ida 插件编写
来源:互联网 发布:钢铁雄心4汉化版mac 编辑:程序博客网 时间:2024/05/22 08:23
Ida中的IDC 脚本 ,python 脚本 还有插件功能给我们提供了很强大的扩展性,我们在分析二进制代码的时候总会有些时候需要写些脚本来给我们提供自动化的分析来释放我们的双手。
脚本已经很方便了,但有些时候为了效率我们还是需要编写下插件的。现在就来介绍下ida 插件的编写:
#include <ida.hpp>#include <idp.hpp>#include <search.hpp>#include <loader.hpp>#include <Windows.h>#include "Search_arm_syscall.h"int IDAP_init(void){// Do checks here to ensure your plug-in is being used within// an environment it was written for. Return PLUGIN_SKIP if the // checks fail, otherwise return PLUGIN_KEEP.return PLUGIN_KEEP;}void IDAP_term(void){// Stuff to do when exiting, generally you'd put any sort// of clean-up jobs here.return;}// The plugin can be passed an integer argument from the plugins.cfg// file. This can be useful when you want the one plug-in to do// something different depending on the hot-key pressed or menu// item selected.void IDAP_run(int arg){// The "meat" of your plug-inmsg("search arm syscall start %x end %x\n",getnseg(0)->startEA,getnseg(0)->endEA);search_svc_call(getnseg(0)->startEA,getnseg(0)->endEA);return;}// There isn't much use for these yet, but I set them anyway.char IDAP_comment[] = "This is my test plug-in";char IDAP_help[] = "My plugin";// The name of the plug-in displayed in the Edit->Plugins menu. It can // be overridden in the user's plugins.cfg file.char IDAP_name[] = "My plugin";// The hot-key the user can use to run your plug-in.char IDAP_hotkey[] = "Alt-X";// The all-important exported PLUGIN objectplugin_t PLUGIN ={IDP_INTERFACE_VERSION,// IDA version plug-in is written for0,// Flags (see below)IDAP_init,// Initialisation functionIDAP_term,// Clean-up functionIDAP_run,// Main plug-in bodyIDAP_comment,// Comment �unusedIDAP_help,// As above �unusedIDAP_name,// Plug-in name shown in // Edit->Plugins menuIDAP_hotkey// Hot key to run the plug-in};下面写一个arm elf 中遍历 svc call
int search_svc_call(ea_t start,ea_t end){ea_t i;ea_t addrA;addrA = 0;for(i = start ; i < (end - 8) ; i += 2){addrA = find_binary(i,i + 8,"?? 70 A0 E3 00 00 00 EF",getDefaultRadix(),SEARCH_DOWN);if(addrA != 0xFFFFFFFF){msg("svc CALL :%x %s\n",addrA,arm_syscall_table[get_full_byte(addrA)]);if (get_func(addrA)){set_name(get_func(addrA)->startEA,arm_syscall_table[get_full_byte(addrA)]);}}}return 0;}
0 0
- ida 插件编写
- ida 插件编写
- 用python编写第一个IDA插件
- IDA 插件
- IDA Plugin 编写基础
- IDA Plugin 编写基础
- IDA 5.2 插件开发
- ida常用插件
- 编写OD插件将IDA中分析出来的函数名导入到OD中
- 一个dumpdex的IDA插件
- 一个dumpdex的IDA插件
- 开发IDA pro图形界面插件
- ida 2016插件大赛获奖作品
- 插件编写
- 插件编写
- 让 IDA 的 F5 插件失效
- 几个必备的IDA pro插件
- IDA插件-----获取指定函数参数个数
- python参数传递那些事
- ubuntu 14.04 打开Python2.7 IDLE
- python中的map、filter、reduce函数
- Android studio升级导致原有工程出错的解决方法
- python模块导入过程
- ida 插件编写
- xUtils框架
- 30 ,全局变量与局部变量
- Vim代码补全插件:YouCompleteMe
- repo 的使用
- C# 索引器与属性的区别
- 周记(四)
- js 正则表达式详解
- VS.net中快捷键收缩和展开代码段
