IDAscope is an IDA Pro extension with the goal to ease the task of (malware) reverse engineering with a current focus on x86 Windows.
It consists of multiple tabs, containing functionality to achieve different goals such as fast identification of semantically interesting locations in the analysis target, seamless access to MSDN documentation of Windows API, and finding of potential crypto/compression algorithms.

Go to https://github.com/danielplohmann/idascope and download a release package or check out the repository for the latest version of IDAscope.

Basic installation is easy: unzipping the package in a location where it can be reached from IDA Pro should suffice.
To use the extension, simply run IDAscope.py from the root directory via IDA Pro's "File / Script File".

To make the MSDN database to the WinAPI browser available, follow the steps described in IDAscope/documentation/manual.html.

IDAscope has functionality (annotation, coloring, code conversion, ...) that can alter your IDB. While it should normally not happen, we cannot guarantee that it will not break the IDB of your analysis target. Therefore, we recommend making backups before using it.
By using this tool, we assume that you know what you are doing and you accept that you are using it on your own risk. As stated in the license, we will not take liability for any damage caused by this tool.

The idea for the plugin was born at RECON 2012 out of some prototype scripts created by Daniel and Alex.
Some more history is preserved in the blogs of Daniel and Alex.

Authors and contributors of IDAscope are Daniel Plohmann, Alexander Hanel, Luca Corbatto, Jean-Michel Picod, Branko Spasojevic, Sascha Rommelfangen

• 2022-08-02 -- v1.3.1: THX to Denis Barkar for fixing a width issue with window sizing!
• 2020-08-10 -- v1.3: Move to Github, Adaptions for IDA 7.0+ and Python3 - Eternal THX to Luca Corbatto for making the modernization happen!
• 2018-08-13 -- v1.2.1: Minor fixes on YaraScanner and CryptoIdentifier - thanks to Jean-Michel Picod
• 2016-01-08 -- v1.2.1: Support up to IDA 6.9 with PyQt5.
• 2014-02-07 -- v1.2: Added SemanticExplorer to IDAscope.
• 2014-02-07 -- v1.1: Added YARA Scanning to IDAscope.
• 2012-12-13 -- IDAscope wins the 2012 IDA Plugin contest!
• 2012-09-18 -- v1.0a: The original release!