-
-
[原创]IDA9-protobuf插件修复
-
发表于: 2024-8-19 18:04
-
工具还原
IDApython插件Protobuf-finder(869K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6m8j5$3y4W2L8Y4c8#2M7X3g2Q4x3V1k6H3M7X3!0@1L8$3u0#2k6W2)9J5k6r3k6A6L8X3c8W2M7R3`.`.)
是一款逆向protobuf程序比较好用的工具,可以还原.proto文件
但是IDA9删除了ida_bytes.bin_search()
1 2 3 4 5 6 7 8 9 10 11 12 | def bin_search(*args) -> "ea_t": bin_search(start_ea, end_ea, image, imask, step, flags) -> ea_t Search for a set of bytes in the program @param start_ea: linear address, start of range to search @param end_ea: linear address, end of range to search (exclusive) @param image: the set of bytes to search for @param imask: a bitfield representing the mask in 'image' (can be None) @param step: either BIN_SEARCH_FORWARD, or BIN_SEARCH_BACKWARD @param flags: combination of BIN_SEARCH_* flags @return: the address of a match, or ida_idaapi.BADADDR if not foundreturn _ida_bytes.bin_search(*args) |
更改为了ida_bytes.bin_search3()
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | def bin_search3(*args) -> "ea_t": bin_search3(start_ea, end_ea, data, flags) -> ea_t @param start_ea: ea_t @param end_ea: ea_t @param data: compiled_binpat_vec_t const & @param flags: int bin_search3(start_ea, end_ea, image, mask, len, flags) -> ea_t @param start_ea: ea_t @param end_ea: ea_t @param image: uchar const * @param mask: uchar const * @param len: size_t @param flags: intreturn _ida_bytes.bin_search3(*args) |
有两种继承,第二种跟之前的比较像,但是我尝试许久,没修改成功,但是第一种修改成功了
修改如下
1 | import ida_nalt |
1 2 3 | pattern = ida_bytes.compiled_binpat_vec_t()ida_bytes.parse_binpat_str(pattern,0x0,'2E 70 72 6F 74 6F',16,ida_nalt.BPU_2B)r,_ =ida_bytes.bin_search3(0x0,0xffff,pattern,1) |
还原如下
总结
善用github搜索
最后于 2024-8-19 18:08
被OYyunshen编辑
,原因:
|
|
|---|---|
|
|
|
|
|
|
|
|
|
