懒得排版了。如果想看的话猛击此处下载文档。 下载密码(h4ckws),看看所谓的加密外链是虾米样子,哈哈 
Zynamics.BinDiff.v4.0.1.Incl.Keyfilemaker.and.Patch-EMBRACE
zynamics BinDiff, the leading executable-comparison tool for reverse engineers that need to analyze patches, malware variants, or are generally interested in the differences between two executables.
Download link:http://depositfiles.com/files/7ypfl1p8y/Zynamics.BinDiff.v4.0.1.Incl.Keyfilemaker.and.Patch-EMBRACE.rar
IDA failed to display the program in graph mode
Usually via the graph mode we can clearly see what and how the subroutine did,however lucky is not all the time with us,u may get an error message like above.
This error is mostly caused by fallow reasons:
1. there are to much nods that ida can’t change to graph mod,now here is no solution to fix this error
2.the current cursor pos is at a position that ida can’t recognize them as functions
3. a sp-anylized failure happened .
VS2010 + IDASDK6.2搭建IDA Plugin开发环境
这里使用的开发环境是vs2010,不过几乎所有的设置在早期版本的vs中基本是一致的。启动vs之后关闭其他的项目和解决方案,然后按照下面的流程创作工程即可。
- 执行菜单的File->New->Project… (Ctrl-Shift-N)打开新建工程窗口。
- 展开左侧的Visual C++项目模板分支,然后选择右侧的Win32 Project条目,输入工程名称,然后点击确定。
IDC 开发环境配置
任何的一个开发环境没有自动完成功能,总是用起来感觉十分蛋疼。今天在笔记本上配置这个鸟东西,发现自动完成功能没法用,原因是安装的差价太多了,那个autocomplete插件根本无法激活。于是去掉了一些乱起八遭的插件,其实要编辑idc只需要一个outline插件和autocomplete插件就可以了,其他的感觉用途不大。当然最重要的还是要有一个idc的高亮模板来提供关键词的高亮和自动完成。
OD Unicode String Format Convert v0.1
就像我们所熟知的那样,IDA对于Unicode和中文的串式参考并没有太好的处理,在这一方面不管是从插件还是ida自身的功能来看都要比OD的Unicode字符串搜索差得多。但是OD的字符串参考却不太好导入到IDA中于是就先是写了个idc的脚本,用来导入数据。今天又写了个小工具用来处理od解析出来的中文字符串参考。效果就是上面的样子,也许那天实在无聊了会改下OD的中文字符串搜索插件,让其可以直接导出数据。
Import Repeatable Comments to IDA Via Script
///////////////////////////////////////////////////////////////////////////////////////////////////
//Write repeatble comment to the ida database.Such as the Chinese characters exported from OD //
//The data formart show be like fallows: //
//007714F4 发现无线设备, 连接中…… //
//007714F8 发现有线设备, 连接中…… //
//The first is a address, and then 2 spaces ,and the last is the Comment for the data //
//Script by obaby , site:http://www.h4ck.org.cn ,Email:root@h4ck.ws ,Date:11:59 2011-11-7 //
///////////////////////////////////////////////////////////////////////////////////////////////////
rsrcExtractor IDA Plugin
/******************************************************************************
* One of the things I always missed in IDA is parsing of resources. IDA has
* option to load resources, but it's nothing more than dummy data.
* This plugin allows us to load resources from file on disk, and see their
* structure. First time you use plugin on existing database you must have
* that file on disk, as only 1st time I'm using file on disk to parse resources
* and store them into netnodes, which allows ppl to share database with full
* resource layout without need to distribute original file.
*
* To use plugin, just press 'P' and you should see resource layout. Before loading
* file, it's smart to select "Load Resources" in IDA, thus Jump to Data option
* will actually work, and you will be able to inspect resources in IDA without
* saving them to the disk.
*
* (c) 2011 deroko of ARTeam
*******************************************************************************/