rsrcExtractor IDA Plugin

/******************************************************************************
 * One of the things I always missed in IDA is parsing of resources. IDA has
 * option to load resources, but it's nothing more than dummy data.
 * This plugin allows us to load resources from file on disk, and see their
 * structure. First time you use plugin on existing database you must have
 * that file on disk, as only 1st time I'm using file on disk to parse resources
 * and store them into netnodes, which allows ppl to share database with full
 * resource layout without need to distribute original file.
 *
 * To use plugin, just press 'P' and you should see resource layout. Before loading
 * file, it's smart to select "Load Resources" in IDA, thus Jump to Data option
 * will actually work, and you will be able to inspect resources in IDA without
 * saving them to the disk.
 *
 *                                             (c) 2011 deroko of ARTeam
 *******************************************************************************/

 
Clkck here to download

IDA 6.0设置WinDbg调试器路径

在早期版本的IDA中可以直接通过进程选项来设置Windbg的路径,但是在6.0之后这个菜单没了。

但是可以直接编辑ida.cfg文件来设置调试器路径,修改如下内容即可。

//-------------------------------------------------------------------------
//      Processor specific parameters
//-------------------------------------------------------------------------
#ifdef __PC__                           // INTEL 80x86 PROCESSORS
//
// Location of Microsoft Debugging Engine Library (dbgeng.dll)
// This value is used by both the windmp (dump file loader) and the windbg
// debugger module. Please also refer to dbg_windbg.cfg
// (note: make sure there is a semicolon at the end)

//DBGTOOLS = "C:\\Program Files\\Debugging Tools for Windows (x86)\\";将这一行注释修改为windbg的路径
DBGTOOLS = "C:\\WinDDK\\7600.16385.1\\Debuggers\\";

USE_FPP = YES // Floating Point Processor
// instructions are enabled

// IBM PC specific analyzer options

PC_ANALYZE_PUSH = YES // Convert immediate operand of "push" to offset
//
// In sequence
//
// push seg
// push num
//

Comment Viewer v.0.2

Comment Viewer is a plug-in for Interactive Dissasembler (IDA) whose purpose is to provide an easy way for the security researcher to manage the comments in the database. It should prove to be useful on large analysis of binary code projects where keeping a good image of the executable actions is needed.

 The plug-in supports a variety of options to be as efficient as possible in a variety of cases, while keeping much of its simplicity. For more information on the various options, what they mean and how to use them please read the attached pdf

Orginal Download link:http://www.openrce.org/downloads/details/237/Comment_Viewer

Dbank Download link:http://dl.dbank.com/c0qtmkuof4

IDA + GDBServer实现iPhone程序远程调试

IDA + GDBServer实现iPhone程序远程调试

By:obaby

在早期的IDA中包含了一个iphoneserver的程序,这个程序就是配合IDA实现远程调试的。但是在最新版的IDA中这个东西已经不复存在了,因而下载的破解版的IDA中没有那个文件并不是被删除掉了,而是本来就没有,*^_^*。所以一直以来调试iPhone上的二进制程序只能悲催的使用ssh+gdb进行调试,虽然调试器的功能还算可以,但是每次调试都需要设置显示,只能使用命令进行控制,因而用起来还是不是十分爽。

其实网上关于IDA实现ios设备远程调试的文章从网上也是可以找到的,但是说的都不是十分具体。本文主要是介绍下IDA实现远程iPhone程序调试的方法,当然这样调试还存在一些问题,如果大家有什么好的解决方案还请不吝赐教。

需要注意的是要想调试ios设备上的程序并不是简单的吧gdbserver拷贝到ios设备上行就可以了,此时如果使用gdbserver启动进程将得到类似如图1所示的提示信息:

图1

Continue Reading

IDA PRO ADVANCED EDITION v6.1 BUILD 0110409

IDA Pro Advanced Edition v6.1 the multi processor, multi operating system, interactive disassembler is used by security professionals to build a safer internet; by governmental agencies to validate commercial software; by open-source activists to support undocumented architectures; by device driver developers to tackle complex compatibility issues; and by embedded developers to build a better future.

Continue Reading