This is an IDA Pro plugin designed to assist reverse engineers when they are reversing Windows drivers or applications that interact with them. The source code is hosted on GitHub under a 3-clause BSD license.
Just drop the 'win_driver_plugin.py' file and the entire 'win_driver_plugin' folder into IDA's plugin directory. If you want FLOSS to be used when hunting for device names, you can install it with the following commands:
pip install https://github.com/williballenthin/vivisect/zipball/master
pip install https://github.com/fireeye/flare-floss/zipball/master
Potential IOCTL codes can be decoded by selecting the value in IDA and using the "Ctrl+Alt+D" shortcut or the right-click context menu option. This will add a comment to the instruction with the IOCTL Code represented by it's equivalent define using the CTL_CODE macro, as shown below:
Additionally this will print a summary table with the details of all IOCTL codes decoded in the current session:
The plugin implements two basic ways of identifying an IOCTL dispatch function. These can be ran using the "Ctrl+Alt+S" shortcut, as shown below:
The plugin can also find potential device names. First, it will search for Unicode strings that could be valid device paths and if it doesn't find any, it will attempt to use FLOSS to find any obfuscated device names present in the driver. This function can be ran using the "Ctrl+Alt+A" shortcut, you can see this being run on the infamous Capcom driver below.
More details can be found on the projects GitHub page.