就像我们所熟知的那样,IDA对于Unicode和中文的串式参考并没有太好的处理,在这一方面不管是从插件还是ida自身的功能来看都要比OD的Unicode字符串搜索差得多。但是OD的字符串参考却不太好导入到IDA中于是就先是写了个idc的脚本,用来导入数据。今天又写了个小工具用来处理od解析出来的中文字符串参考。效果就是上面的样子,也许那天实在无聊了会改下OD的中文字符串搜索插件,让其可以直接导出数据。
Import Repeatable Comments to IDA Via Script
///////////////////////////////////////////////////////////////////////////////////////////////////
//Write repeatble comment to the ida database.Such as the Chinese characters exported from OD //
//The data formart show be like fallows: //
//007714F4 发现无线设备, 连接中…… //
//007714F8 发现有线设备, 连接中…… //
//The first is a address, and then 2 spaces ,and the last is the Comment for the data //
//Script by obaby , site:http://www.h4ck.org.cn ,Email:root@h4ck.ws ,Date:11:59 2011-11-7 //
///////////////////////////////////////////////////////////////////////////////////////////////////
Passware.Password.Recovery.Kit.Professional.v11.1.4002-AGAiN
rsrcExtractor IDA Plugin
/******************************************************************************
* One of the things I always missed in IDA is parsing of resources. IDA has
* option to load resources, but it's nothing more than dummy data.
* This plugin allows us to load resources from file on disk, and see their
* structure. First time you use plugin on existing database you must have
* that file on disk, as only 1st time I'm using file on disk to parse resources
* and store them into netnodes, which allows ppl to share database with full
* resource layout without need to distribute original file.
*
* To use plugin, just press 'P' and you should see resource layout. Before loading
* file, it's smart to select "Load Resources" in IDA, thus Jump to Data option
* will actually work, and you will be able to inspect resources in IDA without
* saving them to the disk.
*
* (c) 2011 deroko of ARTeam
*******************************************************************************/
High Level Assembly IDE
High Level Assembly: http://en.wikipedia.org/wiki/High_Level_Assembly
IDA Name Chang via idc Script
IDA 6.0设置WinDbg调试器路径
在早期版本的IDA中可以直接通过进程选项来设置Windbg的路径,但是在6.0之后这个菜单没了。
但是可以直接编辑ida.cfg文件来设置调试器路径,修改如下内容即可。
//-------------------------------------------------------------------------
// Processor specific parameters
//-------------------------------------------------------------------------
#ifdef __PC__ // INTEL 80x86 PROCESSORS
//
// Location of Microsoft Debugging Engine Library (dbgeng.dll)
// This value is used by both the windmp (dump file loader) and the windbg
// debugger module. Please also refer to dbg_windbg.cfg
// (note: make sure there is a semicolon at the end)
//DBGTOOLS = "C:\\Program Files\\Debugging Tools for Windows (x86)\\";将这一行注释修改为windbg的路径
DBGTOOLS = "C:\\WinDDK\\7600.16385.1\\Debuggers\\";
USE_FPP = YES // Floating Point Processor
// instructions are enabled
// IBM PC specific analyzer options
PC_ANALYZE_PUSH = YES // Convert immediate operand of "push" to offset
//
// In sequence
//
// push seg
// push num
//
Tom Dowdy (Found in iTunes)
I have noticed that in the iTunes process memory ,there have being a person who named Tom.Today I saw his name agin ,and Googled this person ,here is all about him.
Tom is 40 years old.
Tom was raised in Morgantown, West Virginia.
Tom went to college at the University of Notre Dame.
Tom is six feet and two inches tall.
Tom works too much.
Tom listens to music most people don’t like.
Tom has worked at Apple Computer, Inc. for seventeen years.
Tom has worked on QuickTime in the past.
Tom works on iTunes currently.
Tom wrote DarkSide of the Macintosh, a screen saver that does not patch any traps.
Tom enjoys semi-professional cooking.
Tom drives a silly car.
Tom sometimes drives a different silly car.
Tom has one younger brother.
Tom has two excellent parents.
Orginal content link page:http://www.poubelle.com/Tom.html