Artificial Intelligence / Reverse Engineering / Internet of Things / Full Stack Developer
RetDec plugin for IDA (Interactive Disassembler).
The plugin is compatible with the IDA 7.5+ versions. The plugin does NOT work with IDA 6.x, IDA 7.0-7.4, or freeware version of IDA 7.0. The plugin comes at both 32-bit and 64-bit address space variants (both are 64-bit binaries). I.e. it works in both ida and ida64. At the moment, it can decompile the following architectures:
========================= IDA-Pro Key Generator ========================
Use this program to make your IDA-Pro copy look legit or to increase the
number of seats for your license.
I used to support IDA a long time ago but they have exponentially increased
the prices of their products and insisted on a yearly subscription based
payment. Without an active plan one can’t even access the IDA forum.
So I’ve continued to use IDA-Pro and for the last 20 years I had every
single version either leaked or “borrowed” from friends with my own
generated licenses.
How to install ida+decompilers:
1) Install the provided setup. Simply double click on the executable and use
the provided password.
2) Copy the plugins directory to the installed directory.
3) copy the cfg directory to the installed directory.
4) try the dsync plugin provided. Open the file you wish to decompile, press f5 to decompile. Press ctrl-shft-s to sync decompiler and disassembler views. Select a linein the decompiler and the corresponding disassembly lines will be highlighted. For more info on this plugin google dsync git.
下载链接:
链接:https://pan.baidu.com/s/1jhpF-IzeiFARFaGLq_pdDQ 密码:5weo
md5:
MD5 (/Volumes/DATA/SOFT/idap7.3/x64IDA73-TIRA.zip) = f9ddc170ed22c0dc5c93c51542429c2a
不管是windows还是mac想找个好用的看图软件还是比较难,用的都不怎么合手。以前一直用Picasa3,结果现在google早已经不维护这个项目了。
尝试安装acdsee,浏览功能也还ok,但是预览的时候不能跨目录导致图片较多的时候会出现需要来回切换目录的问题。
自从ida升级7.0 之后,hexrays做了很多的改动,以前的插件基本都废掉了。于是想要找个插件就变得很困难,最近分析一个文件需要获取所有的注释,但是那个针对低版本开发的commentview已经无力回天了。虽然晚上有开源的代码,但是实际修改起来比较蛋疼,不知道是不是ida的问题,编译的插件获取的地址基本都是错误的。还是按照以前的使用区段枚举,和inf信息获取的方法获取到的地址都错了,着tm就很尴尬了,测试代码如下:
for (int i = 0; i < get_segm_qty(); i++) {
segment_t *seg = getnseg(i);
qstring segname;
get_segm_name( &segname,seg, 1024);
msg("segname: %s, start_ea= %08x, end_ea= %08x , size=%08x \n", segname.c_str(), seg->start_ea, seg->end_ea, seg->size());
}
msg("Database Info: start_ea= %08x, min_ea= %08x, max_ea= %08x, omin_ea= %08x, omax_ea= %08x \n", inf.start_ea, inf.min_ea, inf.max_ea, inf.omin_ea, inf.omax_ea);
msg("lowoff= %08x, highoff= %08x, main= %08x \n", inf.lowoff, inf.highoff, inf.main);
实际获取到的数据如下,测试环境为OSX + IDA 7.0,如果谁看到了这篇文章还获取到了正确的地址麻烦通知我一声(感谢匿名用户的评论反馈:那个基址问题应该是IDA的BUG,在新的IDA 7.0.171130 (SP1)里已经修正了的,如果是正版的话就升级一下吧。)。
segname: .text, start_ea= 10001000, end_ea= 00000001 , size=effff001
segname: .idata, start_ea= 10005000, end_ea= 00000006 , size=efffb006
segname: .rdata, start_ea= 1000513c, end_ea= 00000003 , size=efffaec7
segname: .data, start_ea= 10006000, end_ea= 00000005 , size=efffa005
Database Info: start_ea= 10007000, min_ea= ff000000, max_ea= 00000000, omin_ea= 0006000f, omax_ea= 06400007
lowoff= 00500046, highoff= 00000301, main= 10007000
获取到的end_ea都是错的。