-
-
[下载][推荐]IDAScope v1.1: YARA scanning fixed for ida 6.1 python 2.7
-
发表于: 2014-2-18 04:56
-
我下载了新的IDASCOPE并有一些小错误,只是未成年人
解压到plugins文件夹。
其重要的是你设置你的config.py文件proberly或它不会运行。
它位于
C:\用户\ yourfolder\下载\ IDA\ IDA\插件\ IDAscope\ idascope\ config.py
编辑线如果说“yourfolder”
ENGLISH
I downloaded the new IDASCOPE and there was some small errors , just minors
Unpack into plugins folder.
Its important that you set up your config.py file proberly or it wont run.
its located
C:\Users\yourfolder\Downloads\ida\ida\plugins\IDAscope\idascope\config.py
edit the lines where it says "yourfolder"
你可以在这里阅读一个小指南。
ef3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8F1P5q4)9J5k6s2c8X3i4K6u0W2j5X3I4G2k6%4y4H3L8%4c8Q4x3X3g2F1L8#2)9J5c8U0t1H3x3e0c8Q4x3V1j5H3x3W2)9J5c8X3W2V1j5i4y4U0L8%4m8W2i4K6u0V1N6U0p5I4i4K6u0V1P5h3q4J5j5g2)9J5k6s2y4U0j5h3&6F1K9h3&6Y4i4K6u0W2K9s2c8E0L8l9`.`.
如果你想使用它,请务必先安装YARA Python和调整/ idacope/ config.py的签名档本地集合中指定的路径。
ENGLISH
you can read a small guide here.
555K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8F1P5q4)9J5k6s2c8X3i4K6u0W2j5X3I4G2k6%4y4H3L8%4c8Q4x3X3g2F1L8#2)9J5c8U0t1H3x3e0c8Q4x3V1j5H3x3W2)9J5c8X3W2V1j5i4y4U0L8%4m8W2i4K6u0V1N6U0p5I4i4K6u0V1P5h3q4J5j5g2)9J5k6s2y4U0j5h3&6F1K9h3&6Y4i4K6u0W2K9s2c8E0L8l9`.`.
If you want to use it, make sure to install YARA Python first and adjust the paths specified in ./idacope/config.py to your local collection of signature files.
7ccK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4L8$3!0Y4L8r3g2V1M7X3W2$3k6g2)9J5k6h3y4G2L8g2)9J5c8X3S2G2M7%4c8Q4x3V1j5H3b7Y4A6F1e0@1#2I4h3U0W2X3x3#2k6g2k6h3D9^5P5f1^5K6g2Y4k6e0c8$3c8Z5f1V1k6g2i4K6u0r3P5h3q4J5j5g2)9J5k6s2m8&6N6r3S2G2L8W2)9J5k6o6u0Q4x3X3f1H3i4K6u0W2x3q4)9J5k6i4N6A6L8U0x3J5i4K6u0V1M7s2V1J5i4K6u0W2y4#2)9J5k6h3g2^5k6b7`.`.
also get and unpack sigs into C:\yara\*.yara
cf4K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6U0j5h3u0J5k6h3I4Q4x3V1k6&6j5i4u0S2M7$3W2Y4M7#2)9J5k6b7`.`.
download
e4aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3k6A6L8r3g2V1M7X3!0H3M7r3g2J5i4K6u0W2j5$3!0E0i4K6u0r3K9h3c8S2M7$3y4G2M7r3f1`.
IDAscope.rar
PySide for ida 6.1 python 2.7
4ddK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2L8X3!0F1k6X3W2D9k6i4y4Q4x3X3g2U0L8$3#2Q4x3V1k6X3K9h3I4W2i4K6u0r3z5o6c8T1y4X3g2V1y4K6V1%4x3o6y4T1z5e0c8W2y4h3f1K6y4U0m8S2j5e0l9$3x3K6f1H3k6X3t1$3y4e0p5`.
