-
-
[原创]ret-sync插件:windbg/ollydbg+ida逆向调试神器
-
发表于: 2019-7-15 23:04
-
|
|
|---|---|
|
|
解决了,是我使用姿势不对 |
|
|
那恭喜你 |
|
|
操作完了用不了怎么办?IDA调出插件之后, Possible file format: MS-DOS executable (EXE) (D:\IDA7.0\loaders\dos.dll) Possible file format: Portable executable for 80386 (PE) (D:\IDA7.0\loaders\pe.dll) bytes pages size description --------- ----- ---- -------------------------------------------- 2981888 364 8192 allocating memory for b-tree... 2981888 364 8192 allocating memory for virtual array... 262144 32 8192 allocating memory for name pointers... ----------------------------------------------------------------- 6225920 total memory allocated Loading file 'C:\Users\Administrator\Desktop\CM.exe' into database... Detected file format: Portable executable for 80386 (PE) Loading processor module D:\IDA7.0\procs\pc.dll for metapc...OK Autoanalysis subsystem has been initialized. [sync] ret-sync is an IDA Pro plugin, please see README for installation notes 0. Creating a new segment (00401000-00482000) ... ... OK 1. Creating a new segment (00482000-0049E000) ... ... OK 2. Creating a new segment (0049E000-004D5000) ... ... OK Reading imports directory... File C:\Windows\system32\ws2_32.dll is used for module WS2_32... 3. Creating a new segment (004826B4-0049E000) ... ... OK Plan FLIRT signature: Microsoft VisualC 2-14/net runtime autoload.cfg: vc32rtf.sig autoloads mssdk.til Assuming __cdecl calling convention by default Type library 'mssdk' loaded. Applying types... Types applied to 418 names. Plan FLIRT signature: MFC 3.1-14.0 32bit autoload.cfg: vc32mfc.sig autoloads mssdk.til main() function at 47082E, named "_WinMain@16" Marking typical code sequences... Flushing buffers, please wait...ok File 'C:\Users\Administrator\Desktop\CM.exe' has been successfully loaded into the database. IDA is analysing the input file... You may start to explore the input file right now. Hex-Rays Decompiler plugin has been loaded (v7.0.0.170914) License: 57-BF5F-7D44-11 Jiang Ying, Personal license (1 user) The hotkeys are F5: decompile, Ctrl-F5: decompile all. Please check the Edit/Plugins menu for more informaton. IDAPython Hex-Rays bindings initialized. ----------------------------------------------------------------------------------------- Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:53:40) [MSC v.1500 64 bit (AMD64)] IDAPython v1.7.0 final (serial 0) (c) The IDAPython Team <idapython@googlegroups.com> ----------------------------------------------------------------------------------------- Type library 'vc6win' loaded. Applying types... Types applied to 0 names. Flushing buffers, please wait...ok Database has been saved Using FLIRT signature: Microsoft VisualC 2-14/net runtime Using FLIRT signature: MFC 3.1-14.0 32bit Propagating type information... 47BE00: propagate_stkargs: function is already typed 47A645: propagate_stkargs: function is already typed Function argument information has been propagated Flushing buffers, please wait...ok Database has been saved The initial autoanalysis has been finished. Flushing buffers, please wait...ok Database has been saved Flushing buffers, please wait...ok Database has been saved Note: FormToPyQtWidget: importing 'sip' module into <module '__main__' from ''> [sync] default idb name: CM.exe [sync] sync enabled [sync] cmdline: "C:\Python27\python.exe" -u "D:\IDA7.0\plugins\retsync\broker.py" --idb "CM.exe" [sync] module base 0x400000 [sync] hexrays #7.0.0.170914 found [sync] hexrays version >= 7.2 is needed [sync] broker started [sync] plugin loaded [sync] broker finished [sync] idb is disabled [sync] sync enabled [sync] cmdline: "C:\Python27\python.exe" -u "D:\IDA7.0\plugins\retsync\broker.py" --idb "CM.exe" [sync] module base 0x400000 [sync] hexrays #7.0.0.170914 found [sync] hexrays version >= 7.2 is needed [sync] broker started [sync] broker finished [sync] idb is disabled [sync] sync enabled [sync] cmdline: "C:\Python27\python.exe" -u "D:\IDA7.0\plugins\retsync\broker.py" --idb "CM.exe" [sync] module base 0x400000 [sync] hexrays #7.0.0.170914 found [sync] hexrays version >= 7.2 is needed [sync] broker started [sync] broker finished [sync] idb is disabled [sync] sync enabled [sync] cmdline: "C:\Python27\python.exe" -u "D:\IDA7.0\plugins\retsync\broker.py" --idb "CM.exe" [sync] module base 0x400000 [sync] hexrays #7.0.0.170914 found [sync] hexrays version >= 7.2 is needed [sync] broker started [sync] broker finished [sync] idb is disabled [sync] sync enabled [sync] cmdline: "C:\Python27\python.exe" -u "D:\IDA7.0\plugins\retsync\broker.py" --idb "CM.exe" [sync] module base 0x400000 [sync] hexrays #7.0.0.170914 found [sync] hexrays version >= 7.2 is needed [sync] broker started [sync] broker finished [sync] idb is disabled
最后于 2021-5-18 09:57
被wx_王龙_452911编辑
,原因:
|
|
|
您好,请问idb is disabled 解决了? |
|
|
|
|
|
|
|
|
|
|
|
我是看了,这个文章后,labeless也可以实现,不过,遇到了一些问题,不能同步。 就是 在ida里边, 有一个 notification pause,里边有一个需要设置。
这个是新出的 功能,居然,找不到任何帮助文档,怎么设置的。 这个id 肯定不是 ip地址。 另外 retsync 有没有,远程调试的,设置方法, 设置总是失败。 我是ida7.6+x32dbg,用的是这个贴纸一个网友编译的,x32dbg的插件,127.0.0.1 可以成功使用。 但是,这个如何设置不同的电脑调试。 |
|
|
|
|
|
我也看git上说明,试了半天,也是啥反应没有 |
|
|
|
|
|
|
|
|
|
|
|
检查下调试的文件名有没有中文,要么打开调试信息去临时目录看看debug信息 |
|
|
|
Roger
勾选自动取消,
killbr
