基于IDA的逆向分析协同工具目前还没有发现比较好用的东西,而像传统的基于源代码的开发IDE则有比较多的选择。对于大型项目和代码的分析,仅靠一人之力其实是比较困难的,并且需要分析的内容太多。这也是这个插件开发出来的原因。
ida-sync-plugin for ida 6.x opensource
公开ida sync plugin源代码,项目地址:http://code.google.com/p/ida-sync-plugin/。
IDA_SYNC_PLUGIN (v2.0.0.1) for IDA 6.x
这个插件已经有很多年的历史了,话说也好几百年没更新了。不知道还有冇淫用这个东西,前一段时间曾经编译了支持6.x的插件,http://www.h4ck.org.cn/2012/06/ida-sync-for-ida-6-x/。但是在使用的过程中发现还是有很多问题的,比如函数名称push的问题。
zynamics Objective-C helper script
对于OC的程序逆向IDA直接解析的代码并不是十分清晰,有太多的_objc_msgSend之类的函数,而根本不知道具体调用的函数是个什么鸟东西。用这个插件可以修正诸如 _objc_msgSend之类的名字。
OllyDbg v1.10 And Wow64
IDA SYNC For IDA 6.x
IDA Sync was written to allow multiple analysts to synchronize their reverse engineering efforts with IDA Pro in real time. Users connect to a central server through the ida_sync plugin. Once connected, all comments and name changes made with the registered hot keys are immediately transmitted to all other users working on the same project. The central server stores a copy of all changes as well, allowing new analysts to jump on the project and immediately receive up to date information.
generate_disasm_line 以及 generate_disassembly
但从字面上也很容易理解这两个函数的意思,但是事实在实际使用的时候效果却并不是想要的那样。
idaman int ida_export generate_disassembly(
// Generate disassembly (many lines)
// and put them into a buffer
// Returns number of generated lines
ea_t ea, // address to generate disassembly for
char *lines[], // buffer to hold pointer to generated lines
int bufsize, // size of buffer
int *lnnum, // number of "the most interesting" line
// may be NULL
bool as_stack); // Display undefined items as 2/4/8 bytes
idaman bool ida_export generate_disasm_line(
// Generate one line of disassembly
// This function discards all "non-interesting" lines
// It is designed to generate one-line desriptions
// of addresses for lists, etc.
ea_t ea, // address to generate disassembly for
char *buf, // pointer to the output buffer
size_t bufsize, // size of the output buffer
int flags=0);
#define GENDSM_FORCE_CODE 1 // generate a disassembly line as if
// there is an instruction at 'ea'
#define GENDSM_MULTI_LINE 2 // if the instruction consists of several lines,
// produce all of them (useful for parallel instructions)