary loaded every time. no standalone mode, no gui, no batch. but the idea was there and it works, so shoutout P4nda0s for real, i didn't invent any of this from scratch.

so i forked it, turned the plugin into a standalone script you can run headless, bolted on a qt gui, and expanded the exports from "5 things" to 30+ things cuz more info = more better for the ai to chew on.

what it does now

idaxport exports everything ida knows about a binary into plain text / json files that any ai can just read. 30+ export types:

  • decompiled c code, one .c file per function, with callers/callees in the header
  • raw disassembly per function
  • hex-rays microcode (the intermediate ctree)
  • every struct, union, enum, typedef with member offsets
  • inferred function prototypes
  • full xref map, classified (code vs data, read vs write)
  • call graph as json
  • data xref graph (which function touches which global)
  • vtables + rtti, switch tables, stack frames
  • strings, imports, exports, entry points, segments, globals
  • comments, labels, bookmarks, colors (every analyst annotation)
  • objc metadata, debug info, flirt matches, patches, fixups

plus a qt gui with checkboxes so you pick what to export, progress bar, live log, resumable (if ida crashes mid-export you re-run and it picks up where it left off. and yeah it will probably crash, ida isn't that stable (not the plugin's fault tho), even worse if you're on the arm version). headless mode works without qt for running it from ci or over ssh.

how to use it

three ways. pick one.

1. as an ida plugin (easiest)

drop INP.py into your ida plugins folder:

# windows
%APPDATA%\Hex-Rays\IDA Pro\plugins\

# linux / macos
~/.idapro/plugins/

restart ida, open your binary, hit Ctrl-Shift-E. a gui pops up, tick the boxes for what you want, pick an output folder, click start. done.

2. standalone gui (no ida open)

pip install PyQt5
python3 idaxport_gui.py

it runs ida headless in the background. pick a binary, pick an output folder, tick boxes, hit go. use this when you have a bunch of binaries to batch through and don't want 8 ida windows open.

3. headless / batch (for scripts)

idat -A -S"INP.py /path/to/output" /path/to/binary

no gui, dumps everything, you go do other stuff. this is the one you want if you're piping the output to a ci job or a code-review script.

then what

point claude / your ai of choice at the output folder. that's it. 

claude --add-dir /path/to/output
# or just drop the folder in the working dir

now when you ask "what does sub_41A0 do and who calls it," claude just cats the file. no more copy-paste loop. no more inventing functions. it reads the actual decompile plus the actual xrefs plus the actual struct layouts.

the reimplementation work i was doing went from "painful" to "kinda fun" overnight. huge quality of life upgrade ngl.

the vibe re experience

also, once the folder is dumped you don't even need to be at your computer. run claude over the api (or whatever other means, for sure not by the official app tho cuz that's trash) running claude on your cellphone via shady methods anthropic doesn't exactly endorse and point it at the exports, and you can vibe re straight from your phone. on the bus, in bed, waiting for food, pulling up some random compiled binary and asking "bro what does this auth check even do" while you stare out the window.

feels very haxor. very mr robot. very so productive right now.

(until you actually pull the repo down at the end of the day and realize claude has been asking for file contents nonstop, ate all your api usage, and silently produced like 86 .md files named stuff like testing.md, poc.md, poc_live.md, plus a handful of python scripts that only god (and the file creation/edited timestamps, and maybe the git history if he was committing) knows how to run and when he ran them.)

credits

P4nda0s for the original. i just expanded the exports and bolted on a gui that doesn't crash. mit license. fork it, use it, send prs. go use it, it's awesome.

— gabriwar

ESC[A] simple-view