-
-
[推荐]IDA Pro 2013年前3名获奖插件出炉 一等奖1900美元
-
2013-10-11 15:29
-
【推荐】IDA Pro 2013年前3名获奖插件出炉 一等奖1900美元
作者:大老(翻译整理)
qq:79234668
大老的主页:我的主页
大老的博客:http://blog.sina.com.cn/dalaoqd
2013年的反编译插件。很高兴看到我们的用户会在制作新的插件!
今年我们第一次颁发三个奖项。他们是
一等奖(1900美元):米兰bohacek,hexrays_tools插件
二等奖(950美元):Andrzej dereszowski,funcap插件
第三等奖(450美元):杰森杰夫特,crowddetox插件
3个新的插件分别是
第1名
米兰bohacek hexrays_tools,布拉格查尔斯特大学
这个插件增加了新的功能,许多的编译器和艾达:
使用指针变量的访问在多个功能互动的结构重建
发现一个结构相匹配给定的模式访问指针变量
函数原型:删除删除助手返回类型,参数,转换为__usercall
-从分配到另一个侧式快速传播,或从一个函数调用的函数指针
处理的C++类和虚函数表,用于导航到从编译器支持虚拟函数
结构编辑器的改进
显示图中的树的相关结构
和几个小的特点
评价:此插件是非常在处理复杂的,面向对象的代码。在结构重构和C + +的支持是主要的集锦,甚至更小的特征有助于许多重复性的工作。
原文:
hexrays_tools by Milan Bohacek, Charles University in Prague
This plugin adds dozens of new functions to the decompiler and IDA:
- interactive structure reconstruction using pointer variable accesses across multiple functions
- finding a structure which matches a given pattern of accesses to a pointer variable
- function prototype helpers: remove return type, remove argument, convert to __usercall
- quick propagation of type from one side of assignment to another, or from a function call to the function pointer
- handle C++ classes and virtual function tables, with support for navigation to virtual functions from the decompiler
- structure editor improvements
- show a tree of related structures in a graph
- and several more minor features
Our comments: Milan's plugin is invaluable when dealing with complex, object-oriented code. While structure reconstruction and C++ support are the main highlights, even the smaller features help with many repetitive tasks which are common when dealing with big code bases. It's a clear winner of this year's submissions.
下载地址
https://www.hex-rays.com/contests/2013/hexrays_tools.zip
演示
https://www.hex-rays.com/contests/2013/milan_videos.7z
第2名
funcap由Andrzej dereszowski
这idapython脚本使用IDA的调试API记录程序连同它们的参数的函数调用(前、后)。
这是非常有用的在处理,加壳的软件使用的辅助函数来解密他们的字符串,或程序使许多间接调用。
评价:插件被记录和提供了一些额外的功能。从动态执行信息增广静态反汇编可以加快一个未知的二进制的分析,所以它可能会给许多分析人士带来非常有用的信息!
原文:
funcap by Andrzej Dereszowski
This IDAPython script uses IDA's debugging API to record function calls in a program together with their arguments (before and after).
This is very useful when dealing with malware which uses helper functions to decrypt their strings, or programs which make many indirect calls.
Our comments: The plugin is well-documented and offers several extra features (such as the call graph). Augmenting static disassembly with info from dynamic execution can speed up investigation of an unknown binary, so it will likely be very useful for many analysts!
下载地址
https://www.hex-rays.com/contests/2013/funcap.zip
第3名
crowddetox
说明
crowddetox是一个反编译优化插件。它能解决可能发生在处理模糊处理的二进制文件的问题:垃圾代码分析和去除(无用的代码)。
原文:
CrowdDetox by Jason Geffner
CrowdDetox is another decompiler plugin. It tries to solve the problem which can happen when dealing with obfuscated binaries: removal of junk code (useless code).
Our comments:
While the decompiler already does some dead code removal, it opts for pessimistic approach and doesn't remove code unless it can prove its results are not used. Jason's plugin is useful in situations where you can make more assumptions and be more aggressive in code removal.
We thank Jason for contacting us before the contest and implementing our feedback (e.g. making the plugin optional and not always-on). The code is very well commented and has a supporting whitepaper which explains the approach used.
