准备写一本关于IDA的书,然后这个帖子的两个目的:
1. 大家对于这种书籍有没有兴趣,肯定不会和《IDA PRO权威指南》中的内容重叠。
2. 寻求一个好的出版商,如果有意请联系我!
DeIDA Package 1.4
DeDe is Excellent Delphi program analyzing tool, but I still prefer IDA for
navigation & documentation.Exe-2-Dpr is another very useful utility (and also work with old 16-bit Delphi
programs).I always look for way to grab as many info from this great program’s output as
possible. So, I wrote a few stupid progs just to _reformate_ Exe2dpr & DeDe
output and import into IDA by simple IDC script.That’s all.
How to use:
———–
EDM:
> -*- EDM 1.4 * Copyright (c) Aleph 2001-2003 -*-
> Exe-2-Dpr output files reformatter
> Usage: edm.com [> ProjectName.DDM]
Apply exe2dpr.exe to analyzed proggy. Place all exe2dpr output in some
directory. Now, run edm.com in this directory and redirect edm output to some
file. edm will be scan all *.pas files in the directory and create output file
in *.ddm format. Use deida.idc script for import the *.ddm file to IDA database.
fixobjc idc script for IDA Pro
This is an attempt to improve the original fixobjc.idc script by Willem Jan Hengeveld.
For now it’s only compatible with Mach-O 32bits binaries for Mac OS X.
My goal is to make it compatible with all Mac OS X and iOS binaries.
fG!
IDA Create Unicode String(English)
IDA对Unicode的处理不能说很烂,但是有的时候却比较蛋疼。例如神马中文之类的,但是除此之外,对于英文的字符串处理在部分地方也是有问题的,例如上面的内容。
同样在idb刚创建的时候对于unicode字符串的解析也存在问题,例如下面的内容:
真正的字符串内容应该是ReadFromRegistry。但是ida很蛋疼的把第一个R当作dw给处理掉了,于是剩下了一个眉头的身子。
在创建string之后默认是采用的当前idb数据库的字符串格式,如果想要创建正确的字符串需要用到SetAsciiStyle(http://www.hex-rays.com/products/ida/support/idadoc/613.shtml)。
IDA Pro 6.3 ELF Anti-Debugging / Reversing Patcher
/*
*
* IDA Pro 6.3 (crash due an internal error)
* ELF anti-debugging/reversing patcher
*
* Published @ IOActive Labs Research blog:
* http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html
*
* - nitr0us [ http://twitter.com/nitr0usmx ]
*
* Tested under:
* IDA Pro Starter License 6.3.120531 (Mac OS X)
* IDA Pro Demo 6.3.120730 (Ubuntu Linux 9.04)
* IDA Pro Demo 6.3.120730 (Mac OS X 10.7.3)
* IDA Pro Demo 6.3.120730 (Windows Vista Home Premium SP2)
*
* Bug found using Frixyon fuzzer (my ELF file format fuzzer still in development)
*
* Timeline:
* 21/11/2012 The bug was found on IDA Demo 6.3
* 22/11/2012 The bug was tested on IDA Pro Starter License 6.3.120531 (32-bit)
* 22/11/2012 The bug was reported through the official Hex-Rays contact emails
* 23/11/2012 Hex-Rays replied and agreed that the bug leads to an unrecoverable
* state and it will be fixed on the next release
*
**************** TECHNICAL DETAILS ***********************
nitr0us@burial:~$ gdb -q idaq
(gdb) r a.out
(no debugging symbols found)
Program received signal SIGTRAP, Trace/breakpoint trap.
[Switching to Thread 0xb6860760 (LWP 3638)]
0xb55f7694 in default_notification_handler (reader=@0xbfbffae0,
notif=reader_t::err_shstrndx) at reader.cpp:33
33 reader.cpp: No such file or directory.
in reader.cpp
Current language: auto; currently c++
(gdb)
也谈《Linux脚本自动备份网站数据到Dropbox》
其实要写这个完全是受小白童鞋的影响,看了她的《Linux脚本自动备份网站数据到Dropbox(上)》之后想着试试,结果看了下那篇文章最后的链接,拷贝了两个脚本,不试不知道一试发现神马都没法用! =(话说写代码都不用测试的么? 😎
修改之后的代码应该是这个样纸滴:
数据库备份代码(保存文件格式一定要保存为Unix UTF-8,要不是跑不动滴)
#!/bin/bash
#sql_everyday_backup.sh
echo "################################################################"
echo "#Backup sql stabase everyday #"
echo "#Mars Security #"
echo "#By:obaby #"
echo "#http://www.h4ck.ws #"
echo "################################################################"
MYSQL_USER="root" // 数据库的用户名
MYSQL_PASS="123456789"// 数据库的密码
MYSQL_DATABASE="mars"//要备份的数据库
SqlFileName=sql_h4ck_$(date +%y%m%d).tar.gz //备份数据库名称
echo " > Start dump the sql database......."
mysqldump -u$MYSQL_USER -p$MYSQL_PASS $MYSQL_DATABASE>h4ckbackup.sql
echo " > Zip the sql file "
tar zcvf $SqlFileName h4ckbackup.sql
echo " > Start uploading file now....."
sh dropbox_uploader.sh upload $SqlFileName
sh dropbox_uploader.sh delete sql_h4ck_$(date -d -10day +%Y%m%d).tar.gz
rm -f $SqlFileName
rm -f h4ckbackup.sql
echo " > All Finished ,have a joy!"
echo "###############################################################"
再谈WindowsBlinds 7.4的试用期
以前的曾经提过这个东西关于开机弹窗的问题(链接:http://www.h4ck.org.cn/2012/11/windowblinds-7-4蛋疼的弹窗/),那时候是解决了,并且顺便patch掉了那个试用期的提示,但是周一开机的时候忽然发现那个原本的效果不见了,取而代之的是一个灰色的没有任何风格的窗口,这个蛋疼啊。
Acer 5742G Bios(1.30)修改
各种笔记本的Bios基本上都被厂商设置了各种限制,剩下可以修改的选项寥寥无几,而如果想要进行一些高级配置却没有什么办法。于是就只能自己想办法解决了,例如宏基的笔记本就只剩下了这么几个选项。
说实话,这几个选项基本没什么太大的用处,而我要改bios也不是对什么修改启动画面有兴趣,那个东东其实没虾米意思。