跟IDA Pro有关的资源收集。当前包括的工具个数450左右,并根据功能进行了粗糙的分类。部分工具添加了中文描述。当前包括文章数金300个。
说明
目录
- 工具
- 新添加的
- (97) 未分类
- 结构体&&类的检测&&创建&&恢复
- (3) 收集
- (9) 外观&&主题
- (4) 固件&&嵌入式设备
- 签名(FLIRT等)&&比较(Diff)&&匹配
- (6) IDB操作
- (5) 协作逆向&&多人操作相同IDB文件
- (9) 与调试器同步&&通信&&交互
- 导入导出&与其他工具交互
- 针对特定分析目标
- IDAPython本身
- (6) 指令参考&文档
- 辅助脚本编写
- (16) 古老的
- 调试&&动态运行&动态数据
- (13) 反编译器&&AST
- (7) 反混淆
- 效率&&导航&&快速访问&&图形&&图像&&可视化
- (7) Android
- Apple&&macOS&&iXxx&&Objective-C&&SWift&&Mach-O
- (9) ELF
- (5) Microcode
- (6) 模拟器集成
- (4) 作为辅助&&构成其他的一环
- 漏洞
- (7) 补丁&&Patch
- (3) 其他
- 函数相关
- (3) 污点分析&&符号执行
- (8) 字符串
- (3) 加密解密
- 文章
- TODO
工具
- 以Github开源工具为主
新添加的
未分类
- [1037星][2m] [Py] fireeye/flare-ida 多工具
- StackStrings 自动恢复手动构造的字符串
- Struct Typer
- ApplyCalleeType This plugin allows you to specify or choose a function type for indirect calls as described here: Flare-Ida-Pro-Script
- argtracker 识别函数使用的静态参数
- idb2pat FLIRT签名生成
- objc2_analyzer 在目标Mach-O可执行文件的与Objective-C运行时相关的部分中定义的选择器引用及其实现之间创建交叉引用
- MSDN Annotations 从XML文件中提取MSDN信息,添加到IDB数据库中
- ironstrings 使用代码模拟执行(flare-emu), 恢复构造的字符串
- Shellcode Hashes 生成Hash数据库
- [732星][6m] [Py] devttys0/ida 多工具
- wpsearch 查找在MIPS WPS checksum实现中常见的立即数
- md5hash 纯Python版的MD5 hash实现(IDA的hashlib有问题)
- alleycat 查找向指定的函数内代码块的路径、查找两个或多个函数之间的路径、生成交互式调用图、可编程
- codatify 定义IDA自动化分析时miss的ASCII字符串、函数、代码。将data段的所有未定义字节转换为DWORD(于是IDA可识别函数和跳转表指针)
- fluorescence 高亮函数调用指令
- leafblower 识别常用的POSIX函数:printf, sprintf, memcmp, strcpy等
- localxrefs 在当前函数内部查找所有对任意选择文本的引用
- mipslocalvars 对栈上只用于存储寄存器的变量进行命名,简化栈数据分析(MISP)
- mipsrop 在MIPS可执行代码中搜寻ROP。查找常见的ROP
- rizzo 对2个或多个IDB之间的函数进行识别和重命名,基于:函数签名、对唯一字符串/常量的引用、模糊签名、调用图
- [308星][1m] [C] ohjeongwook/darungrim 软件补丁分析工具
- [295星][1y] [C++] nevermoe/unity_metadata_loader load strings and method/class names in global-metadata.dat to IDA
- [272星][3m] [Py] jpcertcc/aa-tools 多脚本(还有的没列出在子工具)
- apt17scan.py Volatility插件, 检测APT17相关的恶意代码并提取配置
- emdivi_postdata_decoder 解码Emdivi post的数据
- emdivi_string_decryptor IDAPython脚本, 解密Emdivi内的字符串
- [114星][1y] [Py] vallejocc/reverse-engineering-arsenal 逆向脚本收集
- WinDbg Windbg脚本收集
- IDA-set_symbols_for_addresses 遍历所有区段查找与指定的(地址,符号)匹配的DWORD地址,并将对应地址的值命名
- IDA-stack_strings_deobfuscator_1 反混淆栈字符串
- [80星][3m] [Py] takahiroharuyama/ida_haru 多工具
- bindiff 使用BinDiff对多个二进制文件进行对比,可多达100个
- eset_crackme ESET CrackMe driver VM loader/processor
- fn_fuzzy 快速二进制文件对比
- stackstring_static 静态恢复栈上的字符串
- [73星][9m] [Py] secrary/ida-scripts 多脚本
- dumpDyn 保存动态分配并执行的代码的相关信息:注释、名称、断点、函数等,之后此代码在不同基址执行时使保存内容依然可用
- idenLib 库函数识别
- IOCTL_decode Windows驱动的IO控制码
- XORCheck
- [60星][2y] [Py] tmr232/idabuddy 逆向滴好盆友??
