任何的一个开发环境没有自动完成功能,总是用起来感觉十分蛋疼。今天在笔记本上配置这个鸟东西,发现自动完成功能没法用,原因是安装的差价太多了,那个autocomplete插件根本无法激活。于是去掉了一些乱起八遭的插件,其实要编辑idc只需要一个outline插件和autocomplete插件就可以了,其他的感觉用途不大。当然最重要的还是要有一个idc的高亮模板来提供关键词的高亮和自动完成。
OD Unicode String Format Convert v0.1
就像我们所熟知的那样,IDA对于Unicode和中文的串式参考并没有太好的处理,在这一方面不管是从插件还是ida自身的功能来看都要比OD的Unicode字符串搜索差得多。但是OD的字符串参考却不太好导入到IDA中于是就先是写了个idc的脚本,用来导入数据。今天又写了个小工具用来处理od解析出来的中文字符串参考。效果就是上面的样子,也许那天实在无聊了会改下OD的中文字符串搜索插件,让其可以直接导出数据。
Import Repeatable Comments to IDA Via Script
///////////////////////////////////////////////////////////////////////////////////////////////////
//Write repeatble comment to the ida database.Such as the Chinese characters exported from OD //
//The data formart show be like fallows: //
//007714F4 发现无线设备, 连接中…… //
//007714F8 发现有线设备, 连接中…… //
//The first is a address, and then 2 spaces ,and the last is the Comment for the data //
//Script by obaby , site:http://www.h4ck.org.cn ,Email:root@h4ck.ws ,Date:11:59 2011-11-7 //
///////////////////////////////////////////////////////////////////////////////////////////////////
Passware.Password.Recovery.Kit.Professional.v11.1.4002-AGAiN
rsrcExtractor IDA Plugin
/******************************************************************************
* One of the things I always missed in IDA is parsing of resources. IDA has
* option to load resources, but it's nothing more than dummy data.
* This plugin allows us to load resources from file on disk, and see their
* structure. First time you use plugin on existing database you must have
* that file on disk, as only 1st time I'm using file on disk to parse resources
* and store them into netnodes, which allows ppl to share database with full
* resource layout without need to distribute original file.
*
* To use plugin, just press 'P' and you should see resource layout. Before loading
* file, it's smart to select "Load Resources" in IDA, thus Jump to Data option
* will actually work, and you will be able to inspect resources in IDA without
* saving them to the disk.
*
* (c) 2011 deroko of ARTeam
*******************************************************************************/
High Level Assembly IDE
High Level Assembly: http://en.wikipedia.org/wiki/High_Level_Assembly
IDA Name Chang via idc Script
IDA 6.0设置WinDbg调试器路径
在早期版本的IDA中可以直接通过进程选项来设置Windbg的路径,但是在6.0之后这个菜单没了。
但是可以直接编辑ida.cfg文件来设置调试器路径,修改如下内容即可。
//-------------------------------------------------------------------------
// Processor specific parameters
//-------------------------------------------------------------------------
#ifdef __PC__ // INTEL 80x86 PROCESSORS
//
// Location of Microsoft Debugging Engine Library (dbgeng.dll)
// This value is used by both the windmp (dump file loader) and the windbg
// debugger module. Please also refer to dbg_windbg.cfg
// (note: make sure there is a semicolon at the end)
//DBGTOOLS = "C:\\Program Files\\Debugging Tools for Windows (x86)\\";将这一行注释修改为windbg的路径
DBGTOOLS = "C:\\WinDDK\\7600.16385.1\\Debuggers\\";
USE_FPP = YES // Floating Point Processor
// instructions are enabled
// IBM PC specific analyzer options
PC_ANALYZE_PUSH = YES // Convert immediate operand of "push" to offset
//
// In sequence
//
// push seg
// push num
//