IDA PRO 7.5下载

  • 7Iv7SV5n03
    了解作者
  • C/C++
    开发工具
  • 394.1MB
    文件大小
  • zip
    文件格式
  • 0
    收藏次数
  • 5 积分
    下载积分
  • 1
    下载次数
  • 2022-05-29 18:09
    上传日期
这是IDA PRO 7.5下载资源,需者自取
IDA PRO 7.5 (x86, x64, ARM, ARM64).zip
内容介绍
Welcome to the Hex-Rays Decompiler SDK! --------------------------------------- We are happy to present you the programmatic API for the decompiler. This version gives you an idea of the overall SDK structure and provides a base to build on. Currently only the decompilation results and the user interface are accessible, later we will add low level stuff and make the decompiler portable. Today you can: - decompile a function or arbitrary chunk of code and get a ctree. A ctree is a data structure that represents the decompilation result. - modify the ctree the way you want. You can rearrange statements, optimize expressions, add or remove variables, etc. - add a new item to the popup menu, react to user actions like keyboard, mouse clicks, etc. - hook to the decompilation events and modify the decompilation result on the fly. - generate microcode for a function or arbitrary chunk of code and use the results of data flow analysis. - install new microcode optimization rules in order to improve the output. You will need the latest IDA SDK to compile the plugins. The decompiler SDK consists of one single file: include\hexrays.hpp To install the decompiler SDK, just copy this file to the include directory of the IDA SDK. There is no .lib file. You will compile and link plugins for the decompiler the same way as plugins for IDA. For a quick start, please copy the sample plugins to the plugins subdirectory of the SDK and compile them. We tested the SDK with two compilers: Visual Studio and Borland but other compilers should work too. We will not guarantee backward compatibility at the early stages but as soon as things settle down, we will switch to that mode. There are a few sample plugins. Below are their descriptions. Sample 1 -------- This plugin decompiles the current function and prints the result in the message window. It is useful to learn how to initialize a decompiler plugin. Please note that all decompiler sample plugins have the "hexrays_" prefix in their names. This is done to make sure that the decompiler plugins are loaded after the hexrays plugin. Otherwise they would see that the decompiler is missing and immediately terminate. We recommend you to keep the same naming scheme: please use the "hexrays_" prefix for your decompiler plugins. N.B.: if you're writing a plugin for non-x86 version of the decompiler, you should use another prefix. For example, the x64 decompiler is named "hexx64", ARM is "hexarm" and so on. To be certain, check IDA's "plugins" directory. To debug plugin loading issues, you can use -z20 switch when running IDA. Sample 2 -------- This plugin shows how to hook to decompiler events and react to them. It also shows how to visit all ctree elements and modify them. This plugin waits for the decompilation result to be ready and replaces zeroes in pointer contexts with NULLs. One might say that this is just cosmetic change, but it makes the output more readable. Since the plugin hooks to events, it is fully automatic. The user can disable it by selecting it from the Edit, Plugins menu. Sample 3 -------- This plugin shows - how to add a new popup menu item - how to map the cursor position to ctree element - how to modify ctree - how to make the changes persistent This is a quite complex plugin but it is thoroughly commented. Sample 4 -------- This plugin dumps all user-defined information to the message window. Read the source code to learn how to access various user-defined data from your plugins: - label names - indented comments - number formats - local variable names, types, comments Sample 5 -------- This plugin generates a graph from the current pseudocode and displays it with wingraph32. The source code can be used to learn ctree details. Sample 6 -------- This plugin modifies the decompilation output: removes some space characters. The source code can be used to learn the output text. Sample 7 -------- This plugin demonstrates how to use the cblock_t::iterator class. It enumerates all instructions of a block statement. Sample 8 -------- This plugin demonstrates how to use the udc_filter_t (User-Defined Call generator) class, which allows replacing cryptic function calls, with a simpler/more-readable counterpart. Sample 9 -------- This plugin demonstrates how to generate microcode for a given