IDA Auto MCP

IDA Auto MCP

A headless IDA Pro MCP server that enables AI agents to automatically open, analyze, and query multiple binary files simultaneously without manual GUI interaction. It provides 36 tools for tasks like decompilation, disassembly, and cross-reference analysis through IDA's idalib library.

Category
Visit Server

README

IDA Auto MCP

English | 中文

English

Headless IDA Pro MCP server that enables AI agents to automatically open, analyze, and query multiple binary files — no manual IDA GUI interaction required.

Why This Project?

Existing IDA MCP solutions (like ida-pro-mcp) require you to:

  1. Manually open IDA Pro GUI
  2. Manually activate the MCP plugin (Ctrl+Alt+M)
  3. Repeat for every binary you want to analyze

This makes multi-file analysis (e.g., a program with multiple DLLs) painful. IDA Auto MCP solves this by using IDA's headless idalib library, letting AI agents autonomously open and analyze any number of binaries.

Key Features

  • Fully Automatic — AI agents call open_binary("path/to/file.dll") to start analysis, no human in the loop
  • Multi-Binary Sessions — Open multiple binaries simultaneously, switch between them freely
  • Headless — Uses idalib (IDA as a library), no GUI needed
  • 36 Analysis Tools — Decompile, disassemble, xrefs, strings, imports, search, rename, and more
  • MCP Standard — Works with Claude Desktop, Claude Code, and any MCP-compatible client
  • Stdio + HTTP — Stdio transport for MCP clients, HTTP for debugging

Prerequisites

  1. IDA Pro 9.0+ (with valid license)
  2. idapro Python package — shipped with IDA Pro:
    pip install "<IDA_INSTALL_DIR>/idalib/python/idapro-9.0-py3-none-win_amd64.whl"
  3. IDADIR — set via environment variable or --ida-dir flag

Installation

git clone https://github.com/mufeng05/ida-auto-mcp.git
cd ida-auto-mcp
pip install -e .

Quick Start

Claude Code (~/.claude.json)

{
  "mcpServers": {
    "ida": {
      "command": "python",
      "args": ["-m", "ida_auto_mcp", "--ida-dir", "C:/Program Files/IDA Pro"],
      "env": {
        "IDADIR": "C:/Program Files/IDA Pro"
      }
    }
  }
}

Claude Desktop (claude_desktop_config.json)

{
  "mcpServers": {
    "ida": {
      "command": "python",
      "args": ["-m", "ida_auto_mcp", "--ida-dir", "C:/Program Files/IDA Pro"],
      "env": {
        "IDADIR": "C:/Program Files/IDA Pro"
      }
    }
  }
}

Command Line

# Start server (stdio mode, default)
python -m ida_auto_mcp

# Pre-load a binary on startup
python -m ida_auto_mcp C:/samples/target.exe

# HTTP mode for debugging
python -m ida_auto_mcp --transport http --port 8765

# Verbose logging
python -m ida_auto_mcp -v

Tools (36 total)

Session Management

Tool Description
open_binary Open a binary for analysis (auto-analysis included)
close_binary Close a session
switch_binary Switch active session
list_sessions List all open sessions
get_current_session Get active session info

Database

Tool Description
get_database_info Binary metadata (filename, arch, imagebase)
wait_analysis Wait for auto-analysis to complete
save_database Save IDA database to disk

Analysis

Tool Description
list_functions List/filter functions with pagination
get_function_info Detailed function info (prototype, size)
decompile_function Hex-Rays decompilation to C pseudocode
disassemble_function Assembly disassembly
get_xrefs_to Cross-references TO an address
get_xrefs_from Cross-references FROM an address

Data

Tool Description
list_strings Strings in the binary
search_strings Regex search in strings
list_imports Imported functions by module
list_exports Exported symbols
list_segments Memory segments/sections