Source de9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8W2j5$3S2T1L8r3W2K6M7#2)9J5k6h3!0J5k6#2)9J5c8Y4c8Z5M7X3g2S2k6s2y4Q4x3V1k6A6k6r3q4K6j5$3!0H3k6g2)9J5k6s2j5I4i4K6u0V1x3g2)9J5k6s2W2S2M7X3q4Q4x3X3c8K6j5$3q4F1L8X3W2F1k6#2)9J5k6r3k6A6P5r3g2V1i4K6u0V1k6X3!0J5i4K6u0V1K9h3c8S2i4K6u0V1y4W2)9J5k6o6q4Q4x3X3c8H3P5i4c8Z5L8$3&6Q4x3X3b7J5i4K6u0V1y4#2)9J5k6e0b7^5y4q4)9J5c8W2)9J5x3%4m8G2M7%4c8Q4x3X3b7I4x3U0t1K6
解压到plugins文件夹。
其重要的是你设置你的config.py文件proberly或它不会运行。
它位于
C:\用户\ yourfolder\下载\ IDA\ IDA\插件\ IDAscope\ idascope\ config.py
编辑线如果说“yourfolder”
ENGLISH
I downloaded the new IDASCOPE and there was some small errors , just minors
Unpack into plugins folder.
Its important that you set up your config.py file proberly or it wont run.
its located
C:\Users\yourfolder\Downloads\ida\ida\plugins\IDAscope\idascope\config.py
edit the lines where it says "yourfolder"
configuration = {
"config_path_sep": "\\",
"plugin_only": False,
"paths": {
# "idascope_root_dir": "C:\\Users\\yourfolder\\Downloads\\ida\\ida\\plugins",
"idascope_root_dir": "C:\\Users\\yourfolder\\Downloads\\ida\\ida\\plugins\\IDAscope",
"semantics_file": "idascope\\data\\semantics.json",
"semantics_folder": "idascope\\data\\semantics",
"winapi_keywords_file": "idascope\\data\\winapi_keywords.json",
"winapi_rootdir": "C:\\WinAPI\\"
},
"winapi": {
"search_hotkey": "ctrl+y",
"load_keyword_database": True,
"online_enabled": True
},
"inspection": {
"default_semantics": "win-ring3"
},
"yara": {
"yara_sigs": ["C:\\yara"]
}
}你可以在这里阅读一个小指南。
ef3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8F1P5q4)9J5k6s2c8X3i4K6u0W2j5X3I4G2k6%4y4H3L8%4c8Q4x3X3g2F1L8#2)9J5c8U0t1H3x3e0c8Q4x3V1j5H3x3W2)9J5c8X3W2V1j5i4y4U0L8%4m8W2i4K6u0V1N6U0p5I4i4K6u0V1P5h3q4J5j5g2)9J5k6s2y4U0j5h3&6F1K9h3&6Y4i4K6u0W2K9s2c8E0L8l9`.`.
如果你想使用它,请务必先安装YARA Python和调整/ idacope/ config.py的签名档本地集合中指定的路径。
ENGLISH
you can read a small guide here.
555K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8F1P5q4)9J5k6s2c8X3i4K6u0W2j5X3I4G2k6%4y4H3L8%4c8Q4x3X3g2F1L8#2)9J5c8U0t1H3x3e0c8Q4x3V1j5H3x3W2)9J5c8X3W2V1j5i4y4U0L8%4m8W2i4K6u0V1N6U0p5I4i4K6u0V1P5h3q4J5j5g2)9J5k6s2y4U0j5h3&6F1K9h3&6Y4i4K6u0W2K9s2c8E0L8l9`.`.
If you want to use it, make sure to install YARA Python first and adjust the paths specified in ./idacope/config.py to your local collection of signature files.
7ccK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4L8$3!0Y4L8r3g2V1M7X3W2$3k6g2)9J5k6h3y4G2L8g2)9J5c8X3S2G2M7%4c8Q4x3V1j5H3b7Y4A6F1e0@1#2I4h3U0W2X3x3#2k6g2k6h3D9^5P5f1^5K6g2Y4k6e0c8$3c8Z5f1V1k6g2i4K6u0r3P5h3q4J5j5g2)9J5k6s2m8&6N6r3S2G2L8W2)9J5k6o6u0Q4x3X3f1H3i4K6u0W2x3q4)9J5k6i4N6A6L8U0x3J5i4K6u0V1M7s2V1J5i4K6u0W2y4#2)9J5k6h3g2^5k6b7`.`.
also get and unpack sigs into C:\yara\*.yara
cf4K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6U0j5h3u0J5k6h3I4Q4x3V1k6&6j5i4u0S2M7$3W2Y4M7#2)9J5k6b7`.`.
