首页
社区
课程
招聘
[分享]IdaRub + rublib
发表于: 2007-4-11 17:39 6851

[分享]IdaRub + rublib

2007-4-11 17:39
6851
才发现版里居然没有IdaRub的介绍,我来抛个砖

IdaRub 点这里
Alpha 0.8, June 2006


-- Introduction

IdaRub is an IDA plugin that wraps the IDA SDK for remote and local access from
the Ruby programming language. It works on both IDA 4.9 and 5.0, although 5.0
API additions are not accessible from IdaRub.


Rublib 点这里
RubLib 0.04
Version 0.04 of RubLib, a high-level API for writing IDA Pro scripts in Ruby, is here.
It grew from 125 methods to 163 methods since version 0.03. The most important new
features are:

* Support for function chunks
* The Instruction class was restructured a bit
* The behaviour of the [ ]-operator of the RubLib classes was standardized. It behaves like the [ ]-operator of the standard String class now.

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (1)
雪    币: 55
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
以下是学习sp的InstructionCounter的ruby版本,简单吧 
#!/usr/bin/ruby -w
# InstructCounter.rb
# ------------------
# Binjo @ 2007-04-07
# binjo.cn # gmail.com
#-------------------------------------------------------------------------------
$:.unshift('..')

require 'idarub'
require 'rublib'

begin
    ida,    =   IdaRub.auto_client
    file    =   IdaFile.new( ida )
rescue
    print "Error : %s" % $!
    exit
end

Opcodes          = { }
Opcodes['total'] = 0

def loop_instruc( file )
    file.each { |func|

        puts "---- parsing #{func.name} ----"

        func.each { |instruc|
            yield instruc.mnemonic
        }
    }
end

loop_instruc( file ) { |instruc|

    if ( Opcodes[instruc] == nil )
        Opcodes[instruc]  = 1
    else
        Opcodes[instruc] += 1
    end

    # total counter
    Opcodes['total'] += 1
}

puts "Opcode distribution of file: #{file.path}"

Total = Opcodes['total']
print "Total opcodes : #{Total} "

Opcodes.delete( 'total' )

Opcodes.sort{ |a,b| a[1] <=> b[1] }.each { |key, value|
    percents = 100 * value.to_f / Total.to_f
    puts "%06d    %8.2f%%   %s" % [ value, percents, key ]
}
#-------------------------------------------------------------------------------
# EOF
2007-4-11 17:46
0
游客
登录 | 注册 方可回帖
返回
//