-
-
[分享][下载] “移花接木”计划 Part 1——移植7.2版F5到IDA 7.3
-
发表于: 2020-10-21 19:52
-
国庆节假期的时候在研究IDA Pro 7.3的泄露,最后还是决定继续用7.2,原因之一是7.3版没有x64反编译器,只能用7.0版的移植,相当于降级。去国外论坛上转了一圈,没人做7.2版的移植的原因是“7.0移植的方法不管用了”。这激发了我的研究兴趣,所以就有了下面的东西。
下载下面的文件,重命名为hexx64.dll,再放进IDA 7.3的plugins文件夹即可。不想花雪币下载的话可以自己用7.2版的hexx64.dll做patch,二进制diff如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | $ sha256sum hexx64_7.2*51fc543a15e081b8b51677fa8fdd9a6e1e5a6083a1423650a84d0235e8220fdf hexx64_7.2.dll712c933936e6a1e8af444a2cff439713120193e53a590415a4bd3a4d5688b091 hexx64_7.2_7.3.public.dll$ diff -u <(hexdump -Cv hexx64_7.2.dll) <(hexdump -Cv hexx64_7.2_7.3.public.dll)--- /dev/fd/63 2020-10-06 19:07:28.464827100 +0800+++ /dev/fd/62 2020-10-06 19:07:28.466669300 +0800@@ -860,8 +860,8 @@ 000035b0 cc 00 63 72 65 61 74 65 5f 71 66 6c 6f 77 5f 63 |..create_qflow_c| 000035c0 68 61 72 74 00 00 c9 00 63 72 65 61 74 65 5f 6d |hart....create_m| 000035d0 75 6c 74 69 72 61 6e 67 65 5f 71 66 6c 6f 77 5f |ultirange_qflow_|-000035e0 63 68 61 72 74 00 20 00 61 64 64 5f 74 65 73 74 |chart. .add_test|-000035f0 5f 66 65 61 74 75 72 65 00 00 5a 05 73 65 74 5f |_feature..Z.set_|+000035e0 63 68 61 72 74 00 2f 05 72 65 67 5f 68 69 74 5f |chart./.reg_hit_|+000035f0 63 6f 75 6e 74 65 72 00 00 00 5a 05 73 65 74 5f |counter...Z.set_| 00003600 63 6f 6d 70 69 6c 65 72 00 00 48 04 70 6c 61 6e |compiler..H.plan| 00003610 5f 61 6e 64 5f 77 61 69 74 00 4d 02 67 65 74 5f |_and_wait.M.get_| 00003620 6c 69 63 65 6e 73 65 5f 69 6e 66 6f 00 00 47 04 |license_info..G.|@@ -126785,7 +126785,7 @@ 001ef400 74 19 e1 ff ff 25 e6 18 e1 ff ff 25 78 18 e1 ff |t....%.....%x...| 001ef410 ff 25 d2 19 e1 ff ff 25 dc 19 e1 ff ff 25 e6 18 |.%.....%.....%..| 001ef420 e1 ff ff 25 e8 18 e1 ff ff 25 22 19 e1 ff ff 25 |...%.....%"....%|-001ef430 bc 19 e1 ff ff 25 1e 19 e1 ff ff 25 38 18 e1 ff |.....%.....%8...|+001ef430 bc 19 e1 ff ff 25 1e 19 e1 ff e9 81 b9 0b 00 90 |.....%..........| 001ef440 ff 25 72 18 e1 ff ff 25 b4 18 e1 ff ff 25 de 18 |.%r....%.....%..| 001ef450 e1 ff ff 25 c8 18 e1 ff ff 25 fa 17 e1 ff ff 25 |...%.....%.....%| 001ef460 d4 17 e1 ff ff 25 7e 18 e1 ff ff 25 68 18 e1 ff |.....%~....%h...|@@ -174808,12 +174808,12 @@ 002aad70 60 01 1f 00 7f 01 1f 00 14 ab 24 00 00 00 00 00 |`.........$.....| 002aad80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 002aad90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|-002aada0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|-002aadb0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|-002aadc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|-002aadd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|-002aade0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|-002aadf0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|+002aada0 2d 2d 2d 20 49 74 27 73 20 41 73 73 65 6d 62 6c |--- It's Assembl|+002aadb0 79 2c 20 42 31 37 43 68 21 20 2d 2d 2d 00 90 90 |y, B17Ch! ---...|+002aadc0 51 57 8b 79 20 57 51 c7 41 20 ff ff ff ff 48 8d |QW.y WQ.A ....H.|+002aadd0 64 24 e0 ff 15 9f 5e d5 ff 48 8d 64 24 20 59 5f |d$....^..H.d$ Y_|+002aade0 89 79 20 5f 59 c3 90 90 2d 2d 2d 20 42 79 20 45 |.y _Y...--- By E|+002aadf0 5a 46 6f 72 65 76 65 72 20 2d 2d 2d 00 00 00 00 |ZForever ---....| 002aae00 00 00 00 01 04 00 00 01 05 00 00 01 2f 00 00 00 |............/...| 002aae10 5f 00 00 00 2d 00 00 00 06 00 00 01 5c 00 00 00 |_...-.......\...| 002aae20 2b 00 00 00 00 00 00 02 00 00 00 04 00 00 00 08 |+...............| |
patch的技术细节稍后发布。
我同时还在研究IDA 7.5 Demo里的演示版反编译器,也取得了积极的结果。参见“移花接木”计划 Part 2。
最后于 2020-10-21 20:37
被张三千编辑
,原因:
注:下载本附件需支付
20雪币(note:20 points for
downloading this attachment)
|
|
|---|---|
|
|
消灭0回复~~
|
|
|
坐等大佬放完整版
|
|
|
|
|
|
7.5 Demo的F5也移植成功了,7.2和7.3都可以用。链接:https://bbs.pediy.com/thread-262835.htm |
|
|
|
|
|
方法?用二进制diff自己patch文件的方法?这个要靠你自己了,生成diff用的命令都写在里面。 “patch的技术细节”指的是我都patch了哪些东西、为什么要patch这些东西,以及,如果有人需要的话,生成patch的IDA数据库。 |
|
|
|
|
|
7.0版的arm64反编译器:https://bbs.pediy.com/thread-257083-5.htm#1659791 |