- [59星][2y] [C++] alexhude/loadprocconfig 加载处理器配置文件
- [57星][1m] [Py] williballenthin/idawilli IDA Pro 资源、脚本和配置文件等
- hint_calls 以Hint的形式战士函数引用的call和字符串
- dynamic_hints 演示如何为动态数据提供自定义hint的示例插件
- add_segment 将已存在文件的内容添加为新的segment
- color 对指令进行着色
- find_ptrs 扫描.text区段查找可能为指针的值,并进行标记
- yara_fn 创建yara规则,匹配当前函数的basic block
- [54星][1y] [Py] zardus/idalink 使用IDA API时保证不卡界面. 在后台启动与界面脱离IDA CLI会话, 再使用RPyC连接界面
- [52星][3y] [C++] sektioneins/wwcd Capstone powered IDA view
- [51星][2y] [Py] cseagle/ida_clemency IDA cLEMENCy Tools
- [50星][2m] [Py] lich4/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
- 重复区段: 工具/导入导出&与其他工具交互/Frida |
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA多个脚本
- IDA-read_unicode.py IDA插件,识别程序中的中文字符
- IDA-add_xref_for_macho 辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb 使用gdbserver和IDA调试Android时,读取module列表和segment
- IDA-trace_instruction 追踪指令流
- IDA-detect_ollvm 检测OLLVM,在某些情况下修复(Android/iOS)
- IDA-add_block_for_macho 分析macho文件中的block结构
- [49星][11m] [Py] agustingianni/utilities 多个IDAPython脚本
- [47星][3y] [Py] jjo-sec/idataco 多功能
- [45星][7y] [Py] carlosgprado/milf IDA瑞士军刀
- milf 辅助漏洞挖掘
- [40星][6m] [Visual Basic] dzzie/re_plugins 逆向插件收集
- IDASrvr wm_copydata IPC 服务器,通过WM_COPYDATA机制监听远程消息, 可从其他进程中想IDA发送命令,查询数据,控制接口显示
- IDA_JScript 通过IDASrvr,使用JavaScript编写IDA脚本(依赖ActiveX)
- IDA_JScript_w_DukDbg IDA_JScript进阶版
- IDASrvr2 IDASrvr进阶版,添加x64支持
- IdaUdpBridge
- IdaVbScript
- OllySrvr
- Olly_hittrace
- Olly_module_bpx
- Olly_vbscript
- PyIDAServer 测试在IDA中运行IPC服务器
- Wingraph32
- rabc_gui
- swfdump_gui
- gleegraph
- hidden_strings
- memdump_conglomerate
- memdump_embedder
- rtf_hexconvert
- uGrapher
- wininet_hooks Hook以下API调用并记录关键信息:HttpOpenRequest,InternetConnect,InternetReadFile,InternetCrackUrl,HttpSendRequest
- [40星][2y] [Py] mxmssh/idametrics 收集x86体系结构的二进制可执行文件的静态软件复杂性度量
- [40星][4y] [C++] nihilus/guid-finder 查找GUID/UUID
- [38星][2y] [Py] saelo/ida_scripts 多脚本
- kernelcache 识别并重命名iOS kernelcache函数stub。ARM64 Only
- ssdt 解析Windows内核中的syscall表
- [34星][4y] [Py] madsc13ntist/idapython IDAPython脚本收集(无文档)
- [32星][5y] [Py] iphelix/ida-pomidor 在长时间的逆向中保存注意力和效率
- [28星][5m] [Py] enovella/re-scripts IDA/Ghidra/Radare2脚本收集(无文档)
- [28星][1y] [Py] xyzz/vita-ida-physdump None
- [27星][1y] [Py] daniel_plohmann/simplifire.idascope 简化恶意代码分析
