就像我们所熟知的那样,IDA对于Unicode和中文的串式参考并没有太好的处理,在这一方面不管是从插件还是ida自身的功能来看都要比OD的Unicode字符串搜索差得多。但是OD的字符串参考却不太好导入到IDA中于是就先是写了个idc的脚本,用来导入数据。今天又写了个小工具用来处理od解析出来的中文字符串参考。效果就是上面的样子,也许那天实在无聊了会改下OD的中文字符串搜索插件,让其可以直接导出数据。
Import Repeatable Comments to IDA Via Script
///////////////////////////////////////////////////////////////////////////////////////////////////
//Write repeatble comment to the ida database.Such as the Chinese characters exported from OD //
//The data formart show be like fallows: //
//007714F4 发现无线设备, 连接中…… //
//007714F8 发现有线设备, 连接中…… //
//The first is a address, and then 2 spaces ,and the last is the Comment for the data //
//Script by obaby , site:http://www.h4ck.org.cn ,Email:root@h4ck.ws ,Date:11:59 2011-11-7 //
///////////////////////////////////////////////////////////////////////////////////////////////////
rsrcExtractor IDA Plugin
/******************************************************************************
* One of the things I always missed in IDA is parsing of resources. IDA has
* option to load resources, but it's nothing more than dummy data.
* This plugin allows us to load resources from file on disk, and see their
* structure. First time you use plugin on existing database you must have
* that file on disk, as only 1st time I'm using file on disk to parse resources
* and store them into netnodes, which allows ppl to share database with full
* resource layout without need to distribute original file.
*
* To use plugin, just press 'P' and you should see resource layout. Before loading
* file, it's smart to select "Load Resources" in IDA, thus Jump to Data option
* will actually work, and you will be able to inspect resources in IDA without
* saving them to the disk.
*
* (c) 2011 deroko of ARTeam
*******************************************************************************/
IDA Name Chang via idc Script
IDA 6.0设置WinDbg调试器路径
在早期版本的IDA中可以直接通过进程选项来设置Windbg的路径,但是在6.0之后这个菜单没了。
但是可以直接编辑ida.cfg文件来设置调试器路径,修改如下内容即可。
//-------------------------------------------------------------------------
// Processor specific parameters
//-------------------------------------------------------------------------
#ifdef __PC__ // INTEL 80x86 PROCESSORS
//
// Location of Microsoft Debugging Engine Library (dbgeng.dll)
// This value is used by both the windmp (dump file loader) and the windbg
// debugger module. Please also refer to dbg_windbg.cfg
// (note: make sure there is a semicolon at the end)
//DBGTOOLS = "C:\\Program Files\\Debugging Tools for Windows (x86)\\";将这一行注释修改为windbg的路径
DBGTOOLS = "C:\\WinDDK\\7600.16385.1\\Debuggers\\";
USE_FPP = YES // Floating Point Processor
// instructions are enabled
// IBM PC specific analyzer options
PC_ANALYZE_PUSH = YES // Convert immediate operand of "push" to offset
//
// In sequence
//
// push seg
// push num
//
Comment Viewer v.0.2
Comment Viewer is a plug-in for Interactive Dissasembler (IDA) whose purpose is to provide an easy way for the security researcher to manage the comments in the database. It should prove to be useful on large analysis of binary code projects where keeping a good image of the executable actions is needed.
The plug-in supports a variety of options to be as efficient as possible in a variety of cases, while keeping much of its simplicity. For more information on the various options, what they mean and how to use them please read the attached pdf
Orginal Download link:http://www.openrce.org/downloads/details/237/Comment_Viewer
Dbank Download link:http://dl.dbank.com/c0qtmkuof4
Export ASM Code From IDA To File
#include "idc.idc"
static ElementExist(arrayid,size,val)
{
auto i,v;
for(i=0;i