ida-pro-mcp

Exposes IDA Pro's reverse engineering API through the Model Context Protocol by implementing a proxy server that runs in a separate Python process from IDA, using zeromcp library for transport abstraction (stdio, HTTP, SSE modes). The proxy dispatches local MCP metadata requests directly while forwarding IDA-specific operations to the plugin's internal HTTP handler, enabling 30+ MCP clients (Claude Desktop, VS Code, Cursor, Windsurf) to communicate with IDA without blocking the UI thread.

Enforces strict thread synchronization for all IDA API calls through a decorator pattern (@idasync) that queues requests and executes them on IDA's main thread, preventing race conditions and crashes from concurrent access to IDA's single-threaded database. The decorator system chains through the RPC layer, ensuring that all operations from the MCP proxy are serialized before reaching IDA's kernel.

Exposes binary metadata (functions, strings, imports, types) as MCP resources that can be queried and subscribed to, rather than only through tool calls. Resources provide a read-only view of the binary's structure that LLMs can reference without invoking tools, enabling more efficient context management and reducing round-trips for metadata queries.

Implements a type-safe RPC layer that validates all requests and responses against JSON schemas before forwarding to IDA, ensuring that LLM-generated tool calls conform to expected signatures and preventing crashes from malformed requests. The system uses Python type hints and Pydantic models to define tool schemas, which are exposed to MCP clients for validation and auto-completion.

Implements fine-grained access control through decorator-based capability flags (@unsafe) that gate privileged operations (debugging, code execution, memory modification) and require explicit opt-in from MCP clients. The system tracks which capabilities are enabled per client and enforces them at the RPC boundary, preventing accidental privilege escalation.

Retrieves decompiled pseudocode, disassembly listings, and control flow graphs from IDA's analysis engine via MCP tools, supporting function-level and address-range queries. The system leverages IDA's built-in decompiler (Hex-Rays) and disassembly engine to generate human-readable code representations that LLMs can analyze, with cross-reference data (xrefs) showing function call graphs and data dependencies.

Extracts structured metadata from the loaded binary including function listings with entry points and sizes, string constants, imported symbols, and type information (function signatures, struct definitions). The system queries IDA's internal database (IDB) to enumerate all discovered functions, strings, and imports, returning them as JSON objects that LLMs can analyze for vulnerability patterns or functionality mapping.

Allows LLMs to modify the binary analysis in IDA by adding comments, applying patches, renaming functions/variables, and declaring types. Modifications are persisted to the IDB file, enabling iterative analysis where LLMs can annotate their findings and the next analysis pass uses the updated metadata. The system enforces write safety through optional @unsafe decorators for sensitive operations.

Provides LLM-controlled debugging capabilities including setting/removing breakpoints, reading/writing registers, and inspecting/modifying memory at runtime. These operations require the @unsafe decorator flag and are only available when IDA's debugger is active, allowing LLMs to interact with running processes to validate analysis or extract runtime state.

Allows LLMs to execute arbitrary Python code within IDA's Python environment via the @unsafe decorator, enabling access to IDA's full Python API and custom analysis scripts. Code is executed on IDA's main thread (via @idasync), with access to the IDA module and all loaded plugins, enabling advanced analysis that cannot be expressed through pre-defined MCP tools.

Provides a headless analysis mode using IDA's idalib library (Python bindings to IDA's core engine) that runs without the GUI, enabling batch processing and automation of binary analysis tasks. The idalib_server.py component exposes the same MCP API as the interactive mode, allowing LLMs to analyze binaries in a non-interactive environment without requiring IDA Pro's GUI license.

Provides automated installation and configuration of ida-pro-mcp across 30+ MCP clients (Claude Desktop, VS Code, Cursor, Windsurf, etc.) through a single --install command that generates appropriate JSON configuration files for each client. The system detects installed clients and writes configuration to their standard config directories, enabling LLMs in any supported client to connect to IDA without manual setup.

Runs ida-pro-mcp as an IDA Pro plugin (ida_mcp.py) that loads into the IDA GUI process, enabling interactive reverse engineering where users can manually inspect code in IDA while LLMs provide analysis and suggestions. The plugin supports hot-reload without restarting IDA, allowing developers to iterate on ida-pro-mcp code changes without losing analysis state.