idacpp

C++ scripting for IDA Pro — the C++ counterpart to IDAPython.

idacpp embeds a C++ interpreter directly into IDA's scripting engine, giving you native access to the full IDA SDK — including Hex-Rays — at interpreter speed. No bindings, no FFI, no type translation: the same ea_t, func_t*, and cfunc_t* you use in compiled plugins, live in a REPL. Built on Cling and Clang 20.

Screenshots

Windows — C++ snippet listing segments

macOS — C++ snippet listing functions

C++ REPL tab in IDA's output window

Interactive REPL

Select the C++ tab in IDA's output window:

C++> auto n = get_func_qty();
C++> printf("%d functions\n", n);
142 functions
C++> auto f = get_next_func(0);
C++> qstring name;
C++> get_func_name(&name, f->start_ea);
C++> msg("%s @ %a\n", name.c_str(), f->start_ea);
_start @ 0x1000

All declarations persist across lines — variables, functions, and types remain available for subsequent input.

Scripts

#include <funcs.hpp>
#include <segment.hpp>

int main() {
    printf("%d functions, %d segments\n",
           get_func_qty(), get_segm_qty());
    return 0;
}

C++> .x hello.cpp
4 functions, 3 segments

What you can do

• Interactive REPL — C++ tab in IDA's output window with a persistent session
• Full IDA SDK — headers available via PCH (or source-header fallback), including Hex-Rays decompiler types
• Script execution — .x scripts with main() entrypoint; reloading auto-unloads the previous version
• Code completion — SDK-aware completions with prefix matching
• Crash recovery — SIGSEGV / SEH caught, interpreter stays alive
• Undo / rollback — .undo and .clear to revert interpreter state
• Expression evaluator — IDA's expression engine routes through C++ when active
• Plain C++ mode — works without IDA SDK as a C++ REPL (no SDK types available)

Examples

The examples/ directory contains ready-to-run scripts:

Script	Description
hello.cpp	Minimal starter — prints function and segment counts
list_functions.cpp	Enumerate all functions with addresses and names
list_segments.cpp	Enumerate all segments with address ranges
decompile_first.cpp	Decompile the first function using Hex-Rays
xrefs.cpp	List cross-references to the first function

Quick start

Agent-assisted install

Feed install-agent.md to your AI coding agent (Claude Code, Cursor, etc.) — it will clone the dependencies, build LLVM/Cling, and compile the plugin automatically.

Manual

git clone https://github.com/allthingsida/idacpp.git
cd idacpp && mkdir build && cd build
cmake .. -DCLINGLITE_SOURCE_DIR=/path/to/clinglite \
         -DCLING_BUILD_DIR=/path/to/cling-build \
         -DIDASDK=/path/to/idasdk
cmake --build . --config Release

The build produces idacpp.dll / idacpp.so / idacpp.dylib, placed in the IDA SDK plugin directory by CMake. See BUILDING.md for prerequisites, platform-specific instructions, and build output details.

Documentation

Document	Contents
install-agent.md	Agent prompt for automated build & install
BUILDING.md	Prerequisites, CMake variables, platform builds, output sizes
USAGE.md	CLI commands, script format, runtime setup, expression evaluator
examples/	Ready-to-run IDA scripts

Troubleshooting

• failed to initialize C++ interpreter: check CLING_DIR — it must point to a valid Cling/LLVM build tree with lib/clang/<ver>/include/ intact.
• IDA SDK headers unavailable: set IDASDK to enable IDA API declarations in the interpreter.
• Runtime library lookup issues: set IDADIR to the IDA installation directory on the target machine.
• Plugin load crash / abort on startup: if test binaries that also link LLVM statically live in $IDADIR/plugins/, init_library() loads duplicate LLVM symbols and aborts. Move the plugin aside before running tests.

License

MIT License. Copyright (c) Elias Bachaalany. See LICENSE.

This project depends on clinglite and Cling — see their respective licenses.