这个插件已经有很多年的历史了,话说也好几百年没更新了。不知道还有冇淫用这个东西,前一段时间曾经编译了支持6.x的插件,http://www.h4ck.org.cn/2012/06/ida-sync-for-ida-6-x/。但是在使用的过程中发现还是有很多问题的,比如函数名称push的问题。
zynamics Objective-C helper script
对于OC的程序逆向IDA直接解析的代码并不是十分清晰,有太多的_objc_msgSend之类的函数,而根本不知道具体调用的函数是个什么鸟东西。用这个插件可以修正诸如 _objc_msgSend之类的名字。
Zynamics Hexer 1.04 Release
Hexer is a hex editor available free of charge. Being written in Java, Hexer is platform-independent and should work on all platforms that support Java 6
QQ International 1.4(2582) Self Check Patch & Today Remover
猛击此处下载补丁程序,放入bin目录下执行。现在的弹窗貌似不是登录之后直接弹了,可能会等待几分钟,不过没关系。还是那个鸟样。
PyDbg安装(《Python 灰帽子》)
这本书是这两天刚买到的,从前天开始看,然后到昨天晚上就看完了,整体的感觉就是书的内容虽然不错但是感觉有点太少了,一种意犹未尽的感觉。
轻轻松松当医生
不知道什么时候电脑上竟然还有这么一个东东,猛击此处下载,可以过一把当医生的瘾。嘎嘎,对啦登录密码是123
mona for Immunity Debugger v1.8x
This is the Corelan Team project page for ‘mona’, a PyCommand for Immunity Debugger.
This PyCommand replaces pvefindaddr, which is no longer supported as of mid june 2011.The PyCommand has been tested on Immunity Debugger 1.83. Older versions of Immunity Debugger are not supported and may not work.
Hide Debugger for Immunity Debugger v1.8x
"""
(c) Mars Security. 2009-2012
Institute Of Information Serurity From Mars
Email:root@h4ck.ws
U{By obaby.}
"""
#sys.path.append("C:\\Program Files\\Immunity Inc\\Immunity Debugger\\Libs")
import immlib
import immutils
def main(args):
imm = immlib.Debugger()
#hide debugger by wipe the BeingDebugged flag in PEB struct.
imm.writeMemory (imm.getPEBAddress() + 0x2,"\x00")
#disable the process enume
process32first = imm.getAddress("kernel32.Process32FirstW")
process32next = imm.getAddress("kernel32.Process32NextW")
function_list = [process32first, process32next]
patch_bytes = imm.assemble("SUB EAX,EAX\nRET 8")
for address in function_list:
opcode = imm.disasmForward(address,nlines = 8)
#imm.writeMemory(opcode.address,patch_bytes)
return "[*] PEB BeingDebugged flag cleared ! Debugger Hided~!"
该脚本用于去掉基于IsDebugPresent函数的调试检测。将上面的内容保存为hidedbg.py放入immdbg的PyCommands目录下,然后在immdbg的命令窗口中执行即可。 