RE FORUM
[REVERSE ENGINEERING] => Tools => Topic started by: DARKER on January 02, 2009, 10:52:17 AM
-
Nasiel som nejake nove veci okolo pluginov pre IDA, mozno to bude pre niekoho zaujimave:
IDA Pro plugin wizard for Visual Studio 2008 and Visual C++ 2008 Express Edition
All appropriate compiler and linker options are configured by the wizard.
(A different version of the wizard is available for 2005 compilers)
The wizard can currently create:
* plugin modules
* debugger plugin modules
Quickopt
Sluzi na "rychle" nastavenia roznych param
- Show calculated stack pointer value
- Show offsets in function instead of segment addresses
- Show autogenerated comments (instruction descriptions)
- Show instruction opcodes
+ je tam aj dobry book Reverse Engineering Code with IDA Pro
http://demonteam.narod.ru/quickopt/quickopt.html
-
Class Informer
=========================================================
IDA Pro 5.xx Win32 class vftable finder, namer, fixer, lister plug-in.
Version 1.01, April 2009 By Sirmabus
Scans an MSVC 32bit target IDB for vftables with C++ RTTI, and MFC RTCI type data. Places structure defs, names, labels, and comments to make more sense of class vftables ("Virtual Function Table") and make them read easier as an aid to reverse engineering. Creates a list window with found vftables for browsing.
Download:
http://www.openrce.org/repositories/users/Sirmabus/Class_Informer101.zip (http://www.openrce.org/repositories/users/Sirmabus/Class_Informer101.zip)
-
TurboDiff – a simple (and fast!) approach to binary patch diffing
TurboDiff is a new IDA Pro plugin for binary patch diffing by Nicolás Economou. Binary diffing in this context means the analysis of a vendor-supplied patch (such as Microsoft Tuesday patches, for example) to find out exactly how the vulnerability it’s fixing works. This is essential in both developing an effective IDS signature (from a defensive standpoint) and a working exploit for it (from the attacker’s point of view).
http://breakingcode.wordpress.com/2009/10/15/turbodiff-a-simple-and-fast-approach-to-binary-patch-diffing/ (http://breakingcode.wordpress.com/2009/10/15/turbodiff-a-simple-and-fast-approach-to-binary-patch-diffing/)
-
Kazdy rok sa kona Plugin writer Contest pre IDA.
Tento rok prve tri miesta obhajili:
1. MyNav, a python plugin for IDA Pro
This is a very powerful python-based plugin. MyNav is an Open Source plugin for IDA Pro which aims to help reverse engineers doing the most typical tasks.
http://joxeankoret.com/blog/2010/05/02/mynav-a-python-plugin-for-ida-pro/ (http://joxeankoret.com/blog/2010/05/02/mynav-a-python-plugin-for-ida-pro/)
2. ida2sql plugin:
As the name implies this plugin can be used to export information from IDA databases to SQL databases. This allows for further analysis of the collected data: statstical analysis, building graphs, finding similarities between programs, etc.
http://wiki.github.com/zynamics/ida2sql-plugin-ida/ (http://wiki.github.com/zynamics/ida2sql-plugin-ida/)
3. IDA WinHelp Viewer plugin
The idea is very simple: make it easy to display WinHelp files in IDA Pro. There is no need to even have the WinHelp executable installed, just copy the plugin into the IDA plugins directory, the plugin can read .hlp files without any external help. It comes with a good x86 instruction reference file. Pressing F2 staying on an instruction gives detailed information about it.
http://www.hex-rays.com/contest2010/IDAWinHelpViewer/IDAWinHelpViewer.pdf (http://www.hex-rays.com/contest2010/IDAWinHelpViewer/IDAWinHelpViewer.pdf)
More:
http://www.hex-rays.com/contest2010/ (http://www.hex-rays.com/contest2010/)
-
Celkom slusny list of IDA Plugins
https://github.com/onethawt/idaplugins-list
-
Vysledky Plug-In Contest 2015
https://hex-rays.com/contests/2015/index.shtml
-
idaemu
idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro. it is base on unicorn-engine.
Support architecture:
X86 (16, 32, 64-bit)
ARM (developing)
https://github.com/36hours/idaemu
-
ti co chodi na exetools asi znaji :)
takove rozsireni predchoziho prispevku
https://github.com/cseagle/sk3wldbg
This is the Sk3wlDbg plugin for IDA Pro. It's purpose is to provide a front end for using the Unicorn Engine to emulate machine code that you are viewing with IDA.
The plugin installs as an IDA debugger which you may select whenever you open an IDA database containing code supported by Unicorn. Currently supported architectures include:
x86
x86-64
ARM
ARM64
MIPS
MIPS64
SPARC
SPARC64
M68K
-
NRS is a set of Python librairies used to unpack and analysis NSIS installer's data. It also feature an IDA plugin used to disassembly the NSIS Script of an installer.
https://github.com/isra17/nrs/
-
Debugging starych MS-DOS hier a programov v IDA.
Download
https://github.com/lab313ru/idados_dosbox
https://github.com/lab313ru/idados_dosbox/releases
Usage
Run dosbox.exe;
Mount some directory (mount Y d:\somedir\), put your MS-DOS executable in "d:\somedir\";
Goto your mounted Y:\ disk (Y:);
Run "debug yourexe.exe". It will freeze. Just press Alt+Tab;
Open IDA Pro and your executable there;
Select "Remote Dosbox debugger";
Go to Debugger->Process options... menu and specify host as "localhost";
Press F9 to run debugging process.
-
Velmi dobry plugin na synchronizaciu RE medzi viacerymi uzivatelmi a jednym spolocnym projektom. Viac na stranke.
Sol[IDA]rity is a modular interconnectivity platform for IDA Pro. It aims only to connect instances of IDA and reduce the overhead for tailored, asynchronous client communication. Upon this platform, we built a rich, deeply integrated, and incredibly personal experience to demonstrate the power of collaboration through seamless interconnectivity.
https://solidarity.re/
-
Plug-In Contest 2016:
https://www.hex-rays.com/contests/2016/index.shtml
-
A search tool for IDA
https://github.com/xorpd/idsearch
-
HexRaysPyTools
Plugin assists in creation classes/structures and detection virtual tables. Best to use with Class Informer plugin, because it helps to automatically get original classes names
https://github.com/igogo-x86/HexRaysPyTools
-
IDA 7.0 SDK: Porting from IDA 4.9-6.x API to IDA 7.0 API
https://hex-rays.com/products/ida/7.0/docs/api70_porting_guide.shtml
-
Plug-In Contest 2017: Hall Of Fame
https://hex-rays.com/contests/2017/index.shtml
-
Plug-In Contest 2018: Hall Of Fame
https://www.hex-rays.com/contests/2018/index.shtml
-
Data Visualization Plugin for IDA Pro
IDACyber is an interactive data visualization plugin for IDA Pro. It consists of external "color filters" that transform raw data bytes into a canvas that can be used to inspect and navigate data interactively. Depending on the filter in context, browsing this data visually can reveal particular structures and patterns, literally from a zoomed-out perspective.
Requirements
•IDA 7.3+
•This IDAPython project is compatible with Python3 only.
https://github.com/patois/IDACyber
-
The plugin integrates Ghidra's decompiler code into an Ida plugin an provides a basic decompiler capability for all platforms support by both Ida and Ghidra. It provides a basic source code display that attempts to mimic that of the Hex-Rays decompiler. It has only been written with Ida 7.x in mind.
https://github.com/cseagle/blc
sem liny hledat jestli to tu neni tak kdyztak sorry a smazte to :)