今天在测试的时候发现IDA 5.5可以启动windbg调试器,而IDA 6.0却无法启动windbg调试器。大体看了一下可能是由于搜索路径造成的,重新将windbg安装到program files下之后问题就结局了。
网上也有关于用IDA调试驱动的文章,这里只是再整理一下,用IDA载入驱动分析完成之后选择调试器为Windbg debugger,如图1所示:
图1
然后执行菜单中的Debugger->Debugger options打开如图2所示的设置窗口。
图2
IDA调试Windows 内核
以前总想知道IDA是否能够实现内核调试,后来找了一段时间没什么结果就暂时放弃了。今天在国外的一个博客上偶然看到了用IDA实现内核调试的方法。
其实现在国内也有很多文章介绍了IDA通过串口进行调试的文章,如果大家想看的话可以搜索下。
这里只是参考远远吧实现的方法大体的用中文表述了一下。在调试之前需要安装如下的软件:
- IDA PRO这个我想大家都应该有了;
- Windbg如果调试过驱动或者系统内核的话这个东西也应该有了;
- VirtualKd 这个东西我想大家如果没有做过使用IDA调试内核的话这个东西应该是还没有。
FullDisasm : plugin OllyDbg & Immunity Debugger
This is a plugin for OllyDbg 1.10 and Immunity Debugger 1.xx to replace the old disasm engine by a more recent one : BeaEngine 4.0.
You just have to press Ctrl+W to change the disasm engine.
If you want to use BeaEngine only on selected lines, then just press Ctrl+X.
With this plugin, you can decode recent instructions for the following technologies : MMX, FPU, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2 , VMX, CLMUL and AES.
You can even decode undocumented instructions usually used in malicious codes.
If you want to use a specific syntax, BeaEngine allows you to disassemble code in masm32 syntax, nasm syntax, GoAsm syntax or GNU Assembler syntax.
Current version : 3.0
Syser Kernel Debugger v1.99.1900.1217
download link:http://cracklab.ru/download.php?action=get&n=ODU1
CmpDisasm v0.71
Download link:http://dl.dbank.com/c0lu5w0rjp
Reflector 1.0.2011.0408
修改:
1,移除所有授权相关代码和资源
2,移除所有报告错误相关代码和资源
3,移除ReflectorInstaller相关代码和资源,大小由4.3M(混淆压缩)变成2.8M(未混淆压缩)
4,增加代码着色,原来只有黑色和深绿色,看起来要命。类名红色,方法名绿色,类字段浅黄色,参数浅绿色,本地变量黑色(若不喜欢自己修改代码)
原文链接:http://www.cnblogs.com/nnhy/archive/2011/04/14/2016021.html
迅雷 7.1.8.2294去广告补丁
imp64
Here is one tool to fix imports on x64 target (and to dump them as well). This tool was done almost a year ago. GUI really sucks as I’m not very experienced with GUI programming. However import fixing code should do just fine as it uses 1API = 1IID technique which I described in one of my Blog entries. Good thing is that import scanning/fixing code can be extracted from source without a problem as those are held in separate files.
Hope that someone will find this tool useful, at least source code.
Download link1:http://exelab.ru/download.php?action=get&n=MTAzMA==
Download link2:http://deroko.phearless.org/imp64.rar