关于ida pro的牛逼插件keypatch
来源:互联网 发布:影响网络吞吐量的原因 编辑:程序博客网 时间:2024/06/05 19:45
关于ida pro的牛逼插件keypatch
通常ida在修改二进制文件,自带的edit->patch program->assemble 可以修改x86, x64 但是不能修改arm, arm64,移动端逆向该怎么办?
之前arm下可以使用ida-patcher http://thesprawl.org/projects/ida-patcher/ 这个插件,但是必须知道arm指令对应的机器码,使用还是有点麻烦.
如图:
ida-patcher 菜单:
ida-patcher patch:
![ida-patcher patch2]](http://img.blog.csdn.net/20160821191421489)
edit selection:
![ida-patcher patch3]](http://img.blog.csdn.net/20160821191536749)
今天介绍的这个神器插件keypatch
Keypatch is confirmed to work on IDA Pro version 6.4, 6.6, 6.8, 6.9, 6.95
https://github.com/keystone-engine/keypatch
支持的CPU架构: support Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ & X86 (include 16/32/64bit).支持的平台: work everywhere that IDA works, which is on Windows, MacOS, Linux.Based on Python, so it is easy to install as no compilation is needed.keypatch底层依赖keystone-engine
安装keystone-engine
For Windows
It is easiest to just download & install Python 2.7 module for Windows from http://www.keystone-engine.org/download. Be sure to get the 32-bit version, regardless of your Windows edition.If you prefer to compile from source, just use MSVC 32-bit & follow the instructions in Windows documentation to build keystone.dll. After that, install Python module as in Python documentation. Then copy keystone.dll to the directory of Keystone Python module.
For osx
sudo pip install keystone-engine
安装keypatch
https://github.com/keystone-engine/keypatch.git将 keypatch.py 复制到 /Applications/IDA\ Pro\ 6.95/idaq.app/Contents/MacOS/plugins
重新打开ida
使用keypatch 快捷键ctrl+alt+k
arm汇编
keypatch界面
keypatch修改界面
点击patch, 修改成功
keypatch修改界面后,注意右边的注释(保留前面的代码)
![keypatch修改界面后]](http://img.blog.csdn.net/20160821192042897)
如何撤销修改
ctrl+alt + p 右击revert指定的修改
或者
- 关于ida pro的牛逼插件keypatch
- ida keypatch
- 几个必备的IDA pro插件
- 开发IDA pro图形界面插件
- 反汇编分析工具IDA Pro的可视化插件使用方法
- IDA PRO的流程图功能
- 好的反编译工具(IDA pro)
- IDA Pro google 互动查询插件 - RE-Google
- IDA Pro 5.2 (安装,破解,SDK, 插件,汉化)
- IDA Pro 7.0皮肤插件的安装与深色主题(包含背景色、前景色、指令颜色)的设置
- SoftIce,IDA pro强强联合!从SOFTICE中打开IDA Pro输出的map信息文件
- SoftIce,IDA pro强强联合!从SOFTICE中打开IDA Pro输出的map信息文件
- 一个dumpdex的IDA插件
- 一个dumpdex的IDA插件
- 几个关于牛逼的谚语
- (转)IDA Pro 简介
- HexRays IDA Pro
- IDA PRO使用
- Leetcode 91. Decode Ways (Medium) (cpp)
- 解析Spring源码(9)--XmlBeanDefinitionReader reader = new XmlBeanDefinitionReader(this);
- UltraISO注册码
- Java面试相关:Java类加载全过程
- ionic ng-bind-html
- 关于ida pro的牛逼插件keypatch
- 我的数组类(深拷贝)
- POJ 2437(贪心)
- Function执行原理 & 闭包
- jQuery回车触发事件
- Unity不常用方法
- Angular—ng-class
- java基础-反射技术浅析
- JAVA学习笔记Day25——动态接口的实现
