Support installing diaphora as an IDA plugin

[Ana06]

Summary

At the moment, diaphora is run as an IDA script. But I think it would be nice if it would be possible to install it as a plugin instead.

diaphora in FLARE-VM

At the moment, diaphora is installed as part of FLARE-VM by downloading it to the Utilities folder, but we got the feedback that it is not being noticed and I would like to install it as a plugin so that after you install IDA Pro in FLARE-VM, you automatically have it available in the plugins menu: https://github.com/mandiant/VM-Packages/issues/994. This would make it easier for users to find it and use it. We are doing this with several other plugins already:

Implementation

If diaphora would be turned into a Python module (which would involved prepending diaphora. to most of the imports), the IDA plugin code should be something like this:

import idaapi
import diaphora

class DiaphoraPlugin(idaapi.plugin_t):
    wanted_name = "Diaphora"
    version = "3.2.0"
    wanted_hotkey = ""
    comment = "Diaphora by joxeankoret"
    website = "https://github.com/joxeankoret/diaphora"
    help = "Very useful help message"
    flags = 0

    def init(self):
        return idaapi.PLUGIN_KEEP

    def term(self):
        pass

    def run(self, arg):
        """
        called when IDA is running the plugin as a script
        """
        # Run diaphora
        return True

def PLUGIN_ENTRY():
    return DiaphoraPlugin()

I think the modification in the code is a bit tedious but not difficult. diaphora_help.pdf mentions maintaince problems as the reason to not support installing diaphora as a plugin. I am not sure if this is because of a bug that may have been already fixed, as for example the code of the capa_explorer plugin is simple (similar to the template above) and I do not think there has been any issue since it was introduced 4 years ago. But I would very interested in knowing more details about possible issues.

Please let me know what you think and how I can help in case you are interested in supporting installing diaphora as a plugin. :smile:

[emtuls]

+1 I also agree, I think this would be a great improvement!

[joxeankoret]

Hi @Ana06!

Back in the day, in the days of IDA 6.X and the beginning of 7.X, there were various problems running long loops from a plugin instead of from a script like, for example, the "Running command" dialog would not be shown and it wasn't possible to cancel the export or diffing processes; the auto-update dialog was not being shown or replaced or hidden correctly due to IDA bugs in this or that version when running from a plugin instead of from a script. And, well, I simply never thought about implementing it again since I don't even remember how many years.

Let me take a look because I'm 99% sure these problems don't apply anymore and It Should Be Easy (TM) to add support for running it as a plugin.

[joxeankoret]

I have added a very simplistic (for now) IDA plugin for Diaphora. Please take a look to this:

https://github.com/joxeankoret/diaphora/tree/master/plugin

[Ana06]

:tada:

Using an absolute path in the cfg file, it works as expected! :+1: Thanks @joxeankoret

Minor improvement suggestion: Changing the name from Diaphora: Run Diaphora to just Diaphora.

@joxeankoret are you planing to create a new GH release that include the plugin? We are currently using the GH release in FLARE-VM and our bot tries to update to the latest version everytime you release (if the file names that are copied don't change the update should work). :smiley:

[joxeankoret]

Hey!

Minor improvement suggestion: Changing the name from Diaphora: Run Diaphora to just Diaphora.

Sure, no problem.

Regarding a release, yes, I will do at some point this week together with another small enhancement. I wish I could have more time, alas, it's a single person project.

[Ana06]

Looking forward to the release! Thanks for the work @joxeankoret! :cupid:

[joxeankoret]

And done! Sorry for taking so long.