- [26星][5y] [Py] bastkerg/recomp IDA recompiler(无文档)
- [26星][7m] [C++] offlinej/ida-rpc Discord rich presence plugin for IDA Pro 7.0
- [25星][3y] [Py] zyantific/continuum Plugin adding multi-binary project support to IDA Pro (WIP)
- [23星][9m] [C++] trojancyborg/ida_jni_rename IDA JNI调用重命名
- [22星][5y] [Py] nihilus/idascope 辅助恶意代码逆向(Bitbucket上的代码较新)
- [22星][4y] [Py] onethawt/idapyscripts IDAPython脚本
- DataXrefCounter 枚举指定区段的所有交叉引用,计算使用频率
- [22星][3y] [C++] patois/idaplugins Random IDA scripts, plugins, example code (some of it may be old and not working anymore)
- [21星][2m] [Py] nlitsme/idascripts 枚举多种类型数据:Texts/NonFuncs/...
- [21星][1m] [Py] rceninja/re-scripts None
- Hyperv-Scripts
- IA32-MSR-Decoder 查找并解码所有的MSR码
- IA32-VMX-Helper 查找并解码所有的MSR/VMCS码
- [20星][1y] [Py] hyuunnn/ida_python_scripts IDAPython脚本
- [20星][2y] [C#] zoebear/radia 创建一个用于可视化代码的交互式、沉浸式环境,辅助二进制文件逆向
- [20星][3y] [Py] ztrix/idascript Full functional idascript with stdin/stdout handled
- [20星][1y] [Py] hyuunnn/ida_python_scripts ida python scripts
- [20星][29d] [Py] mephi42/ida-kallsyms None
- [19星][8m] [Py] yellowbyte/reverse-engineering-playground 逆向脚本收集,包括:IDAPython、文件分析、文件格式分析、文件系统分析、Shellcode分析
- [18星][1y] [Py] a1ext/ida-embed-arch-disasm 使IDA可在32位数据库中反汇编x64代码(WOW64)
- [17星][1y] [Py] honeybadger1613/etm_displayer IDA Pro плагин для отображения результата Coresight ETM трассировки perf'а
- [16星][4y] fabi/idacsharp C# 'Scripts' for IDA 6.6+ based on
- [15星][7m] [CMake] google/idaidle 如果用户将实例闲置时间过长,则会警告用户。在预定的空闲时间后,该插件首先发出警告,然后再保存当前的disassemlby数据库并关闭IDA
- [14星][4y] [C++] nihilus/fast_idb2sig_and_loadmap_ida_plugins 2个插件
- [13星][2y] [Py] cisco-talos/pdata_check 根据pdata节和运行时函数的最后一条指令识别异常运行时。
- [13星][11m] [C++] nihilus/graphslick IDA Plugin - GraphSlick
- [13星][1y] [Py] cxm95/ida_wrapper An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.
- [12星][1y] [Assembly] gabrielravier/cave-story-decompilation 使用IDA反编译的游戏洞窟物語(Cave Story)
- [11星][2y] [Py] 0xddaa/iddaa idapython scripts
- [11星][5y] [Py] dshikashio/idarest Expose some basic IDA Pro interactions through a REST API for JSONP
- [11星][9m] [C++] ecx86/ida7-supportlib IDA-SupportLib library by sirmabus, ported to IDA 7
- [10星][4y] [C++] revel8n/spu3dbg 调试anergistic SPU emulator
- [9星][4y] [Py] nfarrar/ida-colorschemes A .clr colorscheme generator for IDA Pro 6.4+.
