-
-
[下载][推荐]IDAScope v1.1: YARA scanning fixed for ida 6.1 python 2.7
-
2014-2-18 04:56
-
我下载了新的IDASCOPE并有一些小错误,只是未成年人
解压到plugins文件夹。
其重要的是你设置你的config.py文件proberly或它不会运行。
它位于
C:\用户\ yourfolder\下载\ IDA\ IDA\插件\ IDAscope\ idascope\ config.py
编辑线如果说“yourfolder”
ENGLISH
I downloaded the new IDASCOPE and there was some small errors , just minors
Unpack into plugins folder.
Its important that you set up your config.py file proberly or it wont run.
its located
C:\Users\yourfolder\Downloads\ida\ida\plugins\IDAscope\idascope\config.py
edit the lines where it says "yourfolder"
你可以在这里阅读一个小指南。
http://pnx-tf.blogspot.no/2014/02/idascope-v11-yara-scanning.html
如果你想使用它,请务必先安装YARA Python和调整/ idacope/ config.py的签名档本地集合中指定的路径。
ENGLISH
you can read a small guide here.
http://pnx-tf.blogspot.no/2014/02/idascope-v11-yara-scanning.html
If you want to use it, make sure to install YARA Python first and adjust the paths specified in ./idacope/config.py to your local collection of signature files.
https://googledrive.com/host/0BznOMqZ9f3VUek8yN3VvSGdhRFU/yara-python-2.0.0.win32-py2.7.exe
also get and unpack sigs into C:\yara\*.yara
https://github.com/cabrel/yarasigs.
download
http://www.filedropper.com/idascope
IDAscope.rar
PySide for ida 6.1 python 2.7
https://anonfiles.com/file/84b6ed79703b94e5e360aa06350fb651
Source http://techbliss.org/threads/idascope-v1-1-yara-scanning-fixed-for-ida-6-1-python-2-7.484/#post-1223
解压到plugins文件夹。
其重要的是你设置你的config.py文件proberly或它不会运行。
它位于
C:\用户\ yourfolder\下载\ IDA\ IDA\插件\ IDAscope\ idascope\ config.py
编辑线如果说“yourfolder”
ENGLISH
I downloaded the new IDASCOPE and there was some small errors , just minors
Unpack into plugins folder.
Its important that you set up your config.py file proberly or it wont run.
its located
C:\Users\yourfolder\Downloads\ida\ida\plugins\IDAscope\idascope\config.py
edit the lines where it says "yourfolder"
configuration = {
"config_path_sep": "\\",
"plugin_only": False,
"paths": {
# "idascope_root_dir": "C:\\Users\\yourfolder\\Downloads\\ida\\ida\\plugins",
"idascope_root_dir": "C:\\Users\\yourfolder\\Downloads\\ida\\ida\\plugins\\IDAscope",
"semantics_file": "idascope\\data\\semantics.json",
"semantics_folder": "idascope\\data\\semantics",
"winapi_keywords_file": "idascope\\data\\winapi_keywords.json",
"winapi_rootdir": "C:\\WinAPI\\"
},
"winapi": {
"search_hotkey": "ctrl+y",
"load_keyword_database": True,
"online_enabled": True
},
"inspection": {
"default_semantics": "win-ring3"
},
"yara": {
"yara_sigs": ["C:\\yara"]
}
}你可以在这里阅读一个小指南。
http://pnx-tf.blogspot.no/2014/02/idascope-v11-yara-scanning.html
如果你想使用它,请务必先安装YARA Python和调整/ idacope/ config.py的签名档本地集合中指定的路径。
ENGLISH
you can read a small guide here.
http://pnx-tf.blogspot.no/2014/02/idascope-v11-yara-scanning.html
If you want to use it, make sure to install YARA Python first and adjust the paths specified in ./idacope/config.py to your local collection of signature files.
https://googledrive.com/host/0BznOMqZ9f3VUek8yN3VvSGdhRFU/yara-python-2.0.0.win32-py2.7.exe
also get and unpack sigs into C:\yara\*.yara
https://github.com/cabrel/yarasigs.
#############################################
___ ____ _
|_ _| _ \ / \ ___ ___ ___ _ __ ___
| || | | |/ _ \ / __|/ __/ _ \| '_ \ / _ \
| || |_| / ___ \\__ \ (_| (_) | |_) | __/
|___|____/_/ \_\___/\___\___/| .__/ \___|
|_|
#############################################
by Daniel Plohmann and Alexander Hanel
#############################################
[+] Loading simpliFiRE.IDAscope
[/] setting up shared modules...
[|] loading DocumentationHelper
[|] loading SemanticIdentifier
[/] SemanticIdentifier: Starting (fast) scan by references of function semantics.
[\] Analysis took 0.10 seconds.
[|] Loading WinApiProvider
[|] loading CryptoIdentifier
[|] loading PatternManager
[|] loading YaraScanner
[\] this took 2.66 seconds.
[/] setting up widgets...
[|] loading FunctionInspectionWidget
[|] loading WinApiWidget
[|] loading CryptoIdentificationWidget
[|] loading YaraScannerWidget
[\] this took 0.20 seconds.
Using FLIRT signature: Microsoft VisualC 2-10/net runtime
loading rules from file: C:\yara\apt.yar (72)
loading rules from file: C:\yara\APT_NGO_wuaclt.yar (1)
loading rules from file: C:\yara\APT_NGO_wuaclt_PDF.yar (1)
loading rules from file: C:\yara\avdetect.yar (1)
[!] Could not load yara rules from file: C:\yara\cve.yar
loading rules from file: C:\yara\dbgdetect.yar (3)
loading rules from file: C:\yara\GeorBotBinary.yara (1)
loading rules from file: C:\yara\GeorBotMemory.yara (1)
loading rules from file: C:\yara\hangover.yar (16)
[!] Could not load yara rules from file: C:\yara\index.yar
loading rules from file: C:\yara\sandboxdetect.yar (1)
loading rules from file: C:\yara\vmdetect.yar (1)
loading rules from file: C:\yara\xplug.yar (2)
[!] Performing YARA scan...download
http://www.filedropper.com/idascope
IDAscope.rar
PySide for ida 6.1 python 2.7
https://anonfiles.com/file/84b6ed79703b94e5e360aa06350fb651
Source http://techbliss.org/threads/idascope-v1-1-yara-scanning-fixed-for-ida-6-1-python-2-7.484/#post-1223
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
