IDA is an interactive disassembler, which means that the user takes active participation in the disassembly process. IDA is not an automatic analyzer of programs. IDA will give you hints about suspicious instructions, unsolved problems etc. It is your job to inform IDA how to proceed.
IDABeautify
An IDA plugin for making pseudocode better.
RetDec IDA plugin
RetDec plugin for IDA (Interactive Disassembler).
The plugin is compatible with the IDA 7.5+ versions. The plugin does NOT work with IDA 6.x, IDA 7.0-7.4, or freeware version of IDA 7.0. The plugin comes at both 32-bit and 64-bit address space variants (both are 64-bit binaries). I.e. it works in both ida
and ida64
. At the moment, it can decompile the following architectures:
- 32-bit: x86, arm, mips, and powerpc.
- 64-bit: x86-64, arm64.
IDA PRO 7.5 KEYGEN
========================= IDA-Pro Key Generator ========================
Use this program to make your IDA-Pro copy look legit or to increase the
number of seats for your license.
I used to support IDA a long time ago but they have exponentially increased
the prices of their products and insisted on a yearly subscription based
payment. Without an active plan one can’t even access the IDA forum.
So I’ve continued to use IDA-Pro and for the last 20 years I had every
single version either leaked or “borrowed” from friends with my own
generated licenses.
IDA Patcher 1.2 by Peter Kacherginsky
IDA Patcher is a plugin for Hex-Ray’s IDA Pro disassembler designed to enhance IDA’s ability to patch binary files and memory. The plugin is useful for tasks related to malware analysis, exploit development as well as bug patching. IDA Patcher blends into the standard IDA user interface through the addition of a subview and several menu items
Simply copy idapatcher.py into IDA’s plugins folder. The plugin will be automatically loaded the next time you start IDA Pro.
The plugin uses pure IDA Python API, so it should be compatible with all versions of IDA on different platforms. However, it was only extensively tested on IDA Pro 6.5 for Windows with x86, x86-64 and ARM binaries.
Snowman IDA Plugin(F4)
-
Enjoys all executable file formats supported by the disassembler.
-
Benefits from IDA’s signature search, parsers of debug information, and demanglers.
-
Decompiles a chosen function or the whole program by push of a button.
-
Allows easy jumping between the disassembler and the decompiled code.
-
Fully integrated into IDA’s GUI.
- Link:http://derevenets.com/index.html
Mac IDA Pro 插件编写指南 v1.0
Windows版的插件编写可以参考的文档比较多,并且也有专门的向导可以来做这件事情,相对来说比较简单。但是针对Mac下的插件编写虽然也有一些参考文档但是都比较老旧。有参考价值但是意义不大,形同鸡肋。Windows下的插件编写可以参考下面两篇文章中的向导:IDA Pro Plugin wizard for vs2013 以及 Ida Plugin Wizard For VS2010。
现在开始正题,测试环境为:
Mac OS 10.9.4
Xcode 5.1.1
IDA Pro For Mac 6.5+sdk65
如果环境不一样可能存在些许的差异,下面开始说插件的创建方法。
- 运行Xcode选择新建项目,从OSX中选的Framework & Library类,然后选择STL C++ Library(注意不要选择C/C++ Library,选择该项会在编译的时候出现非常多的诡异的错误,即使能够解决也相当的麻烦。)
【原创】IDA Unicode字符串自动解析注释插件3.0
直接上图,废话就不多说了,目前只有32位的插件,64位的插件编译存在一点点问题,希望能很快解决。 更新64位插件,但是没有合适的二进制文件,未测试!
快捷键为Ctrl+U,该插件只解析未知的并且存在交叉引用的数据格式(数据前缀为unk,如果不是将不会处理),如果是中文已经识别为英文字符串请去掉原来的定义,这样才能重新识别,可以结合2.0版本的进行手工修复。
MachO文件: