I’ve been periodically reloading the vmallet Interactive IDA Plugin List and sorting by “updated” to find new and/or actively developed IDA plugins.
Missing Link is a plugin by Kevin Weatherman that uses WinDbgX Time Travel Debugger (TTD) traces to resolve indirect branches. Notably, it has a lot of coverage for the undocumented TTD API, which is pretty exciting. I’ve also enjoyed playing with the Airbus CERT ttddbg plugin to explore TTD trace files from the IDA debugger interface. I’ve used the Python bindings in ttd-bindings briefly, but need keep exploring. An obvious goal is to approximate FLOSS by periodically scanning trace memory for human readable strings, perhaps at every API call.
I also stumbled across the new plugin bundled with IDA Pro 8.0: patfind. This plugin uses the function byte pattern database from Ghidra to find function prologues in arbitrary binary data. They say that this pattern matcher is more reliable than the old IDA mechanism, though its only automatically invoked when inspecting raw binary files (not recognized executable modules). You can invoke it manually via Edit > Plugins > “Find functions”.
I’m amused, but maybe also happy, that Hex-Rays used the format and data invented by Ghidra. Agreeing on a common format makes it easier to enhance the database used by both tools. Ghidra already has tooling to create these patterns via the Function Bit Patterns Explorer plugin.
The plugin distributed by Hex-Rays is derived from IDAPatternSearch by David Lazar at Argus.