db of function calls with IDA gui integration

[deresz]

some database interface for collected data + UI plugin in IDA - so that right click on a function call in IDA will show the table with links to different captures for that particular call. This would be really cool.

[ostraconify]

Sounds a bit like Malwasm - https://code.google.com/p/malwasm/ - always thought that needed an IDA plugin...

[deresz]

Yeah this would be almost perfect ... Having malwasm write to IDA directly. "Almost" because malwasm has some limitations:

• only x86 support currently
• no interactivity, e.g. you can not run it from the middle of a debugging section (because cuckoo is used) - as the name says it's an "offline debugger"
• no kernel mode support (PIN does not support)
• has a GUI to browse the results, but it is far from what IDA provides

It also has many advantages though

• the usage of PIN which means fast tracing with no "messy" breakpoints plus easy following of dynamically created code
• thanks to coockoo it will follow the code as it travels through the system (e.g. code injections)
• said database - it is already there