- [9星][5y] [Ruby] rogwfu/plympton Library to work with yaml exported IDA Pro information and run statistics
- [9星][8m] [Py] 0xcpu/relieve 逆向/恶意代码分析脚本
- [8星][5y] [Py] daniel_plohmann/idapatchwork None
- [8星][2y] [C++] ecx86/ida7-segmentselect IDA-SegmentSelect library by sirmabus, ported to IDA 7
- [8星][12d] [Py] lanhikari22/gba-ida-pseudo-terminal IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts
- [8星][16d] [C++] nlitsme/idcinternals 研究IDC脚本的内部表现形式
- [8星][3y] [Py] pwnslinger/ibt IDA Pro Back Tracer - Initial project toward automatic customized protocols structure extraction
- [8星][2y] [C++] shazar14/idadump An IDA Pro script to verify binaries found in a sample and write them to disk
- [7星][2y] [Py] swackhamer/ida_scripts IDAPython脚本(无文档)
- [7星][9m] [Py] techbliss/ida_pro_http_ip_geolocator ida_pro_http_ip_geolocator:IDA 插件,查找网址并解析为 ip,通过Google 地图查看
- [7星][5y] [Py] techbliss/processor-changer 修改处理器(需重新打开IDA)
- [7星][1y] [C++] tenable/mida 提取RPC接口,重新创建关联的IDL文件
- [6星][2y] [CMake] elemecca/cmake-ida 使用CMake构建IDA Pro模块
- [6星][2y] [Py] fireundubh/ida7-alleycat Alleycat plugin by devttys0, ported to IDA 7
- [6星][8m] [Py] geosn0w/dumpanywhere64 An IDA (Interactive Disassembler) script that can save a chunk of binary from an address.
- [6星][1y] [C++] ecx86/ida7-hexrays-invertif Hex-Rays Invert if statement plugin for IDA 7.0
- [5星][3y] [Py] andreafioraldi/idavshelp 在IDA中集成VS的帮助查看器
- [5星][4m] [Py] fdiskyou/ida-plugins IDAPython脚本(无文档)
- [5星][3y] [Py] gh0st3rs/idassldump IDAPython脚本, 将SSL流量转储到文件
- [5星][1y] [C++] lab313ru/m68k_fixer IDA Pro plugin fixer for m68k
- [5星][5y] [C#] npetrovski/ida-smartpatcher IDA apply patch GUI
- [5星][4y] [Py] tmr232/tarkus Plugin Manager for IDA Pro
- [4星][2m] [Py] gitmirar/idaextapi IDA API utlitites
- [4星][3y] [Py] hustlelabs/joseph IDA Viewer Plugins
- [4星][1y] savagedd/samp-server-idb None
- [4星][1m] [Py] spigwitmer/golang_struct_builder IDA 7.0+ script that auto-generates structs and interfaces from runtime metadata found in golang binaries
- [3星][9m] [Py] gdataadvancedanalytics/ida-python None
- [3星][2y] [Py] ypcrts/ida-pro-segments It's very hard to load multiple files in the IDA GUI without it exploding. This makes it easy.
- [3星][1y] abarbatei/ida-utils links, information and helper scripts for IDA Pro
- [2星][2y] [C++] ecx86/ida7-oggplayer IDA-OggPlayer library by sirmabus, ported to IDA 7
- [2星][2y] [Py] mayl8822/ida 快速执行谷歌/百度/Bing搜索
- [2星][5y] [C++] nihilus/ida-x86emu x86模拟执行
- [2星][4y] [Py] nihilus/idapatchwork Stitching against malware families with IDA Pro
- [2星][2y] [Py] sbouber/idaplugins None
- [2星][1m] [Py] psxvoid/idapython-debugging-dynamic-enrichment None
- [1星][2y] [Py] andreafioraldi/idamsdnhelp 打开MSDN帮助搜索页
- [1星][1y] [Py] farzonl/idapropluginlab4 An ida pro plugin that tracks def use chains of a given x86 binary.
