这是我做的第一款wp的主题,模仿的很久之前的milw0rm。本来是想从网上随便找个做收费主题的人做一个的,但是随便问了一下发现非常不靠谱,对于这么简单的东西开口先不管做什么就直接报价1k,这可是我好几天的工资啊。再说了我也没那么蛋疼,于是决定自己来做。
Interactive Delphi Reconstructor 2.5.3 Beta
IDR (Interactive Delphi Reconstructor) – a decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment.
The program firstly is intended for the companies, engaged by development of anti-virus software. It can also help programmers to recover lost source code of programs appreciably.
The current version of the program can process files (GUI and console applications), compiled by Delphi compilers of versions Delphi2 – Delphi2010.
Calling IDA APIs from IDAPython with ctypes
IDAPython 提供了一些列封装好的ida sdk函数,但是由于SWIG的限制或者一切其他的原因有一部分api并没有封装到这个库中。为了能够调用在idapython中没有封装的api函数get_loader_name(),但是又不想因为调用这么一个简单的函数而编写一个插件进行测试,那么此时就可以使用ctypes 来实现了。
所有IDA API都是由ida的核心动态库来提供的,在Windows系统下这个库为ida.wll(或者ida64.wll),在linux系统下为libida[64].so,在os x系统下为libida[64].dylib. ctypes提供了一个非常好的功能来创建一个封装的Dll到处函数类,可以把他们看成一个类实例的属性来调用。下面的代码用于获取不同系统下的ida实例:
import ctypes
import sys
idaname = "ida64" if __EA64__ else "ida"
if sys.platform == "win32":
dll = ctypes.windll[idaname + ".wll"]
elif sys.platform == "linux2":
dll = ctypes.cdll["lib" + idaname + ".so"]
elif sys.platform == "darwin":
dll = ctypes.cdll["lib" + idaname + ".dylib"]
我们使用windll是因为ida的api在windows系统下是使用stdcall调用约定的(可以通过查看pro.h中队用的idaapi的定义来确定调用类型)
现在我们只需要像调用一个dll对象的一个属性一样来调用我们的函数,但是首先我们要准备好我们函数需要的参数,下面是从loader.hpp中得到的函数的定义:
idaman ssize_t ida_export get_loader_name(char *buf, size_t bufsize);
ctypes提供了一个非常方便的函数来创建字符buffer:
buf = ctypes.create_string_buffer(256)
IDA Unicode String Anylist and comment maker
早在很久之前就写过一个导入Unicode字符串注释的脚本,但是脚本操作还是有自己的局限性。每次都要通过其他的分析工具搜索定位到字符串,然后导出,在然后倒入。这是多么蛋疼的时间事情啊。 😎
(关于插图:
Augusta Ada King, Countess of Lovelace (10 December 1815 – 27 November 1852), born Augusta Ada Byron, was an English writer chiefly known for her work on Charles Babbage’s early mechanical general-purpose computer, the analytical engine. Her notes on the engine include what is recognised as the first algorithm intended to be processed by a machine; thanks to this, she is sometimes considered the “World’s First Computer Programmer”
She was the only legitimate child of the poet Lord Byron (with Anne Isabella Milbanke). She had no relationship with her father, who died when she was nine. As a young adult, she took an interest in mathematics, and in particular Babbage’s work on the analytical engine. Between 1842 and 1843, she translated an article by Italian mathematician Luigi Menabrea on the engine, which she supplemented with a set of notes of her own. These notes contain what is considered the first computer programme — that is, an algorithm encoded for processing by a machine. Though Babbage’s engine has never been built, Lovelace’s notes are important in the early history of computers. She also foresaw the capability of computers to go beyond mere calculating or number-crunching while others, including Babbage himself, focused only on these capabilities.)
到网上随便搜了搜发现hexrays曾经发布过一个处理unicode字符串的插件,猛击此处访问插件页面。插件的名字叫做unispector。并且在插件页面提供了相关的源代码下载,但是偶下载编译之后在新版的ida下无法成功加载,并且没有出现应有的效果。
IDA Binary Copy & Paste
Seeing there isn’t any binary copy-and-paste functionality in IDA, this plug-in will take care of both
copy and paste operations allowing you to take a chunk of binary from one place and overwrite
another with it. You need to modify your plugins.cfg file as this is a multi-function plug-in, needing
one invocation for copy and another for paste. Obviously it only supports copying and pasting
within IDA, however it could probably be extended to go beyond that.
《Delphi Learning Pack》 (8600Pages)
Download Link:http://dl.dbank.com/c0rbwhapmg
Ida Plugin Wizard For VS2010
安装说明:
1.请按照提示信息进行操作,如果选择错误目录将会导致模板无法正常加载或者无法正常创建工程;
2.请确认安装目录为VS的vc根目录:如果是Win7 + vs2010则默认目录如下所示:
C:Program Files (x86)Microsoft Visual Studio 10.0VC
3.本工具的修改版本去除了插件自动复制功能,如果需要开启该功能请手工编辑
appwizIDA ProScripts1033default.js文件,去掉如下几行的注释:
否则会导致无法找到include目录或文件,或者无法生成plw文件。
4.部分错误目前尚未修正,将在未来版本进行修正。
393行 //PostBuildTool.Description = 'Copying "$(TargetFileName)" to "' + strCopyToFolder + '"...';
397行 //PostBuildTool.CommandLine = 'copy /b /y "$(TargetDir)$(TargetFileName)" "' + strCopyToFolder + '"';