Name		Name	Last commit message	Last commit date
parent directory ..
OPC_after_script.png		OPC_after_script.png
OPC_before_script.png		OPC_before_script.png
README.adoc		README.adoc
opc_da_structs.py		opc_da_structs.py

README.adoc

OPC Data Access IDAPython script

An IDAPython script for IDA Pro that helps reverse engineer binaries that are using the OPC Data Access protocol.

It can be used to analyse such malware families as Havex RAT and Win32/Industroyer.

The script identifies CLSID, IID, and LIBID constants and creates structures and enumerations. Afterwards, these structures can be used to annotate COM method call parameters.

Example:

Before

After

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

industroyer

industroyer

README.adoc

OPC Data Access IDAPython script

Files

industroyer

Directory actions

More options

Directory actions

More options

Latest commit

History

industroyer

Folders and files

parent directory

README.adoc

OPC Data Access IDAPython script