Artificial Intelligence / Reverse Engineering / Internet of Things / Full Stack Developer
AIO OllyDBG Tools Pack
============================================
uploader : [belajar-cracking.blogspot]
============================================
All tools for ollyDBG v1.10 / v2.0. And ImmunityDBG. Contain plugins, script, patch, extra tools, utilities etc. I hope you like it… 
准备写一本关于IDA的书,然后这个帖子的两个目的:
1. 大家对于这种书籍有没有兴趣,肯定不会和《IDA PRO权威指南》中的内容重叠。
2. 寻求一个好的出版商,如果有意请联系我!
DeDe is Excellent Delphi program analyzing tool, but I still prefer IDA for
navigation & documentation.Exe-2-Dpr is another very useful utility (and also work with old 16-bit Delphi
programs).I always look for way to grab as many info from this great program’s output as
possible. So, I wrote a few stupid progs just to _reformate_ Exe2dpr & DeDe
output and import into IDA by simple IDC script.That’s all.
How to use:
———–
EDM:
> -*- EDM 1.4 * Copyright (c) Aleph 2001-2003 -*-
> Exe-2-Dpr output files reformatter
> Usage: edm.com [> ProjectName.DDM]
Apply exe2dpr.exe to analyzed proggy. Place all exe2dpr output in some
directory. Now, run edm.com in this directory and redirect edm output to some
file. edm will be scan all *.pas files in the directory and create output file
in *.ddm format. Use deida.idc script for import the *.ddm file to IDA database.
This is an attempt to improve the original fixobjc.idc script by Willem Jan Hengeveld.
For now it’s only compatible with Mach-O 32bits binaries for Mac OS X.
My goal is to make it compatible with all Mac OS X and iOS binaries.
fG!
IDA对Unicode的处理不能说很烂,但是有的时候却比较蛋疼。例如神马中文之类的,但是除此之外,对于英文的字符串处理在部分地方也是有问题的,例如上面的内容。
同样在idb刚创建的时候对于unicode字符串的解析也存在问题,例如下面的内容:
真正的字符串内容应该是ReadFromRegistry。但是ida很蛋疼的把第一个R当作dw给处理掉了,于是剩下了一个眉头的身子。
在创建string之后默认是采用的当前idb数据库的字符串格式,如果想要创建正确的字符串需要用到SetAsciiStyle(http://www.hex-rays.com/products/ida/support/idadoc/613.shtml)。
/*
*
* IDA Pro 6.3 (crash due an internal error)
* ELF anti-debugging/reversing patcher
*
* Published @ IOActive Labs Research blog:
* http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html
*
* - nitr0us [ http://twitter.com/nitr0usmx ]
*
* Tested under:
* IDA Pro Starter License 6.3.120531 (Mac OS X)
* IDA Pro Demo 6.3.120730 (Ubuntu Linux 9.04)
* IDA Pro Demo 6.3.120730 (Mac OS X 10.7.3)
* IDA Pro Demo 6.3.120730 (Windows Vista Home Premium SP2)
*
* Bug found using Frixyon fuzzer (my ELF file format fuzzer still in development)
*
* Timeline:
* 21/11/2012 The bug was found on IDA Demo 6.3
* 22/11/2012 The bug was tested on IDA Pro Starter License 6.3.120531 (32-bit)
* 22/11/2012 The bug was reported through the official Hex-Rays contact emails
* 23/11/2012 Hex-Rays replied and agreed that the bug leads to an unrecoverable
* state and it will be fixed on the next release
*
**************** TECHNICAL DETAILS ***********************
nitr0us@burial:~$ gdb -q idaq
(gdb) r a.out
(no debugging symbols found)
Program received signal SIGTRAP, Trace/breakpoint trap.
[Switching to Thread 0xb6860760 (LWP 3638)]
0xb55f7694 in default_notification_handler (reader=@0xbfbffae0,
notif=reader_t::err_shstrndx) at reader.cpp:33
33 reader.cpp: No such file or directory.
in reader.cpp
Current language: auto; currently c++
(gdb)
其实要写这个完全是受小白童鞋的影响,看了她的《Linux脚本自动备份网站数据到Dropbox(上)》之后想着试试,结果看了下那篇文章最后的链接,拷贝了两个脚本,不试不知道一试发现神马都没法用! =(话说写代码都不用测试的么? 😎
修改之后的代码应该是这个样纸滴:
数据库备份代码(保存文件格式一定要保存为Unix UTF-8,要不是跑不动滴)
#!/bin/bash
#sql_everyday_backup.sh
echo "################################################################"
echo "#Backup sql stabase everyday #"
echo "#Mars Security #"
echo "#By:obaby #"
echo "#http://www.h4ck.ws #"
echo "################################################################"
MYSQL_USER="root" // 数据库的用户名
MYSQL_PASS="123456789"// 数据库的密码
MYSQL_DATABASE="mars"//要备份的数据库
SqlFileName=sql_h4ck_$(date +%y%m%d).tar.gz //备份数据库名称
echo " > Start dump the sql database......."
mysqldump -u$MYSQL_USER -p$MYSQL_PASS $MYSQL_DATABASE>h4ckbackup.sql
echo " > Zip the sql file "
tar zcvf $SqlFileName h4ckbackup.sql
echo " > Start uploading file now....."
sh dropbox_uploader.sh upload $SqlFileName
sh dropbox_uploader.sh delete sql_h4ck_$(date -d -10day +%Y%m%d).tar.gz
rm -f $SqlFileName
rm -f h4ckbackup.sql
echo " > All Finished ,have a joy!"
echo "###############################################################"
以前的曾经提过这个东西关于开机弹窗的问题(链接:http://www.h4ck.org.cn/2012/11/windowblinds-7-4蛋疼的弹窗/),那时候是解决了,并且顺便patch掉了那个试用期的提示,但是周一开机的时候忽然发现那个原本的效果不见了,取而代之的是一个灰色的没有任何风格的窗口,这个蛋疼啊。