function and print it into the output window. It displays fully optimized microcode but it is also possible to retrieve microcode from earlier stages of decompilation. Generating the microcode text should be used only for debugging purposes. Printing microcode in production code may lead to crashes or wrong info. Sample 10 --------- This plugin installs a custom microcode optimization rule: call !DbgRaiseAssertionFailure <fast:>.0 => call !DbgRaiseAssertionFailure <fast:"char *" "assertion text">.0 See also sample19 for another example. Sample 11 --------- This plugin installs a custom inter-block optimization rule: goto L1 => goto L@ ... L1: goto L2 In other words we fix a goto target if it points to a chain of gotos. This improves the decompiler output is some cases. Sample 12 --------- This plugin displays list of direct references to a register from the current instruction. Sample 13 --------- This plugin generates microcode for selection and dumps it to the output window. Sample 14 --------- This plugin shows xrefs to the called function as the decompiler output. All calls are displayed with the call arguments. Sample 15 --------- This plugin shows list of possible values of a register using the value range analysis. Sample 16 --------- This plugin installs a custom instruction optimization rule: mov #N, var.4 mov #N, var.4 xor var@1.1, #M, var@1.1 => mov #NM, var@1.1 where NM == (N>>8)^M We need this rule because the decompiler cannot propagate the second byte of VAR into the xor instruction. The XOR opcode can be replaced by any other, we do not rely on it. Also operand sizes can vary. Sample 17 --------- This plugin shows how to use "Select offsets" widget (select_udt_by_offset() API). This plugin repeats the Alt-Y functionality. Sample 18 --------- This plugin shows how to specify a register value at a desired location. Such a functionality may be useful when the code to decompile is obfuscated and uses opaque predicates. Sample 19 --------- This plugin shows how to install a custom microcode optimization rule. Custom rules are useful to handle obfuscated code. See also sample10 for another example. Sample 20 --------- This plugin shows how to modify the decompiler output on the fly by adding dynamic comments. It is also possible to write decompiler plugins or scripts in Python. In fact we ship most of the above plugins as examples, see the python/examples/hexrays subdirectory of your IDA installation. Enjoy the SDK! Hex-Rays ------------------------------------------------------------------ Annex 1: a brief description of ctree Ctree is a data structure that keeps the decompilation result. As the name implies, it is a tree-like structure. At the top level, we have the cfunc_t class. This class describes the function and gives access to its attributes: its type, local variables, maturity level, and body. The ctree class is not created in one transaction but built progressively: it starts with an empty class, then a rough function body is created, then it is modified in several steps. You can intercept control at any intermediate stage (maturity level) but be prepared that the ctree does not look quite normal. Only at the final stage the ctree is syntactically correct and has non-trivial type information. The most interesting part of the cfunc_t class is
评论
    相关推荐
    • IDA Pro教程
      使用IDA分析高级数据结构
    • ida pro 简易教程
      ida pro 入门及教程 索引 1 第一节:C语言的小程序 2 第二节:基本类型的识别 3 第三节:操作数格式 4 第四节:字符和字符串的操作 5 第五节:数组 6 第六节:枚举类型 7 第七节:Bit-fields(位域) 8 第八节:...
    • ida pro权威指南》
      接着讨论了ida pro 的基本用法和高级用法,然后讲解了其高扩展性及其在安全领域的实际应用,最后介绍了ida 的内置调试器(包括bochs 调试器),一方面让用户对ida pro 有全面深入的了解,另一方面让读者掌握idapro ...
    • IDA Pro6.1绿色版
      IDA Pro6.1绿色版,IDA Pro是一款交互式的,可编程的,可扩展的,多处理器的,交叉Windows或Linux WinCE MacOS平台主机来分析程序
    • IDA Pro Plugin
      IDA Pro 7 plug-ins, Debugging iOS Applications With IDA, unispector, tvsion2015, tilib70 stealth, qwingraph source, loadint 70, ids utils, idasdk70
    • ida_haru:IDA Pro的scriptsplugins
      IDA Pro的脚本/插件 **注意:所有Python脚本仍然需要与IDA 6.95 bw兼容。 ** 在cfg / idapython.cfg中启用它: // Should the plugin automatically load a 6.95 bw-compatibility layer? AUTOIMPORT_COMPAT_IDA...
    • idaref:IDA Pro指令参考插件
      IDA Pro完整指令参考插件-就像自动注释一样,但很有用。 我通常很擅长弄清各种英特尔指令的作用。 但是,有时我需要知道一些精确的细节(即SUB的确切副作用)或遇到一个罕见的说明。 然后,我打破了思路,不得不挖...
    • IDA Pro权威指南高清PDF
      DA Pro(交互式反汇编器专业版)是应用最广泛的静态反汇编工具,在IT领域有着举足轻重的地位,但其文档资料一直都不够完善,在IDA Pro创建者Ilfak的协助下问世的这本书,完美地终结了这一缺憾。Chris的理论被业界...
    • uclibc_IDAPro_Sig.zip
      IDA PRO uclibc Sig files
    • libiconv-1.1.tar.gz
      字符集转换程序