Difference between revisions of "IDA Pro"

From YobiWiki
Jump to navigation Jump to search
Line 29: Line 29:
   
 
=Python=
 
=Python=
  +
==Install==
 
Based on [https://code.google.com/p/idapython/ idapython] (shipped with IDA Pro)
 
Based on [https://code.google.com/p/idapython/ idapython] (shipped with IDA Pro)
 
<br>Some require PySide as well
 
<br>Some require PySide as well
Line 34: Line 35:
 
<br>Download PySide 2011/12/30 for IDAPython 1.5+, Python 2.7 (2.6) and Qt 4.8.4 (IDA 6.5), Linux version
 
<br>Download PySide 2011/12/30 for IDAPython 1.5+, Python 2.7 (2.6) and Qt 4.8.4 (IDA 6.5), Linux version
 
tar xvfz os_package_pyside_python27_package.tgz -C /path/to/ida
 
tar xvfz os_package_pyside_python27_package.tgz -C /path/to/ida
  +
 
=Extensions=
 
=Extensions=
 
==[https://github.com/isislab/Fentanyl Fentanyl]==
 
==[https://github.com/isislab/Fentanyl Fentanyl]==

Revision as of 16:47, 29 April 2014

Intro

IDA Pro combines an interactive, programmable, multi-processor disassembler coupled to a local and remote debugger and augmented by a complete plugin programming environment.

  • Official page
  • Windows, Linux, Mac OS X
  • x86-32, x86-64, ARM and many others
  • ELF, Java bytecode, Dalvik, ARM,...
  • disassembler, some debugger

PIN Tracer

Install

Adapted from https://www.hex-rays.com/products/ida/support/tutorials/pin/pin_tutorial.pdf

apt-get install gcc-multilib g++-multilib
pushd pin-2.13-61206-gcc.4.4.7-linux/ia32/runtime
ln -s libelf.so.0.8.13 libelf.so
popd
pushd pin-2.13-61206-gcc.4.4.7-linux/intel64/runtime
ln -s libelf.so.0.8.13 libelf.so
popd
mkdir pin-2.13-61206-gcc.4.4.7-linux/source/tools/@idapin
cd pin-2.13-61206-gcc.4.4.7-linux/source/tools/@idapin
wget https://www.hex-rays.com/products/ida/support/freefiles/idapin65.zip
7z x idapin65.zip
make TARGET=ia32e
make TARGET=ia32

Usage

In IDA select "PIN Tracer" and configure it.

  • Path to PIN: pin-2.13-61206-gcc.4.4.7-linux/pin
  • Path to tool: pin-2.13-61206-gcc.4.4.7-linux/source/tools/@idapin/

See PIN tutorial

Python

Install

Based on idapython (shipped with IDA Pro)
Some require PySide as well
To install it on Linux for IDA Pro, see Hexblog, but let's install it locally in idapython instead of /
Download PySide 2011/12/30 for IDAPython 1.5+, Python 2.7 (2.6) and Qt 4.8.4 (IDA 6.5), Linux version

tar xvfz os_package_pyside_python27_package.tgz -C /path/to/ida

Extensions

Fentanyl

Easy patching!
See also here

File > Script file > Fentanyl/main.py
Alt-N      Convert instructions to nops
Alt-X      Nop all xrefs to this function
Alt-J      Invert conditional jump
Alt-P      Patch instruction
Alt-Z      Undo modification (Won't always work. Should still be careful editing.)
Alt-Y      Redo modification (Won't always work. Should still be careful editing.)
Alt-S      Save file
Alt-C      Find Code Caves
Ctrl-Alt-F Make jump unconditional
Ctrl-Alt-N Neuter the binary (remove calls to fork, setuid, setgid, getpwnam, set groups, and chdir)

To sort