Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@IDA Auto MCPopen malware.exe and decompile the main function"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
IDA Auto MCP
English
Headless IDA Pro MCP server that enables AI agents to automatically open, analyze, and query multiple binary files — no manual IDA GUI interaction required.
Why This Project?
Existing IDA MCP solutions (like ida-pro-mcp) require you to:
Manually open IDA Pro GUI
Manually activate the MCP plugin (Ctrl+Alt+M)
Repeat for every binary you want to analyze
This makes multi-file analysis (e.g., a program with multiple DLLs) painful. IDA Auto MCP solves this by using IDA's headless idalib library, letting AI agents autonomously open and analyze any number of binaries.
Key Features
Fully Automatic — AI agents call
open_binary("path/to/file.dll")to start analysis, no human in the loopMulti-Binary Sessions — Open multiple binaries simultaneously, switch between them freely
Headless — Uses
idalib(IDA as a library), no GUI needed36 Analysis Tools — Decompile, disassemble, xrefs, strings, imports, search, rename, and more
MCP Standard — Works with Claude Desktop, Claude Code, and any MCP-compatible client
Stdio + HTTP — Stdio transport for MCP clients, HTTP for debugging
Prerequisites
IDA Pro 9.0+ (with valid license)
idapro Python package — shipped with IDA Pro:
pip install "<IDA_INSTALL_DIR>/idalib/python/idapro-9.0-py3-none-win_amd64.whl"IDADIR — set via environment variable or
--ida-dirflag
Installation
git clone https://github.com/mufeng05/ida-auto-mcp.git
cd ida-auto-mcp
pip install -e .Quick Start
Claude Code (~/.claude.json)
{
"mcpServers": {
"ida": {
"command": "python",
"args": ["-m", "ida_auto_mcp", "--ida-dir", "C:/Program Files/IDA Pro"],
"env": {
"IDADIR": "C:/Program Files/IDA Pro"
}
}
}
}Claude Desktop (claude_desktop_config.json)
{
"mcpServers": {
"ida": {
"command": "python",
"args": ["-m", "ida_auto_mcp", "--ida-dir", "C:/Program Files/IDA Pro"],
"env": {
"IDADIR": "C:/Program Files/IDA Pro"
}
}
}
}Command Line
# Start server (stdio mode, default)
python -m ida_auto_mcp
# Pre-load a binary on startup
python -m ida_auto_mcp C:/samples/target.exe
# HTTP mode for debugging
python -m ida_auto_mcp --transport http --port 8765
# Verbose logging
python -m ida_auto_mcp -vTools (36 total)
Session Management
Tool | Description |
| Open a binary for analysis (auto-analysis included) |
| Close a session |
| Switch active session |
| List all open sessions |
| Get active session info |
Database
Tool | Description |
| Binary metadata (filename, arch, imagebase) |
| Wait for auto-analysis to complete |
| Save IDA database to disk |
Analysis
Tool | Description |
| List/filter functions with pagination |
| Detailed function info (prototype, size) |
| Hex-Rays decompilation to C pseudocode |
| Assembly disassembly |
| Cross-references TO an address |
| Cross-references FROM an address |
Data
Tool | Description |
| Strings in the binary |
| Regex search in strings |
| Imported functions by module |
| Exported symbols |
| Memory segments/sections |
Control Flow
Tool | Description |
| Find all functions that call a given function |
| Find all functions called by a given function |
| Build call graph with depth control (BFS) |
| Get CFG basic blocks with successor/predecessor info |
| Resolve address to segment/function/symbol context |
Types & Structs
Tool | Description |
| List structs/unions in the database |
| Get struct details with all member fields |
| Get stack frame layout (locals, args) |
| List binary entry points |
| List global variables |
Search & Modify
Tool | Description |
| Byte pattern search with wildcards ( |
| Rename function/address |
| Set disassembly comment |
| Set function prototype |
| Patch bytes at an address (binary patching) |
| Read raw bytes at address |
| Execute arbitrary IDAPython code |
Multi-Binary Workflow Example
User: Analyze main.exe and its plugin.dll
AI: open_binary("C:/samples/main.exe") → Opens & analyzes main.exe
AI: list_functions(filter_str="*LoadPlugin*") → Finds LoadPlugin function
AI: decompile_function("LoadPlugin") → Gets pseudocode
AI: open_binary("C:/samples/plugin.dll") → Opens plugin.dll (new session)
AI: list_exports() → Lists DLL exports
AI: decompile_function("PluginInit") → Decompiles export
AI: switch_binary("<main.exe session id>") → Switches back to main.exe
AI: get_xrefs_to("0x401000") → Checks cross-referencesArchitecture
ida_auto_mcp/
├── server.py # CLI entry point, idapro initialization
├── mcp_server.py # MCP protocol implementation (stdio + HTTP)
├── _registry.py # Global McpServer instance + @tool decorator
├── session.py # Multi-binary session management via idalib
└── tools.py # 36 IDA analysis toolsLicense
This project is for personal and educational use. Requires a valid IDA Pro license.
中文
无界面 IDA Pro MCP 服务器,让 AI 智能体自动打开、分析和查询多个二进制文件——无需手动操作 IDA GUI。
为什么做这个项目?
