下载链接:
链接:https://pan.baidu.com/s/1jhpF-IzeiFARFaGLq_pdDQ 密码:5weo
md5:
MD5 (/Volumes/DATA/SOFT/idap7.3/x64IDA73-TIRA.zip) = f9ddc170ed22c0dc5c93c51542429c2a
配置修改Picasa3本地数据库路径
不管是windows还是mac想找个好用的看图软件还是比较难,用的都不怎么合手。以前一直用Picasa3,结果现在google早已经不维护这个项目了。
尝试安装acdsee,浏览功能也还ok,但是预览的时候不能跨目录导致图片较多的时候会出现需要来回切换目录的问题。
CommentView Plugin for IDAPro7.0
自从ida升级7.0 之后,hexrays做了很多的改动,以前的插件基本都废掉了。于是想要找个插件就变得很困难,最近分析一个文件需要获取所有的注释,但是那个针对低版本开发的commentview已经无力回天了。虽然晚上有开源的代码,但是实际修改起来比较蛋疼,不知道是不是ida的问题,编译的插件获取的地址基本都是错误的。还是按照以前的使用区段枚举,和inf信息获取的方法获取到的地址都错了,着tm就很尴尬了,测试代码如下:
for (int i = 0; i < get_segm_qty(); i++) {
segment_t *seg = getnseg(i);
qstring segname;
get_segm_name( &segname,seg, 1024);
msg("segname: %s, start_ea= %08x, end_ea= %08x , size=%08x \n", segname.c_str(), seg->start_ea, seg->end_ea, seg->size());
}
msg("Database Info: start_ea= %08x, min_ea= %08x, max_ea= %08x, omin_ea= %08x, omax_ea= %08x \n", inf.start_ea, inf.min_ea, inf.max_ea, inf.omin_ea, inf.omax_ea);
msg("lowoff= %08x, highoff= %08x, main= %08x \n", inf.lowoff, inf.highoff, inf.main);
实际获取到的数据如下,测试环境为OSX + IDA 7.0,如果谁看到了这篇文章还获取到了正确的地址麻烦通知我一声(感谢匿名用户的评论反馈:那个基址问题应该是IDA的BUG,在新的IDA 7.0.171130 (SP1)里已经修正了的,如果是正版的话就升级一下吧。)。
segname: .text, start_ea= 10001000, end_ea= 00000001 , size=effff001
segname: .idata, start_ea= 10005000, end_ea= 00000006 , size=efffb006
segname: .rdata, start_ea= 1000513c, end_ea= 00000003 , size=efffaec7
segname: .data, start_ea= 10006000, end_ea= 00000005 , size=efffa005
Database Info: start_ea= 10007000, min_ea= ff000000, max_ea= 00000000, omin_ea= 0006000f, omax_ea= 06400007
lowoff= 00500046, highoff= 00000301, main= 10007000
获取到的end_ea都是错的。
IDA Patcher 1.2 by Peter Kacherginsky
IDA Patcher is a plugin for Hex-Ray’s IDA Pro disassembler designed to enhance IDA’s ability to patch binary files and memory. The plugin is useful for tasks related to malware analysis, exploit development as well as bug patching. IDA Patcher blends into the standard IDA user interface through the addition of a subview and several menu items
Simply copy idapatcher.py into IDA’s plugins folder. The plugin will be automatically loaded the next time you start IDA Pro.
The plugin uses pure IDA Python API, so it should be compatible with all versions of IDA on different platforms. However, it was only extensively tested on IDA Pro 6.5 for Windows with x86, x86-64 and ARM binaries.
Snowman IDA Plugin(F4)
-
Enjoys all executable file formats supported by the disassembler.
-
Benefits from IDA’s signature search, parsers of debug information, and demanglers.
-
Decompiles a chosen function or the whole program by push of a button.
-
Allows easy jumping between the disassembler and the decompiled code.
-
Fully integrated into IDA’s GUI.
- Link:http://derevenets.com/index.html
Mac IDA Pro 插件编写指南 v1.0
Windows版的插件编写可以参考的文档比较多,并且也有专门的向导可以来做这件事情,相对来说比较简单。但是针对Mac下的插件编写虽然也有一些参考文档但是都比较老旧。有参考价值但是意义不大,形同鸡肋。Windows下的插件编写可以参考下面两篇文章中的向导:IDA Pro Plugin wizard for vs2013 以及 Ida Plugin Wizard For VS2010。
现在开始正题,测试环境为:
Mac OS 10.9.4
Xcode 5.1.1
IDA Pro For Mac 6.5+sdk65
如果环境不一样可能存在些许的差异,下面开始说插件的创建方法。
- 运行Xcode选择新建项目,从OSX中选的Framework & Library类,然后选择STL C++ Library(注意不要选择C/C++ Library,选择该项会在编译的时候出现非常多的诡异的错误,即使能够解决也相当的麻烦。)
