-
-
[推荐]ida-pro 2022插件大赛各插件介绍
-
发表于: 2022-12-14 11:34
-
一等奖:ttddbg
二等奖:ida_kcpp
三等奖:FindFunc
Condstanta
作者:Martin Petran (Accenture)
下载地址:d20K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Z5k6i4S2Q4x3X3c8J5j5i4W2K6i4K6u0W2j5$3!0E0i4K6u0r3j5$3!0F1N6r3g2K6N6s2y4Q4y4h3k6V1k6i4c8S2K9h3I4K6i4K6u0r3j5$3!0F1N6r3g2K6N6o6t1H3x3U0u0Q4x3V1k6o6L8$3&6V1M7%4c8S2L8Y4c8S2i4K6u0r3b7$3!0F1k6s2y4@1j5h3&6@1j5g2)9J5k6r3#2S2K9h3&6Q4x3X3g2*7K9i4l9`.
项目地址:ba0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6m8j5$3y4W2L8Y4c8#2M7X3g2Q4x3V1k6o6L8$3&6V1M7%4c8S2L8Y4c8S2
Constanta是一个插件,它允许搜索条件语句(如if和switch-case)中使用的常量值,或者搜索包含多个特定常量的函数。该插件允许搜索精确的数字、数字范围和特定常量列表。
FindFunc
作者:Felix B.
下载地址:c3aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Z5k6i4S2Q4x3X3c8J5j5i4W2K6i4K6u0W2j5$3!0E0i4K6u0r3j5$3!0F1N6r3g2K6N6s2y4Q4y4h3k6V1k6i4c8S2K9h3I4K6i4K6u0r3j5$3!0F1N6r3g2K6N6o6t1H3x3U0u0Q4x3V1k6r3K9h3&6V1c8Y4g2F1j5#2)9J5c8X3k6A6L8X3c8X3N6h3&6U0x3g2)9J5k6e0c8Q4x3X3g2*7K9i4l9`.
项目地址:e5bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6r3k6h3I4A6P5p5u0W2M7W2)9J5c8V1k6A6L8X3c8r3N6h3&6U0
用于查找包含特定程序集或字节模式、引用特定名称或字符串或符合各种其他约束的代码函数。
FirmLoader
作者:Martin Petran (Accenture)
下载地址:cf0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Z5k6i4S2Q4x3X3c8J5j5i4W2K6i4K6u0W2j5$3!0E0i4K6u0r3j5$3!0F1N6r3g2K6N6s2y4Q4y4h3k6V1k6i4c8S2K9h3I4K6i4K6u0r3j5$3!0F1N6r3g2K6N6o6t1H3x3U0u0Q4x3V1k6r3K9i4u0E0e0r3!0S2k6r3g2J5i4K6u0r3c8X3W2J5L8f1I4G2j5h3c8W2M7W2)9J5k6r3#2S2K9h3&6Q4x3X3g2*7K9i4l9`.
项目地址:780K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6m8j5$3y4W2L8Y4c8#2M7X3g2Q4x3V1k6r3K9i4u0E0e0r3!0S2k6r3g2J5
SVD加载器的替代方案,使用更简单的JSON文件
ida_bochs_windows
作者:David Reguera Garcia aka Dreg
下载地址:80bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Z5k6i4S2Q4x3X3c8J5j5i4W2K6i4K6u0W2j5$3!0E0i4K6u0r3j5$3!0F1N6r3g2K6N6s2y4Q4y4h3k6V1k6i4c8S2K9h3I4K6i4K6u0r3j5$3!0F1N6r3g2K6N6o6t1H3x3U0u0Q4x3V1k6A6k6r3q4Q4y4h3k6T1L8$3y4Z5M7#2)9#2k6Y4N6A6L8X3c8G2N6%4y4Q4x3V1k6A6k6r3q4Q4y4h3k6T1L8$3y4Z5M7#2)9#2k6Y4N6A6L8X3c8G2N6#2)9J5k6i4A6A6M7l9`.`.
项目地址:41dK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6@1K9r3g2J5k6h3q4D9k6s2u0W2k6#2)9J5c8X3W2V1j5g2)9#2k6X3u0G2j5$3S2K6i4K6g2X3N6$3W2F1k6r3!0%4M7H3`.`.
在本地 Bochs调试器上使用IDA Pro调试Windows内核的辅助脚本,包括pdb符号
ida_kcpp
作者:Uriel Malin and Ievgen Solodovnykov of Cellebrite Labs
下载地址:754K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Z5k6i4S2Q4x3X3c8J5j5i4W2K6i4K6u0W2j5$3!0E0i4K6u0r3j5$3!0F1N6r3g2K6N6s2y4Q4y4h3k6V1k6i4c8S2K9h3I4K6i4K6u0r3j5$3!0F1N6r3g2K6N6o6t1H3x3U0u0Q4x3V1k6A6k6r3q4Q4y4h3k6C8j5%4m8H3i4K6u0r3K9h3c8S2i4K6g2X3K9$3y4H3M7q4)9J5k6r3#2S2K9h3&6Q4x3X3g2*7K9i4l9`.
项目地址:cd6K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6U0k6h3I4D9k6h3u0J5K9i4c8W2i4K6u0V1L8r3q4T1M7#2)9J5c8X3W2V1j5g2)9#2k6X3E0U0M7s2l9`.
IDAPython模块,用于更方便地逆向iOS内核缓存。
ida_names
作者:Pavel Maksyutin (Positive Technologies)
地址:e7bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6S2M7X3y4Z5k6i4u0U0M7X3g2S2N6q4)9J5c8X3W2V1j5g2)9#2k6X3&6S2L8h3g2K6
IDA名称自动使用当前函数名重命名伪代码窗口。它还可以使用SHIFT-T热键重命名任意窗口。
Quokka
作者:Alexis Challande (Quarkslab/École Polytechnique)
地址:1a2K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6I4N6h3q4J5K9%4y4D9j5h3u0Q4x3V1k6I4N6h3!0C8K9$3p5`.
Quokka是一个二进制导出器:它从程序的反汇编中生成一个导出文件,可以在不包含反汇编功能的程序中使用。并提供了专用的py库使用
ttddbg
作者:Simon Garrelou, Sylvain Peyrefitte of the Airbus CERT Team
地址:70bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6S2K9i4u0T1N6i4y4Q4x3X3c8U0k6i4u0@1i4K6u0r3N6s2c8V1k6r3u0Y4
ttddbg是IDA Pro的调试器插件,它可以读取WinDBG或Visual Studio生成的 "调用堆栈"(Timeline),能够方便快速定位到崩溃点等
VulFi
作者:Martin Petran (Accenture)
地址:fc0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6m8j5$3y4W2L8Y4c8#2M7X3g2Q4x3V1k6h3N6h3I4r3K9b7`.`.
基于函数交叉引用漏洞查询工具,通过预定义的规则去寻找敏感函数等
参考链接:85eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6J5k6i4g2J5L8q4)9J5k6h3y4U0i4K6u0r3P5h3#2i4e0K6y4p5
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
