While not, strictly speaking, a plug-in, Joxean Koret’s Python scripts, dubbed MyNav, certainly qualify as a useful IDA extension, useful enough that MyNav earned the top spot in the Hex-Rays plug-in writing contest for 2010.^[213] The mynav.py script should be launched after you have loaded a binary and the initial autoanalysis has completed. Upon launch, MyNav adds 20 new menu options to IDA’s Edit ▸ Plugins menu, at which point you are ready to take advantage of a number of new features.

Among the features added by MyNav are a function-level (as opposed to basic block-level) graphical browser inspired by Zynamics’s BinNavi, additional graphing features such as displaying the code paths between any two functions, and a number of features designed to enhance IDA’s debugging capabilities.

For debugging, MyNav records information about debugging sessions and allows you to use the results of one debugging session to serve as a filter for subsequent sessions. Following any debugging session, MyNav displays a graph that highlights only those functions executed during the session. Using the capabilities offered by MyNav, it is possible to quickly narrow down sets of functions that are responsible for specific actions within a program. For example, if you happen to be interested in the functions that are responsible for initiating network connections and downloading some content, you might create a session that does everything but initiate a network connection and then conduct a second session in which you do create a network connection. By excluding all functions that executed during your first debugging session, the resulting graph will contain hits for just those functions responsible for initiating the network connection. This feature is very useful if you are trying to characterize functions with very large binaries.

For a full discussion of MyNav’s features, please refer to Joxean’s blog,^[214] where you will find a number of video walkthroughs demonstrating some of the capabilities of MyNav.