Control Flow

Tool Description
get_callers Find all functions that call a given function
get_callees Find all functions called by a given function
get_callgraph Build call graph with depth control (BFS)
get_basic_blocks Get CFG basic blocks with successor/predecessor info
get_address_info Resolve address to segment/function/symbol context

Types & Structs

Tool Description
list_structs List structs/unions in the database
get_struct_info Get struct details with all member fields
get_stack_frame Get stack frame layout (locals, args)
list_entrypoints List binary entry points
get_globals List global variables

Search & Modify

Tool Description
search_bytes Byte pattern search with wildcards (48 89 5C ?? 57)
rename_address Rename function/address
set_comment Set disassembly comment
set_function_type Set function prototype
patch_bytes Patch bytes at an address (binary patching)
read_bytes Read raw bytes at address
run_script Execute arbitrary IDAPython code

Multi-Binary Workflow Example

User: Analyze main.exe and its plugin.dll

AI: open_binary("C:/samples/main.exe")        → Opens & analyzes main.exe
AI: list_functions(filter_str="*LoadPlugin*")  → Finds LoadPlugin function
AI: decompile_function("LoadPlugin")           → Gets pseudocode
AI: open_binary("C:/samples/plugin.dll")       → Opens plugin.dll (new session)
AI: list_exports()                             → Lists DLL exports
AI: decompile_function("PluginInit")           → Decompiles export
AI: switch_binary("<main.exe session id>")     → Switches back to main.exe
AI: get_xrefs_to("0x401000")                  → Checks cross-references

Architecture

ida_auto_mcp/
├── server.py        # CLI entry point, idapro initialization
├── mcp_server.py    # MCP protocol implementation (stdio + HTTP)
├── _registry.py     # Global McpServer instance + @tool decorator
├── session.py       # Multi-binary session management via idalib
└── tools.py         # 36 IDA analysis tools

License

This project is for personal and educational use. Requires a valid IDA Pro license.

中文

无界面 IDA Pro MCP 服务器,让 AI 智能体自动打开、分析和查询多个二进制文件——无需手动操作 IDA GUI。

为什么做这个项目?

现有的 IDA MCP 方案(如 ida-pro-mcp)需要你:

  1. 手动打开 IDA Pro 界面
  2. 手动启用 MCP 插件(Ctrl+Alt+M)
  3. 每分析一个文件都要重复上述步骤

这对于多文件分析(比如一个包含多个 DLL 的程序)非常不友好。IDA Auto MCP 使用 IDA 的无头分析库 idalib,让 AI 智能体能够自主打开和分析任意数量的二进制文件。

核心特性

  • 全自动 — AI 直接调用 open_binary("path/to/file.dll") 即可开始分析,无需人工干预
  • 多文件会话 — 同时打开多个二进制文件,自由切换
  • 无需 GUI — 使用 idalib(IDA 库模式),不需要打开 IDA 界面
  • 36 个分析工具 — 反编译、反汇编、交叉引用、字符串、导入表、搜索、重命名等
  • MCP 标准协议 — 支持 Claude Desktop、Claude Code 及所有 MCP 兼容客户端
  • 双传输模式 — stdio 模式用于 MCP 客户端,HTTP 模式用于调试

前置要求

  1. IDA Pro 9.0+(需要有效许可证)
  2. idapro Python 包 — IDA Pro 安装目录自带:
    pip install "<IDA安装目录>/idalib/python/idapro-9.0-py3-none-win_amd64.whl"
  3. IDADIR — 通过环境变量或 --ida-dir 参数设置 IDA 安装路径

安装

git clone https://github.com/mufeng05/ida-auto-mcp.git
cd ida-auto-mcp
pip install -e .

