用C/C++编写IDApro插件

5星 · 超过95%的资源需积分: 10 161 浏览量更新于2023-05-31 评论 1 收藏 891KB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

用 C/C++编写 IDA 插件

[1.0 版]

版权® 2005 Steve Micallef

steve@binarypool.com

用 C/C++编写 IDA 插件

内容目录

1. 入门........................................................6

1.1 为什么会有这本手册?.......................................6

1.2 涵盖的内容................................................6

1.3 不包括的内容..............................................6

1.4 前置知识..................................................6

1.5 居家旅行必备良药..........................................6

1.6 C/C++之外的选择...........................................7

1.7 关于这本手册..............................................7

1.8 致谢......................................................7

1.9 其他资料..................................................7

2. IDA SDK全局组织.............................................8

2.1 安装方法..................................................9

2.2 目录结构..................................................9

2.3 头文件介绍................................................9

2.4 使用SDK..................................................10

3. 配置一个编译环境............................................11

3.1 Windows 下使用 Visual Studio.............................. 11

3.2 Windows 下使用 GCC 的 Dev-C++和 MinGW.......................12

3.3 Linux下使用GCC........................................... 12

3.4 一份插件模板............................................. 13

3.5 配置及运行插件........................................... 14

4.IDA插件原理.................................................15

4.1 重要的数据类型............................................15

4.2 核心结构以及类........................................... 16

4.2.1 元数据信息(Meta Information) ........................

4.2.2 域的概念............................................. 17

4.2.2.1 area_t 结构....................................... 17

4.2.2.2 areacb_t类.......................................

4.2.3 段和函数............................................... 18

4.2.3.1 段............................................... 18

4.2.3.2 函数............................................. 19

4.2.4 代码的表示............................................. 20

4.2.4.1 操作数类型....................................... 21

4.2.4.2 操作数........................................... 21

4.2.4.3 助记符........................................... 22

4.2.4.4 指令............................................. 22

4.2.5 交叉引用参考...........................................

4.2.5.1 xrefblk_t 结构....................................23

4.2.5.2 代码.............................................

4.2.5.3 数据............................................. 25

用 C/C++编写 IDA 插件

4.3 字节标志.................................................26

4.4 调试器...................................................27

4.4.1 debugger_t 结构......................................27

4.4.2 寄存器...............................................28

4.4.3 断点.................................................29

4.4.4 跟踪.................................................30

4.4.5 进程和线程...........................................32

4.5 事件通知.................................................32

4.5.1 接收通知.............................................33

4.5.2 UI 事件通知..........................................

4.5.3 调试器事件通知.......................................35

4.5.3.1 底层型事件.......................................35

4.5.3.2 高层型事件通知...................................37

4.5.3.3 函数返回型通知...................................37

4.6 字符串...................................................38

5.函数........................................................40

5.1 常用函数的替代...........................................40

5.2 消息框...................................................40

5.2.1 msg.................................................. 41

5.2.2 info................................................. 41

5.2.3 warning.............................................. 41

5.2.3 error................................................ 41

5.3 UI浏览...................................................41

5.3.1 get_screen_ea........................................ 41

5.3.2 jumpto............................................... 42

5.3.3 get_cursor........................................... 42

5.3.4 get_curline.......................................... 42

5.3.5 read_selection....................................... 42

5.3.6 callui...............................................

5.3.7 askaddr............................................. .43

5.3.8 AskUsingForm_c....................................... 44

5.4 入口点...................................................44

5.4.1 get_entry_qty........................................

5.4.2 get_entry_ordinal.................................... 44

5.4.3 get_entry............................................45

5.4.4 get_entry_name.......................................45

5.5 域.......................................................45

5.5.1 get_area............................................. 46

5.5.2 get_area_qty......................................... 46

5.5.3 getn_area............................................ 46

5.5.4 get_next_area........................................

5.5.5 get_prev_area........................................

5.6 段...................................................... 48

5.6.1 get_segm_qty........................................ 48

用 C/C++编写 IDA 插件

5.6.2 getnseg............................................. 48

5.6.3 get_segm_by_name....................................

5.6.4 getseg.............................................. 49

5.6.5 get_segm_name(IDA 4.8) ............................. 49

5.6.6 get_segm_name(IDA 4.9) ............................. 50

5.7 函数.....................................................50

5.7.1 get_func_qty........................................ 50

5.7.2 get_func............................................ 50

5.7.3 getn_func........................................... 51

5.7.4 get_func_name....................................... 51

5.7.5 get_next_func.......................................

