公开ida sync plugin源代码,项目地址:http://code.google.com/p/ida-sync-plugin/。
zynamics Objective-C helper script
对于OC的程序逆向IDA直接解析的代码并不是十分清晰,有太多的_objc_msgSend之类的函数,而根本不知道具体调用的函数是个什么鸟东西。用这个插件可以修正诸如 _objc_msgSend之类的名字。
IDA Unicode String Anylist and comment maker
早在很久之前就写过一个导入Unicode字符串注释的脚本,但是脚本操作还是有自己的局限性。每次都要通过其他的分析工具搜索定位到字符串,然后导出,在然后倒入。这是多么蛋疼的时间事情啊。 😎
(关于插图:
Augusta Ada King, Countess of Lovelace (10 December 1815 – 27 November 1852), born Augusta Ada Byron, was an English writer chiefly known for her work on Charles Babbage’s early mechanical general-purpose computer, the analytical engine. Her notes on the engine include what is recognised as the first algorithm intended to be processed by a machine; thanks to this, she is sometimes considered the “World’s First Computer Programmer”
She was the only legitimate child of the poet Lord Byron (with Anne Isabella Milbanke). She had no relationship with her father, who died when she was nine. As a young adult, she took an interest in mathematics, and in particular Babbage’s work on the analytical engine. Between 1842 and 1843, she translated an article by Italian mathematician Luigi Menabrea on the engine, which she supplemented with a set of notes of her own. These notes contain what is considered the first computer programme — that is, an algorithm encoded for processing by a machine. Though Babbage’s engine has never been built, Lovelace’s notes are important in the early history of computers. She also foresaw the capability of computers to go beyond mere calculating or number-crunching while others, including Babbage himself, focused only on these capabilities.)
到网上随便搜了搜发现hexrays曾经发布过一个处理unicode字符串的插件,猛击此处访问插件页面。插件的名字叫做unispector。并且在插件页面提供了相关的源代码下载,但是偶下载编译之后在新版的ida下无法成功加载,并且没有出现应有的效果。
IDA Binary Copy & Paste
Seeing there isn’t any binary copy-and-paste functionality in IDA, this plug-in will take care of both
copy and paste operations allowing you to take a chunk of binary from one place and overwrite
another with it. You need to modify your plugins.cfg file as this is a multi-function plug-in, needing
one invocation for copy and another for paste. Obviously it only supports copying and pasting
within IDA, however it could probably be extended to go beyond that.
Ida Plugin Wizard For VS2010
安装说明:
1.请按照提示信息进行操作,如果选择错误目录将会导致模板无法正常加载或者无法正常创建工程;
2.请确认安装目录为VS的vc根目录:如果是Win7 + vs2010则默认目录如下所示:
C:Program Files (x86)Microsoft Visual Studio 10.0VC
3.本工具的修改版本去除了插件自动复制功能,如果需要开启该功能请手工编辑
appwizIDA ProScripts1033default.js文件,去掉如下几行的注释:
否则会导致无法找到include目录或文件,或者无法生成plw文件。
4.部分错误目前尚未修正,将在未来版本进行修正。
393行 //PostBuildTool.Description = 'Copying "$(TargetFileName)" to "' + strCopyToFolder + '"...';
397行 //PostBuildTool.CommandLine = 'copy /b /y "$(TargetDir)$(TargetFileName)" "' + strCopyToFolder + '"';
Zynamics.BinDiff.v4.0.1.Incl.Keyfilemaker.and.Patch-EMBRACE
zynamics BinDiff, the leading executable-comparison tool for reverse engineers that need to analyze patches, malware variants, or are generally interested in the differences between two executables.
Download link:http://depositfiles.com/files/7ypfl1p8y/Zynamics.BinDiff.v4.0.1.Incl.Keyfilemaker.and.Patch-EMBRACE.rar
Fast IDB2Sig and LoadMap plugins(IDA)
Click Here to Download these plugins!
It took me two weeks to write two IDA plugins, a renew, fast IDB2Sig plugin and a new, very fast LoadMap plugin.
The IDB2SIG plugin I rewrote base on the orginal source code and idea of:
– Quine (quine@blacksun.res.cmu.edu)
– Darko
– IDB2PAT of J.C. Roberts <mercury@abac.com>
Thanks all of you very much. I think all of you will allow me to public the new source code.
The LoadMap plugin I wrote base on the idea of Toshiyuki Tega. It will supports loading and parsing VC++, Borland (Delphi/BC++/CBuilder) and DeDe map files.
And with two plugins, I need only two days to create two signature file for Delphi 6/7. Very fast and convenience. Hereafter, we can use two above plugins to create signature files, load map symbols…Source is included, and plugins are precompiled for IDA 4.5 and 5.2.
FullDisasm : plugin OllyDbg & Immunity Debugger
This is a plugin for OllyDbg 1.10 and Immunity Debugger 1.xx to replace the old disasm engine by a more recent one : BeaEngine 4.0.
You just have to press Ctrl+W to change the disasm engine.
If you want to use BeaEngine only on selected lines, then just press Ctrl+X.
With this plugin, you can decode recent instructions for the following technologies : MMX, FPU, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2 , VMX, CLMUL and AES.
You can even decode undocumented instructions usually used in malicious codes.
If you want to use a specific syntax, BeaEngine allows you to disassemble code in masm32 syntax, nasm syntax, GoAsm syntax or GNU Assembler syntax.
Current version : 3.0