快速开始

Claude Code 配置 (~/.claude.json)

{
  "mcpServers": {
    "ida": {
      "command": "python",
      "args": ["-m", "ida_auto_mcp", "--ida-dir", "C:/Program Files/IDA Pro"],
      "env": {
        "IDADIR": "C:/Program Files/IDA Pro"
      }
    }
  }
}

Claude Desktop 配置 (claude_desktop_config.json)

{
  "mcpServers": {
    "ida": {
      "command": "python",
      "args": ["-m", "ida_auto_mcp", "--ida-dir", "C:/Program Files/IDA Pro"],
      "env": {
        "IDADIR": "C:/Program Files/IDA Pro"
      }
    }
  }
}

命令行使用

# 启动服务器(stdio 模式,默认)
python -m ida_auto_mcp

# 启动时预加载一个文件
python -m ida_auto_mcp C:/samples/target.exe

# HTTP 模式(调试用)
python -m ida_auto_mcp --transport http --port 8765

# 详细日志
python -m ida_auto_mcp -v

工具列表(共 36 个)

会话管理

工具 说明
open_binary 打开二进制文件进行分析(含自动分析)
close_binary 关闭分析会话
switch_binary 切换到其他会话
list_sessions 列出所有打开的会话
get_current_session 获取当前活跃会话信息

数据库操作

工具 说明
get_database_info 获取二进制文件元数据(文件名、架构、基址)
wait_analysis 等待自动分析完成
save_database 保存 IDA 数据库到磁盘

分析功能

工具 说明
list_functions 列出/过滤函数(支持分页)
get_function_info 获取函数详细信息(原型、大小)
decompile_function Hex-Rays 反编译为 C 伪代码
disassemble_function 反汇编
get_xrefs_to 获取到某地址的交叉引用
get_xrefs_from 获取从某地址出发的交叉引用

数据查询

工具 说明
list_strings 列出二进制中的字符串
search_strings 正则搜索字符串
list_imports 列出导入函数(按模块)
list_exports 列出导出符号
list_segments 列出内存段/节

控制流分析

工具 说明
get_callers 查找调用指定函数的所有函数
get_callees 查找指定函数调用的所有函数
get_callgraph 构建调用图(BFS,支持深度控制)
get_basic_blocks 获取函数的基本块(CFG)
get_address_info 解析地址所属的段/函数/符号

类型与结构体

工具 说明
list_structs 列出数据库中的结构体/联合体
get_struct_info 获取结构体详细信息(含所有字段)
get_stack_frame 获取函数栈帧布局
list_entrypoints 列出二进制入口点
get_globals 列出全局变量

搜索与修改

工具 说明
search_bytes 字节模式搜索(支持通配符,如 48 89 5C ?? 57
rename_address 重命名函数/地址
set_comment 设置反汇编注释
set_function_type 设置函数原型
patch_bytes 在指定地址写入字节(二进制补丁)
read_bytes 读取指定地址的原始字节
run_script 执行 IDAPython 脚本

多文件分析示例

用户:分析 main.exe 和它的 plugin.dll

AI: open_binary("C:/samples/main.exe")        → 打开并分析 main.exe
AI: list_functions(filter_str="*LoadPlugin*")  → 查找 LoadPlugin 函数
AI: decompile_function("LoadPlugin")           → 反编译
AI: open_binary("C:/samples/plugin.dll")       → 打开 plugin.dll(新会话)
AI: list_exports()                             → 查看 DLL 导出
AI: decompile_function("PluginInit")           → 反编译导出函数
AI: switch_binary("<main.exe 的会话 ID>")      → 切回 main.exe
AI: get_xrefs_to("0x401000")                  → 查看交叉引用

项目结构

ida_auto_mcp/
├── server.py        # 命令行入口,idapro 初始化
├── mcp_server.py    # MCP 协议实现(stdio + HTTP 传输)
├── _registry.py     # 全局 McpServer 实例 + @tool 装饰器
├── session.py       # 多文件会话管理(基于 idalib)
└── tools.py         # 25 个 IDA 分析工具

许可

本项目供个人学习和研究使用,需要有效的 IDA Pro 许可证。

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured