至于开源的东西,其实自己也蛮想做的。但是苦于技术水平不够,所以一直也没什么东西公布。刚开始的时候代码都是托管在Googlecode, 后来迁移到了github,但是苦于github不能创建私有项目,于是最后选择了bitbucket上,另外一个好处是可以绑定域名。于是以后有代码公布的话,可以访问这个网址访问http://code.h4ck.org.cn。
Book Publisher Wanted!(寻求图书出版商)
DeIDA Package 1.4
DeDe is Excellent Delphi program analyzing tool, but I still prefer IDA for
navigation & documentation.Exe-2-Dpr is another very useful utility (and also work with old 16-bit Delphi
programs).I always look for way to grab as many info from this great program’s output as
possible. So, I wrote a few stupid progs just to _reformate_ Exe2dpr & DeDe
output and import into IDA by simple IDC script.That’s all.
How to use:
———–
EDM:
> -*- EDM 1.4 * Copyright (c) Aleph 2001-2003 -*-
> Exe-2-Dpr output files reformatter
> Usage: edm.com [> ProjectName.DDM]
Apply exe2dpr.exe to analyzed proggy. Place all exe2dpr output in some
directory. Now, run edm.com in this directory and redirect edm output to some
file. edm will be scan all *.pas files in the directory and create output file
in *.ddm format. Use deida.idc script for import the *.ddm file to IDA database.
fixobjc idc script for IDA Pro
This is an attempt to improve the original fixobjc.idc script by Willem Jan Hengeveld.
For now it’s only compatible with Mach-O 32bits binaries for Mac OS X.
My goal is to make it compatible with all Mac OS X and iOS binaries.
fG!
IDA Create Unicode String(English)
IDA对Unicode的处理不能说很烂,但是有的时候却比较蛋疼。例如神马中文之类的,但是除此之外,对于英文的字符串处理在部分地方也是有问题的,例如上面的内容。
同样在idb刚创建的时候对于unicode字符串的解析也存在问题,例如下面的内容:
真正的字符串内容应该是ReadFromRegistry。但是ida很蛋疼的把第一个R当作dw给处理掉了,于是剩下了一个眉头的身子。
在创建string之后默认是采用的当前idb数据库的字符串格式,如果想要创建正确的字符串需要用到SetAsciiStyle(http://www.hex-rays.com/products/ida/support/idadoc/613.shtml)。
IDA Pro 6.3 ELF Anti-Debugging / Reversing Patcher
/*
*
* IDA Pro 6.3 (crash due an internal error)
* ELF anti-debugging/reversing patcher
*
* Published @ IOActive Labs Research blog:
* http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html
*
* - nitr0us [ http://twitter.com/nitr0usmx ]
*
* Tested under:
* IDA Pro Starter License 6.3.120531 (Mac OS X)
* IDA Pro Demo 6.3.120730 (Ubuntu Linux 9.04)
* IDA Pro Demo 6.3.120730 (Mac OS X 10.7.3)
* IDA Pro Demo 6.3.120730 (Windows Vista Home Premium SP2)
*
* Bug found using Frixyon fuzzer (my ELF file format fuzzer still in development)
*
* Timeline:
* 21/11/2012 The bug was found on IDA Demo 6.3
* 22/11/2012 The bug was tested on IDA Pro Starter License 6.3.120531 (32-bit)
* 22/11/2012 The bug was reported through the official Hex-Rays contact emails
* 23/11/2012 Hex-Rays replied and agreed that the bug leads to an unrecoverable
* state and it will be fixed on the next release
*
**************** TECHNICAL DETAILS ***********************
nitr0us@burial:~$ gdb -q idaq
(gdb) r a.out
(no debugging symbols found)
Program received signal SIGTRAP, Trace/breakpoint trap.
[Switching to Thread 0xb6860760 (LWP 3638)]
0xb55f7694 in default_notification_handler (reader=@0xbfbffae0,
notif=reader_t::err_shstrndx) at reader.cpp:33
33 reader.cpp: No such file or directory.
in reader.cpp
Current language: auto; currently c++
(gdb)