SAS>> ida-helpers>> 返回
项目作者: VoidSec

项目描述 :
Collection of IDA helpers
高级语言: Python
项目地址: git://github.com/VoidSec/ida-helpers.git
创建时间: 2019-09-27T17:45:23Z
项目社区:https://github.com/VoidSec/ida-helpers
开源协议:
下载


ida-helpers

Collection of IDA helpers

Heap Viewer

Heap viewer will parse an “IDA Segment Export” data heap_base.txt and will produce a table with the following details:

  1. + segment n.
  2. + segment start address
  3. + segment end address
  4. + segment size
  5. + space between two segments

Usage:

  1. heap_viewer.py -f heap_base.txt -o output.md --segment
  2.     -f             IDA Segment Export input file
  3.     -o             Output File
  4.     --segment        Hide space between two segment information

This will be the output file format:

  1. -----------------------------------------------------------------------------------------------
  2. |    seg n.    |    start        |    end            |    size
  3. -----------------------------------------------------------------------------------------------
  4. |    0        |    0xea180000    |    0xea300000    |    0x180000
  5. -----------------------------------------------------------------------------------------------[130547712]
  6. |    1        |    0xe2480000    |    0xe2500000    |    0x80000
  7. -----------------------------------------------------------------------------------------------[2621440]
  8. |    2        |    0xe2180000    |    0xe2200000    |    0x80000
  9. -----------------------------------------------------------------------------------------------[23592960]
  10. |    3        |    0xe0a80000    |    0xe0b00000    |    0x80000
  11. -----------------------------------------------------------------------------------------------[18874368]

Segment Dumper

To use in conjunction with Heap Viewer, copy and paste the output address list and size from Heap Viewer inside Segment Dumper and load it into IDA, it will dump the relative segment from the memory saving it as a .bin file in the hardcoded folder.

Base Address

Replace the path of the desired library, insert function names in f_name and respective offset in f_addr. The script will pull library base address from IDA and calculate the final addresses for every listed functions, setting a software breakpoint to the respective address.

  1. eg.
  3. library base address = C7180000
  4. function address = C718FF90
  6. offset(base addr - function addr)= FF90
  8. func addr = (offset + base addr)

P/P/R

Find pop pop ret gadgets

Func Complexity

Print out an ordererd list of functions, from the least complex to the most one (based on the number of basic blocks)