- [1星][2m] [Py] voidsec/ida-helpers Collection of IDA helpers
- [0星][3y] [Py] kcufid/my_ida_python My idapython decode data
- [0星][12m] [Py] ruipin/idapy Various IDAPython libraries and scripts
- [0星][8m] [Py] tkmru/idapython-scripts IDAPro scripts
结构体&&类的检测&&创建&&恢复
未分类
- [924星][16d] [OCaml] airbus-seclab/bincat 二进制代码静态分析工具。值分析(寄存器、内存)、污点分析、类型重建和传播(propagation)、前向/后向分析
- 重复区段: 工具/污点分析&&符号执行 |
- [649星][4m] [Py] igogo-x86/hexrayspytools 结构体和类重建插件
- [168星][12m] [Py] bazad/ida_kernelcache 使用IDA Pro重建iOS内核缓存的C++类
- [138星][4y] [C++] nihilus/hexrays_tools 辅助结构体定义和虚函数检测
- [103星][2m] [Py] lucasg/findrpc 从二进制文件中提取内部的RPC结构体
- [4星][3y] [C#] andreafioraldi/idagrabstrings 在指定地址区间内搜索字符串,并将其映射为C结构体
- 重复区段: 工具/字符串 |
C++类&&虚表
-
[595星][2m] [Py] 0xgalz/virtuailor 利用IDA调试获取的信息,自动创建C++的虚表
-
重复区段: 工具/调试&&动态运行&动态数据/调试数据 |
查看详情
-
-
[168星][9m] [C++] ecx86/classinformer-ida7 ClassInformer backported for IDA Pro 7.0
-
[128星][2y] [Py] nccgroup/susanrtti RTTI解析插件
-
[91星][1y] [C++] rub-syssec/marx 揭示C++程序中的类继承结构
-
[68星][7y] [C] nektra/vtbl-ida-pro-plugin Identifying Virtual Table Functions using VTBL IDA Pro Plugin + Deviare Hooking Engine
-
[35星][5y] [C++] nihilus/ida_classinformer IDA ClassInformer PlugIn
-
[32星][2y] [Py] krystalgamer/dec2struct 使用类定义/声明文件,在 IDA 中轻松创建虚表
-
[16星][2y] [C++] mwl4/ida_gcc_rtti Class informer plugin for IDA which supports parsing GCC RTTI
收集
- [1732星][1m] onethawt/idaplugins-list IDA插件收集
- [356星][8m] fr0gger/awesome-ida-x64-olly-plugin IDA x64DBG OllyDBG 插件收集
- [10星][1y] [Py] ecx86/ida-scripts IDA Pro/Hex-Rays configs, scripts, and plugins收集
外观&&主题
- [712星][5m] [Py] zyantific/idaskins 皮肤插件
- [257星][7y] eugeneching/ida-consonance 黑色皮肤插件
- [103星][5m] [CSS] 0xitx/ida_nightfall 黑色主题插件
- [58星][7y] gynophage/solarized_ida Solarized黑色主题
- [10星][7y] [Py] luismiras/ida-color-scripts 导入导出颜色主题
- [8星][2y] [CSS] gbps/x64dbg-consonance-theme 黑色的x64dbg主题
- [6星][5y] [Py] techbliss/ida-styler 修改IDA样式
- [3星][2m] rootbsd/ida_pro_zinzolin_theme zinzolin主题
- [1星][12m] [C] albertzsigovits/idc-dark A dark-mode color scheme for Hex-Rays IDA using idc
固件&&嵌入式设备
- [5105星][16d] [Py] refirmlabs/binwalk 固件分析工具(命令行+IDA插件)
- [483星][3m] [Py] maddiestone/idapythonembeddedtoolkit 自动分析嵌入式设备的固件
- [173星][2y] [Py] duo-labs/idapython Duo 实验室使用的IDAPython 脚本收集
- 重复区段: 工具/Apple&&macOS&&iXxx&&Objective-C&&SWift&&Mach-O/未分类 |
- cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
- amnesia 使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
- REobjc 在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
- [90星][20d] [Py] pagalaxylab/vxhunter 用于分析基于VxWorks的嵌入式设备的工具集
