In IDA 5.6 Hex-Rays introduced the capability to implement loaders using Python or IDC scripts. In the Hex Blog posting announcing this new capability,^[134] Elias Bachaalany of Hex-Rays describes a loader, implemented in Python, used to load a particular type of malicious .pdf file containing shellcode. The nature of malicious .pdf files is such that the loader does not generalize across all .pdf files, but the loader is an excellent example of how to load unsupported file formats in IDA.

Scripted loaders may be implemented in either IDC or Python and require at least two functions, accept_file and load_file, which perform functions similar to those previously described for SDK-based loaders. An IDC-based loader for the ...