5.7.6 get_prev_func.......................................

5.7.7 get_func_comment.................................... 52

5.8 指令.....................................................53

5.8.1 generate_disasm_line................................ 53

5.8.2 ua_ana0.............................................

5.8.3 ua_code.............................................

5.8.4 ua_outop............................................ 54

5.8.5 ua_mnem............................................. 55

5.9 交叉引用.................................................56

5.9.1 first_from.......................................... 56

5.9.2 first_to............................................ 57

5.9.3 next_from........................................... 57

5.9.4 next_to............................................. 58

5.10 名称....................................................58

5.10.1 get_name........................................... 58

5.10.2 get_name_ea........................................ 59

5.10.3 get_name_value..................................... 59

5.11 搜索....................................................60

5.11.1 find_text(仅支持IDA 4.9) ...........................60

5.11.2 find_binary........................................

5.12 IDB.....................................................62

5.12.1 open_linput........................................

5.12.2 close_linput....................................... 62

5.12.3 load_loader_module................................. 62

5.12.4 load_binary_file................................... 63

5.12.5 gen_file........................................... 64

5.12.6 save_database...................................... 65

5.13 标志....................................................65

5.13.1 getFlags........................................... 65

5.13.2 isEnabled..........................................

5.13.3 isHead.............................................

5.13.4 isCode............................................. 66

5.13.5 isData............................................. 67

用 C/C++编写 IDA 插件

5.13.6 isUnknown..........................................67

5.14 数据...................................................

5.14.1 get_byte...........................................68

5.14.2 get_many_bytes.....................................68

5.14.3 patch_byte.........................................69

5.14.4 patch_many_bytes...................................69

5.15 I/O.................................................... 70

5.15.1 fopenWT............................................70

5.15.2 openR..............................................70

5.15.3 ecreate............................................70

5.15.4 eclose.............................................70

5.15.5 eread..............................................71

5.15.6 ewrite.............................................71

5.16 调试函数............................................... 72

5.16.0 请求（Request）中的注意事项........................72

5.16.1 run_requests.......................................72

5.16.2 get_process_state..................................72

5.16.3 get_process_qty....................................73

5.16.4 get_process_info...................................73

5.16.5 start_process *....................................74

5.16.6 continue_process*..................................74

5.16.7 suspend_process*...................................74

5.16.8 attach_process*....................................74

5.16.9 detach_process*....................................75

5.16.10 exit_process*.....................................75

5.16.11 get_thread_qty....................................76

5.16.12 get_reg_val.......................................76

5.16.13 set_reg_val*......................................76

5.16.14 invalidate_dbgmem_contents........................77

5.16.15 invalidate_dbgmem_config..........................77

5.16.16 run_to *..........................................78

5.16.17 step_into*........................................78

5.16.18 step_over*........................................78

5.16.19 step_until_ret*...................................78

5.17 断点................................................... 79

5.17.1 get_bpt_qty........................................79

5.17.2 getn_bpt...........................................79

5.17.3 get_bpt............................................80

5.17.4 add_bpt*...........................................80

5.17.5 del_bpt*...........................................80

5.17.6 update_bpt.........................................81

5.17.7 enable_bpt*........................................81

5.18 跟踪................................................... 82

5.18.1 set_trace_size.....................................82

剩余105页未读，继续阅读

网上虫子

2019-04-29

不错，很好用。

nmap

粉丝: 7
资源: 1

会员权益专享

用C/C++编写IDA pro插件

评论7

会员权益专享

最新资源

用C/C++编写IDA pro插件

评论7

利用pyqt5开发ida插件

ida pro 使用方法

ubuntu安装ida pro

Reverse Engineering Code with IDA Pro(IDA Pro代码破解揭秘英文版)

ubuntu安装ida pro详细点

idapro权威指南第三版 pdf

The IDA Pro Book 2nd. edition

linux ida_pro用法

ida pro linux

ida远程调试linux

怎么将51单片机的汇编转成

IDA反汇编工具使用说明

逆向工程从0到1 如何实现？

逆向神器ida 6.8绿色完整版

ida动调出现Input file is missing

IDA实例教程.doc

《office办公软件excel》培训资料.ppt

SAPFI培训教材V110资料.ppt

基于微信小程的MHK在线学习小程序（包括源码，数据库，教程）.zip

会员权益专享

最新资源