下载地址
https://www.hex-rays.com/contests/2013/CrowdDetox.zip
原文链接
https://www.hex-rays.com/contests/2013/index.shtml
作者:大老(翻译整理)
qq:79234668
大老的主页:我的主页
大老的博客:http://blog.sina.com.cn/dalaoqd
2013年的反编译插件。很高兴看到我们的用户会在制作新的插件!
今年我们第一次颁发三个奖项。他们是
一等奖(1900美元):米兰bohacek,hexrays_tools插件
二等奖(950美元):Andrzej dereszowski,funcap插件
第三等奖(450美元):杰森杰夫特,crowddetox插件
3个新的插件分别是
第1名
米兰bohacek hexrays_tools,布拉格查尔斯特大学
这个插件增加了新的功能,许多的编译器和艾达:
使用指针变量的访问在多个功能互动的结构重建
发现一个结构相匹配给定的模式访问指针变量
函数原型:删除删除助手返回类型,参数,转换为__usercall
-从分配到另一个侧式快速传播,或从一个函数调用的函数指针
处理的C++类和虚函数表,用于导航到从编译器支持虚拟函数
结构编辑器的改进
显示图中的树的相关结构
和几个小的特点
评价:此插件是非常在处理复杂的,面向对象的代码。在结构重构和C + +的支持是主要的集锦,甚至更小的特征有助于许多重复性的工作。
原文:
hexrays_tools by Milan Bohacek, Charles University in Prague
This plugin adds dozens of new functions to the decompiler and IDA:
- interactive structure reconstruction using pointer variable accesses across multiple functions
- finding a structure which matches a given pattern of accesses to a pointer variable
- function prototype helpers: remove return type, remove argument, convert to __usercall
- quick propagation of type from one side of assignment to another, or from a function call to the function pointer
- handle C++ classes and virtual function tables, with support for navigation to virtual functions from the decompiler
- structure editor improvements
- show a tree of related structures in a graph
- and several more minor features
Our comments: Milan's plugin is invaluable when dealing with complex, object-oriented code. While structure reconstruction and C++ support are the main highlights, even the smaller features help with many repetitive tasks which are common when dealing with big code bases. It's a clear winner of this year's submissions.
下载地址
https://www.hex-rays.com/contests/2013/hexrays_tools.zip
演示
https://www.hex-rays.com/contests/2013/milan_videos.7z
第2名
funcap由Andrzej dereszowski
这idapython脚本使用IDA的调试API记录程序连同它们的参数的函数调用(前、后)。
这是非常有用的在处理,加壳的软件使用的辅助函数来解密他们的字符串,或程序使许多间接调用。
评价:插件被记录和提供了一些额外的功能。从动态执行信息增广静态反汇编可以加快一个未知的二进制的分析,所以它可能会给许多分析人士带来非常有用的信息!
原文:
funcap by Andrzej Dereszowski
This IDAPython script uses IDA's debugging API to record function calls in a program together with their arguments (before and after).
This is very useful when dealing with malware which uses helper functions to decrypt their strings, or programs which make many indirect calls.
Our comments: The plugin is well-documented and offers several extra features (such as the call graph). Augmenting static disassembly with info from dynamic execution can speed up investigation of an unknown binary, so it will likely be very useful for many analysts!
下载地址
https://www.hex-rays.com/contests/2013/funcap.zip
第3名
crowddetox
说明
crowddetox是一个反编译优化插件。它能解决可能发生在处理模糊处理的二进制文件的问题:垃圾代码分析和去除(无用的代码)。
原文:
CrowdDetox by Jason Geffner
CrowdDetox is another decompiler plugin. It tries to solve the problem which can happen when dealing with obfuscated binaries: removal of junk code (useless code).
Our comments:
While the decompiler already does some dead code removal, it opts for pessimistic approach and doesn't remove code unless it can prove its results are not used. Jason's plugin is useful in situations where you can make more assumptions and be more aggressive in code removal.
We thank Jason for contacting us before the contest and implementing our feedback (e.g. making the plugin optional and not always-on). The code is very well commented and has a supporting whitepaper which explains the approach used.
下载地址
https://www.hex-rays.com/contests/2013/CrowdDetox.zip
原文链接
https://www.hex-rays.com/contests/2013/index.shtml
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
