MCP-IDA-PRO

IDA Pro MCP Server with Domain-Driven Design (DDD) architecture for LLM-assisted reverse engineering.

Based on mrexodia/ida-pro-mcp, restructured with DDD architecture for better maintainability, testability, and extensibility.

Architecture

This project follows Domain-Driven Design principles with a layered architecture:

src/ida_pro_mcp/ida_mcp/
  domain/           # Business logic: entities, repositories, services, value objects
  application/      # Use cases, DTOs, command/query handlers
  infrastructure/   # IDA SDK adapters, caching, thread synchronization
  interface/        # MCP tools (13 modules) and resources (3 modules)

129 MCP tools across 13 interface modules:

• Analysis, Core, Memory, Types, Modify, Stack, Debug, Python, Search, Export, Conversion, Control Flow, Graph

14 MCP resources for browsable state access via ida:// URIs.

Prerequisites

• Python (3.11 or higher)
  • Use idapyswitch to switch to the newest Python version
• IDA Pro (8.3 or higher, 9 recommended), IDA Free is not supported
• Supported MCP Client (pick one you like)
  • Claude Code
  • Claude
  • Cursor
  • VS Code
  • Windsurf
  • Other MCP Clients

Installation

Install the package:

pip install https://github.com/JordanRO2/MCP-IDA-PRO/archive/refs/heads/main.zip

Configure MCP servers and install the IDA Plugin:

ida-pro-mcp --install

Important: Restart IDA and your MCP client completely after installation.

Note: Load a binary in IDA before the plugin menu appears.

MCP Resources

Database State:

• ida://database/info - IDB file info (path, arch, base, size, hashes)
• ida://database/segments - Memory segments with permissions
• ida://database/entrypoints - Entry points

UI State:

• ida://cursor - Current cursor position and function
• ida://selection - Current selection range

Type Information:

• ida://types - All local types
• ida://structs - All structures/unions
• ida://struct/{name} - Structure definition with fields

Lookups:

• ida://import/{name} - Import details by name
• ida://export/{name} - Export details by name
• ida://xrefs/from/{addr} - Cross-references from address

Core Tools

• lookup_funcs(queries): Get function(s) by address or name
• list_funcs(queries): List functions (paginated, filtered)
• list_globals(queries): List global variables (paginated, filtered)
• imports(offset, count): List imported symbols with module names
• decompile(addr): Decompile function at address
• disasm(addr): Disassemble function with full details
• xrefs_to(addrs): Get cross-references to address(es)
• callees(addrs): Get functions called by function(s)

Modification Tools

• set_comments(items): Set comments at address(es)
• patch_asm(items): Patch assembly instructions
• declare_type(decls): Declare C type(s) in local type library
• rename(batch): Batch rename functions, globals, locals, stack variables

Memory Tools

• get_bytes(addrs): Read raw bytes
• get_int(queries): Read integer values (i8/u64/i16le/i16be/etc)
• get_string(addrs): Read null-terminated strings
• patch(patches): Patch byte sequences
• put_int(items): Write integer values

Analysis Tools

• analyze_funcs(addrs): Comprehensive function analysis
• basic_blocks(addrs): Get basic blocks with successors/predecessors
• callgraph(roots, max_depth): Build call graph

Search Tools

• find_regex(queries): Search strings with regex
• find_bytes(patterns): Find byte patterns (e.g., "48 8B ?? ??")
• find_insns(sequences): Find instruction sequences
• find(type, targets): Advanced search (immediates, strings, references)

Type Tools

• set_type(edits): Apply types to functions, globals, locals
• infer_types(addrs): Infer types using Hex-Rays
• read_struct(queries): Read structure field values
• search_structs(filter): Search structures by name

Stack Frame Tools

• stack_frame(addrs): Get stack frame variables
• declare_stack(items): Create stack variables
• delete_stack(items): Delete stack variables

Debugger Tools

Enable with ?ext=dbg query parameter:

http://127.0.0.1:13337/mcp?ext=dbg

• Control: dbg_start, dbg_exit, dbg_continue, dbg_step_into, dbg_step_over
• Breakpoints: dbg_bps, dbg_add_bp, dbg_delete_bp, dbg_toggle_bp
• Registers: dbg_regs, dbg_gpregs, dbg_regs_named
• Memory: dbg_read, dbg_write, dbg_stacktrace

Python Execution

• py_eval(code): Execute Python code in IDA context (Jupyter-style evaluation)

SSE Transport and Headless Mode

Run SSE server:

ida-pro-mcp --transport http://127.0.0.1:8744/sse

Headless mode with idalib:

idalib-mcp --host 127.0.0.1 --port 8745 path/to/executable

Prompt Engineering Tips

LLMs can hallucinate on number conversions. Use the conversion tools provided. Before LLM analysis, consider removing:

• String encryption
• Import hashing
• Control flow flattening
• Anti-decompilation tricks

Use Lumina or FLIRT to resolve library functions for better accuracy.

Development

The DDD architecture makes adding new features straightforward:

1. Add domain entities/services in domain/
2. Create use cases in application/
3. Implement IDA adapters in infrastructure/
4. Expose tools in interface/tools/

Test with MCP inspector:

npx -y @modelcontextprotocol/inspector

License

MIT License - see LICENSE for details.

Original project by Duncan Ogilvie (mrexodia). DDD architecture restructuring by JordanRO2.