#############################################
___ ____ _
|_ _| _ \ / \ ___ ___ ___ _ __ ___
| || | | |/ _ \ / __|/ __/ _ \| '_ \ / _ \
| || |_| / ___ \\__ \ (_| (_) | |_) | __/
|___|____/_/ \_\___/\___\___/| .__/ \___|
|_|
#############################################
by Daniel Plohmann and Alexander Hanel
#############################################
[+] Loading simpliFiRE.IDAscope
[/] setting up shared modules...
[|] loading DocumentationHelper
[|] loading SemanticIdentifier
[/] SemanticIdentifier: Starting (fast) scan by references of function semantics.
[\] Analysis took 0.10 seconds.
[|] Loading WinApiProvider
[|] loading CryptoIdentifier
[|] loading PatternManager
[|] loading YaraScanner
[\] this took 2.66 seconds.
[/] setting up widgets...
[|] loading FunctionInspectionWidget
[|] loading WinApiWidget
[|] loading CryptoIdentificationWidget
[|] loading YaraScannerWidget
[\] this took 0.20 seconds.
Using FLIRT signature: Microsoft VisualC 2-10/net runtime
loading rules from file: C:\yara\apt.yar (72)
loading rules from file: C:\yara\APT_NGO_wuaclt.yar (1)
loading rules from file: C:\yara\APT_NGO_wuaclt_PDF.yar (1)
loading rules from file: C:\yara\avdetect.yar (1)
[!] Could not load yara rules from file: C:\yara\cve.yar
loading rules from file: C:\yara\dbgdetect.yar (3)
loading rules from file: C:\yara\GeorBotBinary.yara (1)
loading rules from file: C:\yara\GeorBotMemory.yara (1)
loading rules from file: C:\yara\hangover.yar (16)
[!] Could not load yara rules from file: C:\yara\index.yar
loading rules from file: C:\yara\sandboxdetect.yar (1)
loading rules from file: C:\yara\vmdetect.yar (1)
loading rules from file: C:\yara\xplug.yar (2)
[!] Performing YARA scan...download
e4aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3k6A6L8r3g2V1M7X3!0H3M7r3g2J5i4K6u0W2j5$3!0E0i4K6u0r3K9h3c8S2M7$3y4G2M7r3f1`.
IDAscope.rar
PySide for ida 6.1 python 2.7
4ddK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2L8X3!0F1k6X3W2D9k6i4y4Q4x3X3g2U0L8$3#2Q4x3V1k6X3K9h3I4W2i4K6u0r3z5o6c8T1y4X3g2V1y4K6V1%4x3o6y4T1z5e0c8W2y4h3f1K6y4U0m8S2j5e0l9$3x3K6f1H3k6X3t1$3y4e0p5`.
Source de9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8W2j5$3S2T1L8r3W2K6M7#2)9J5k6h3!0J5k6#2)9J5c8Y4c8Z5M7X3g2S2k6s2y4Q4x3V1k6A6k6r3q4K6j5$3!0H3k6g2)9J5k6s2j5I4i4K6u0V1x3g2)9J5k6s2W2S2M7X3q4Q4x3X3c8K6j5$3q4F1L8X3W2F1k6#2)9J5k6r3k6A6P5r3g2V1i4K6u0V1k6X3!0J5i4K6u0V1K9h3c8S2i4K6u0V1y4W2)9J5k6o6q4Q4x3X3c8H3P5i4c8Z5L8$3&6Q4x3X3b7J5i4K6u0V1y4#2)9J5k6e0b7^5y4q4)9J5c8W2)9J5x3%4m8G2M7%4c8Q4x3X3b7I4x3U0t1K6
