IDA Pro
Revision as of 16:43, 29 April 2014 by <bdi>PhilippeTeuwen</bdi> (talk | contribs)
Intro
IDA Pro combines an interactive, programmable, multi-processor disassembler coupled to a local and remote debugger and augmented by a complete plugin programming environment.
- Official page
- Windows, Linux, Mac OS X
- x86-32, x86-64, ARM and many others
- ELF, Java bytecode, Dalvik, ARM,...
- disassembler, some debugger
PIN Tracer
Adapted from https://www.hex-rays.com/products/ida/support/tutorials/pin/pin_tutorial.pdf
apt-get install gcc-multilib g++-multilib pushd pin-2.13-61206-gcc.4.4.7-linux/ia32/runtime ln -s libelf.so.0.8.13 libelf.so popd pushd pin-2.13-61206-gcc.4.4.7-linux/intel64/runtime ln -s libelf.so.0.8.13 libelf.so popd mkdir pin-2.13-61206-gcc.4.4.7-linux/source/tools/@idapin cd pin-2.13-61206-gcc.4.4.7-linux/source/tools/@idapin wget https://www.hex-rays.com/products/ida/support/freefiles/idapin65.zip 7z x idapin65.zip make TARGET=ia32e make TARGET=ia32
In IDA select "PIN Tracer" and configure it.
- Path to PIN: pin-2.13-61206-gcc.4.4.7-linux/pin
- Path to tool: pin-2.13-61206-gcc.4.4.7-linux/source/tools/@idapin/
Python
Based on idapython (shipped with IDA Pro)
Some require PySide as well
To install it on Linux for IDA Pro, see Hexblog, but let's install it locally in idapython instead of /
Download PySide 2011/12/30 for IDAPython 1.5+, Python 2.7 (2.6) and Qt 4.8.4 (IDA 6.5), Linux version
tar xvfz os_package_pyside_python27_package.tgz -C /path/to/ida
Extensions
Fentanyl
Easy patching!
See also here
File > Script file > Fentanyl/main.py
Alt-N Convert instructions to nops Alt-X Nop all xrefs to this function Alt-J Invert conditional jump Alt-P Patch instruction Alt-Z Undo modification (Won't always work. Should still be careful editing.) Alt-Y Redo modification (Won't always work. Should still be careful editing.) Alt-S Save file Alt-C Find Code Caves Ctrl-Alt-F Make jump unconditional Ctrl-Alt-N Neuter the binary (remove calls to fork, setuid, setgid, getpwnam, set groups, and chdir)
To sort
- IDA toolbag
- IDAscope
- patchdiff2
- Zynamics bindiff
- DarunGrim, another binary diff tool, opensource but discontinued?
- x86emu, x86 Emulator plugin. Windows, Linux, OS X
- Plugin contests 2012, 2011, 2010, 2009