现有的 IDA MCP 方案(如 ida-pro-mcp)需要你:
手动打开 IDA Pro 界面
手动启用 MCP 插件(Ctrl+Alt+M)
每分析一个文件都要重复上述步骤
这对于多文件分析(比如一个包含多个 DLL 的程序)非常不友好。IDA Auto MCP 使用 IDA 的无头分析库 idalib,让 AI 智能体能够自主打开和分析任意数量的二进制文件。
核心特性
全自动 — AI 直接调用
open_binary("path/to/file.dll")即可开始分析,无需人工干预多文件会话 — 同时打开多个二进制文件,自由切换
无需 GUI — 使用
idalib(IDA 库模式),不需要打开 IDA 界面36 个分析工具 — 反编译、反汇编、交叉引用、字符串、导入表、搜索、重命名等
MCP 标准协议 — 支持 Claude Desktop、Claude Code 及所有 MCP 兼容客户端
双传输模式 — stdio 模式用于 MCP 客户端,HTTP 模式用于调试
前置要求
IDA Pro 9.0+(需要有效许可证)
idapro Python 包 — IDA Pro 安装目录自带:
pip install "<IDA安装目录>/idalib/python/idapro-9.0-py3-none-win_amd64.whl"IDADIR — 通过环境变量或
--ida-dir参数设置 IDA 安装路径
安装
git clone https://github.com/mufeng05/ida-auto-mcp.git
cd ida-auto-mcp
pip install -e .快速开始
Claude Code 配置 (~/.claude.json)
{
"mcpServers": {
"ida": {
"command": "python",
"args": ["-m", "ida_auto_mcp", "--ida-dir", "C:/Program Files/IDA Pro"],
"env": {
"IDADIR": "C:/Program Files/IDA Pro"
}
}
}
}Claude Desktop 配置 (claude_desktop_config.json)
{
"mcpServers": {
"ida": {
"command": "python",
"args": ["-m", "ida_auto_mcp", "--ida-dir", "C:/Program Files/IDA Pro"],
"env": {
"IDADIR": "C:/Program Files/IDA Pro"
}
}
}
}命令行使用
# 启动服务器(stdio 模式,默认)
python -m ida_auto_mcp
# 启动时预加载一个文件
python -m ida_auto_mcp C:/samples/target.exe
# HTTP 模式(调试用)
python -m ida_auto_mcp --transport http --port 8765
# 详细日志
python -m ida_auto_mcp -v工具列表(共 36 个)
会话管理
工具 | 说明 |
| 打开二进制文件进行分析(含自动分析) |
| 关闭分析会话 |
| 切换到其他会话 |
| 列出所有打开的会话 |
| 获取当前活跃会话信息 |
数据库操作
工具 | 说明 |
| 获取二进制文件元数据(文件名、架构、基址) |
| 等待自动分析完成 |
| 保存 IDA 数据库到磁盘 |
分析功能
工具 | 说明 |
| 列出/过滤函数(支持分页) |
| 获取函数详细信息(原型、大小) |
| Hex-Rays 反编译为 C 伪代码 |
| 反汇编 |
| 获取到某地址的交叉引用 |
| 获取从某地址出发的交叉引用 |
数据查询
工具 | 说明 |
| 列出二进制中的字符串 |
| 正则搜索字符串 |
| 列出导入函数(按模块) |
| 列出导出符号 |
| 列出内存段/节 |
控制流分析
工具 | 说明 |
| 查找调用指定函数的所有函数 |
| 查找指定函数调用的所有函数 |
| 构建调用图(BFS,支持深度控制) |
| 获取函数的基本块(CFG) |
| 解析地址所属的段/函数/符号 |
类型与结构体
工具 | 说明 |
| 列出数据库中的结构体/联合体 |
| 获取结构体详细信息(含所有字段) |
| 获取函数栈帧布局 |
| 列出二进制入口点 |
| 列出全局变量 |
搜索与修改
工具 | 说明 |
| 字节模式搜索(支持通配符,如 |
| 重命名函数/地址 |
| 设置反汇编注释 |
| 设置函数原型 |
| 在指定地址写入字节(二进制补丁) |
| 读取指定地址的原始字节 |
| 执行 IDAPython 脚本 |
多文件分析示例
用户:分析 main.exe 和它的 plugin.dll
AI: open_binary("C:/samples/main.exe") → 打开并分析 main.exe
AI: list_functions(filter_str="*LoadPlugin*") → 查找 LoadPlugin 函数
AI: decompile_function("LoadPlugin") → 反编译
AI: open_binary("C:/samples/plugin.dll") → 打开 plugin.dll(新会话)
AI: list_exports() → 查看 DLL 导出
AI: decompile_function("PluginInit") → 反编译导出函数
AI: switch_binary("<main.exe 的会话 ID>") → 切回 main.exe
AI: get_xrefs_to("0x401000") → 查看交叉引用项目结构
ida_auto_mcp/
├── server.py # 命令行入口,idapro 初始化
├── mcp_server.py # MCP 协议实现(stdio + HTTP 传输)
├── _registry.py # 全局 McpServer 实例 + @tool 装饰器
├── session.py # 多文件会话管理(基于 idalib)
└── tools.py # 25 个 IDA 分析工具许可
本项目供个人学习和研究使用,需要有效的 IDA Pro 许可证。
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.