插件『IDA/OD/IMMDbg Plugin』

IDA SYNC For IDA 6.x

一条评论

IDA Sync was written to allow multiple analysts to synchronize their reverse engineering efforts with IDA Pro in real time. Users connect to a central server through the ida_sync plugin. Once connected, all comments and name changes made with the registered hot keys are immediately transmitted to all other users working on the same project. The central server stores a copy of all changes as well, allowing new analysts to jump on the project and immediately receive up to date information.

Continue Reading

插件『IDA/OD/IMMDbg Plugin』

generate_disasm_line 以及 generate_disassembly

3 条评论

但从字面上也很容易理解这两个函数的意思,但是事实在实际使用的时候效果却并不是想要的那样。 sad 

idaman int ida_export generate_disassembly(
                                // Generate disassembly (many lines)
                                // and put them into a buffer
                                // Returns number of generated lines
        ea_t ea,                // address to generate disassembly for
        char *lines[],          // buffer to hold pointer to generated lines
        int bufsize,            // size of buffer
        int *lnnum,             // number of "the most interesting" line
                                // may be NULL
        bool as_stack);         // Display undefined items as 2/4/8 bytes

idaman bool ida_export generate_disasm_line(
                                // Generate one line of disassembly
                                // This function discards all "non-interesting" lines
                                // It is designed to generate one-line desriptions
                                // of addresses for lists, etc.
        ea_t ea,                // address to generate disassembly for
        char *buf,              // pointer to the output buffer
        size_t bufsize,         // size of the output buffer
        int flags=0);
#define GENDSM_FORCE_CODE 1     // generate a disassembly line as if
                                // there is an instruction at 'ea'
#define GENDSM_MULTI_LINE 2     // if the instruction consists of several lines,
                                // produce all of them (useful for parallel instructions)
Continue Reading

破解/汇编『Crack/Asm』, 程序设计『Programing』

Calling IDA APIs from IDAPython with ctypes

没有评论

IDAPython 提供了一些列封装好的ida sdk函数,但是由于SWIG的限制或者一切其他的原因有一部分api并没有封装到这个库中。为了能够调用在idapython中没有封装的api函数get_loader_name(),但是又不想因为调用这么一个简单的函数而编写一个插件进行测试,那么此时就可以使用ctypes 来实现了。

所有IDA API都是由ida的核心动态库来提供的,在Windows系统下这个库为ida.wll(或者ida64.wll),在linux系统下为libida[64].so,在os x系统下为libida[64].dylib. ctypes提供了一个非常好的功能来创建一个封装的Dll到处函数类,可以把他们看成一个类实例的属性来调用。下面的代码用于获取不同系统下的ida实例:

import ctypes
import sys
idaname = "ida64" if __EA64__ else "ida"
if sys.platform == "win32":
dll = ctypes.windll[idaname + ".wll"]
elif sys.platform == "linux2":
dll = ctypes.cdll["lib" + idaname + ".so"]
elif sys.platform == "darwin":
dll = ctypes.cdll["lib" + idaname + ".dylib"]

我们使用windll是因为ida的api在windows系统下是使用stdcall调用约定的(可以通过查看pro.h中队用的idaapi的定义来确定调用类型)

现在我们只需要像调用一个dll对象的一个属性一样来调用我们的函数,但是首先我们要准备好我们函数需要的参数,下面是从loader.hpp中得到的函数的定义:

idaman ssize_t ida_export get_loader_name(char *buf, size_t bufsize);

ctypes提供了一个非常方便的函数来创建字符buffer:

buf = ctypes.create_string_buffer(256)
Continue Reading
Close Menu