-
-
[分享]IdaRub + rublib
-
2007-4-11 17:39
-
才发现版里居然没有IdaRub的介绍,我来抛个砖
IdaRub 点这里
Rublib 点这里
IdaRub 点这里
Alpha 0.8, June 2006
-- Introduction
IdaRub is an IDA plugin that wraps the IDA SDK for remote and local access from
the Ruby programming language. It works on both IDA 4.9 and 5.0, although 5.0
API additions are not accessible from IdaRub.
Rublib 点这里
RubLib 0.04
Version 0.04 of RubLib, a high-level API for writing IDA Pro scripts in Ruby, is here.
It grew from 125 methods to 163 methods since version 0.03. The most important new
features are:
* Support for function chunks
* The Instruction class was restructured a bit
* The behaviour of the [ ]-operator of the RubLib classes was standardized. It behaves like the [ ]-operator of the standard String class now.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
以下是学习sp的InstructionCounter的ruby版本,简单吧
#!/usr/bin/ruby -w
# InstructCounter.rb
# ------------------
# Binjo @ 2007-04-07
# binjo.cn # gmail.com
#-------------------------------------------------------------------------------
$:.unshift('..')
require 'idarub'
require 'rublib'
begin
ida, = IdaRub.auto_client
file = IdaFile.new( ida )
rescue
print "Error : %s" % $!
exit
end
Opcodes = { }
Opcodes['total'] = 0
def loop_instruc( file )
file.each { |func|
puts "---- parsing #{func.name} ----"
func.each { |instruc|
yield instruc.mnemonic
}
}
end
loop_instruc( file ) { |instruc|
if ( Opcodes[instruc] == nil )
Opcodes[instruc] = 1
else
Opcodes[instruc] += 1
end
# total counter
Opcodes['total'] += 1
}
puts "Opcode distribution of file: #{file.path}"
Total = Opcodes['total']
print "Total opcodes : #{Total} "
Opcodes.delete( 'total' )
Opcodes.sort{ |a,b| a[1] <=> b[1] }.each { |key, value|
percents = 100 * value.to_f / Total.to_f
puts "%06d %8.2f%% %s" % [ value, percents, key ]
}
#-------------------------------------------------------------------------------
# EOF
|
