DISCOVER THE FUTURE OF AI AGENTSarrow_forward
smart_toyAgent Park
arrow_backBACK TO PROJECTS

Agentic IDA Pro

calendar_todayAdded Apr 22, 2026
categoryAgent & Tooling
codeOpen Source
Python桌面应用大语言模型AI AgentsAgent FrameworkAgent & ToolingModel & Inference FrameworkDeveloper Tools & CodingSecurity & Privacy

An LLM-driven reverse engineering platform for IDA Pro 9.3 that automates struct recovery, attack surface discovery, and general binary analysis through a unified tool-call loop.

Core Positioning#

Agentic IDA Pro is an LLM-driven reverse engineering platform for IDA Pro 9.3 (with Hex-Rays decompiler) that automates binary analysis through a unified ReverseRuntimeCore tool-call loop, addressing the inefficiency and oversight-prone nature of manual repetitive operations in traditional IDA Pro workflows.

Three Analysis Profiles#

  • Struct Recovery (struct_recovery): Automatically creates and verifies struct definitions via decompiled variable access analysis. Only allows modeling through create_structure; after creation, type application and re-decompilation verification are mandatory, forming a strongly constrained loop. Suitable for improving decompilation readability and assisting vulnerability analysis.
  • Attack Surface Discovery (attack_surface): Coarse-grained search of network/file/IPC/driver interfaces → candidate triage → deep call chain analysis → classified risk assessment. Suitable for security audits, vulnerability mining, and threat modeling.
  • General Reverse Engineering (general_reverse): Function overview → attack surface identification → priority sorting → sub-agent batch summarization → comprehensive convergence. Suitable for initial contact with unknown binaries, rapid function localization, and global threat assessment.

Agent Decision Mechanism#

Adopts an LLM-driven single loop: observe → plan → call tools → collect evidence → update tasks/knowledge → re-decide. All three profiles share the same tool-call loop, differing only in system prompts, tool filtering, and finalize tools. A native task board (todo / in_progress / blocked / done) drives the Agent execution flow.

Systems Engineering Capabilities#

  • Sub-Agent System (SubAgentManager): Main Agent can spawn sub-agents in parallel via spawn_subagent (function summaries, attack surface triage, parameter control analysis, etc.), each with independent context and restricted tool sets.
  • Knowledge Manager (KnowledgeManager): Runtime loading of system knowledge skills (struct recovery, function analysis, string decryption).
  • Context Distiller (ContextDistiller): Compresses long conversation history to fit LLM context window limits.
  • Session Observability: SQLite persistence of turn/message/tool/event, with Vue frontend (port 5173) and backend API (port 8765).
  • Evidence-Driven Evaluation: Auto-generates run_trace.md / evidence.md / verdict.md.
  • Directory Batch Analysis: Asynchronous concurrent mode with dynamically allocated ports per worker's independent ida_service.

Architecture#

Layered architecture: reverse_agent.py (unified entry) → reverse_agent_service.py (service management) → ReverseAgentCore (profile dispatcher) → ReverseRuntimeCore (unified runtime with PolicyManager, TaskBoard, KnowledgeManager, SubAgentManager, ContextDistiller, ObservabilityHub, ExpertToolRegistry) → IDAClient (HTTP client) → ida_service.daemon (in-process IDA HTTP service) → IDB / Hex-Rays / IDA APIs.

IDA Service HTTP API endpoints: /execute (run IDAPython scripts), /decompile (decompile functions), /search (search symbols/strings), /xrefs (cross-reference queries), /db/open /db/close /db/backup (database management).

Requirements & Usage#

  • Python 3.10+, IDA Pro 9.3 (with Hex-Rays), OpenAI-compatible API, Node.js 18+ (optional), recommended WSL + Windows dual-end collaboration
  • Strong runtime dependency on OpenAI-compatible API with hardcoded model name validation for gpt-5.2 (Note: this model name is not currently a publicly released OpenAI model, possibly a custom codename, affecting reproducibility)
  • Supports both single-target interactive analysis and directory-level batch concurrent analysis via --input-path

Known Gaps#

  • No LICENSE file in repository; legal risks and usage restrictions unknown
  • 0 Tags, no formal version releases, API stability unguaranteed
  • Only targets IDA Pro 9.3; compatibility with other versions unknown
  • No standalone documentation site; usage docs rely solely on README
  • No associated papers, Hugging Face pages, or public benchmark results found
  • Detailed WSL+Windows dual-end configuration steps for ida_service.daemon not fully documented

Related Projects

View All arrow_forward

Basic Memory

Local-first knowledge management combining Zettelkasten with knowledge graphs, enabling LLM cross-session persistent memory via Model Context Protocol.

PythonKnowledge Base
VIEW DETAILS arrow_forward

vfs (Virtual Function Signatures)

AST-level code signature extractor and MCP Server, reducing AI coding agent token consumption by ~98.6% across 17 languages.

Model Context ProtocolGo
VIEW DETAILS arrow_forward

RexCLI

A local-first AI memory system and orchestration layer for existing coding agents like Codex CLI, Claude Code, and Gemini CLI

Node.jsWorkflow Automation
VIEW DETAILS arrow_forward

STAY UPDATED

Get the latest AI tools and trends delivered straight to your inbox. No spam, just intelligence.

rocket_launch