签名(FLIRT等)&&比较(Diff)&&匹配
未分类
- [416星][25d] [C] mcgill-dmas/kam1n0-community 汇编代码管理与分析平台(独立工具+IDA插件)
- 重复区段: 工具/作为辅助&&构成其他的一环 |
- IDA插件
- kam1n0
- [147星][1y] [C++] ajkhoury/sigmaker-x64 IDA Pro 7.0 compatible SigMaker plugin
- [128星][1y] [Py] cisco-talos/bass 从先前生成的恶意软件集群的样本中自动生成AV签名
- [71星][4y] [Py] icewall/bindifffilter IDA Pro plugin making easier work on BinDiff results
- [70星][5y] [Py] arvinddoraiswamy/slid 静态链接库检测
- [50星][1m] [Py] vrtadmin/first-plugin-ida 函数识别与签名恢复工具
- [45星][1y] [Py] l4ys/idasignsrch 签名搜索
- [33星][3y] [Py] g4hsean/binauthor 识别未知二进制文件的作者
- [31星][1y] [Py] cisco-talos/casc 在IDA的反汇编和字符串窗口中, 辅助创建ClamAV NDB 和 LDB签名
- [25星][2y] [LLVM] syreal17/cardinal Similarity Analysis to Defeat Malware Compiler Variations
- [23星][5m] [Py] xorpd/fcatalog_server Functions Catalog
- [21星][3y] [Py] xorpd/fcatalog_client fcatalog idapython client
- [18星][5y] [Py] zaironne/snippetdetector IDA Python scripts project for snippets detection
- [16星][8y] [C++] alexander-pick/idb2pat idb2pat plugin, fixed to work with IDA 6.2
- [14星][8y] [Standard ML] letsunlockiphone/iphone-baseband-ida-pro-signature-files IDA签名文件,iPhone基带逆向
- [3星][4y] [Py] ayuto/discover_win 对比Linux和Windows二进制文件,对Windows文件未命名的函数进行自动重命名
- 重复区段: 工具/函数相关/重命名&&前缀&&标记 |
- [0星][1y] [Py] gh0st3rs/idaprotosync 在2个或多个函数中识别函数原型
FLIRT签名
FLIRT签名收集
- [589星][11d] [Max] maktm/flirtdb A community driven collection of IDA FLIRT signature files
- [303星][4m] push0ebp/sig-database IDA FLIRT Signature Database
- [5星][8m] cloudwindby/ida-pro-sig IDA PRO FLIRT signature files MSVC2017的sig文件
FLIRT签名生成
- [58星][10m] [Py] push0ebp/allirt Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
- [42星][7m] [Py] nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
- 重复区段: 工具/导入导出&与其他工具交互/Ghidra |
Diff&&Match工具
- [1525星][24d] [Py] joxeankoret/diaphora program diffing
- [353星][3m] [Py] checkpointsw/karta Karta - source code assisted fast binary matching plugin for IDA
- [328星][11m] [Py] joxeankoret/pigaios A tool for matching and diffing source codes directly against binaries.
- [136星][12m] [Py] nirizr/rematch REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
- [94星][6m] [Visual Basic] dzzie/idacompare 汇编级别对比工具
- [74星][4y] [C] nihilus/ida_signsrch signsrch签名匹配
- [72星][5y] [Py] binsigma/binsourcerer 反汇编与源码匹配
- [71星][3y] vrtadmin/first 函数识别和签名恢复, 带服务器
- [52星][5y] [C++] filcab/patchdiff2 IDA binary differ. Since code.google.com/p/patchdiff2/ seemed abandoned, I did the obvious thing…
- [14星][3y] [Py] 0x00ach/idadiff IDAPython脚本,使用@Heurs MACHOC algorithm (https://github.com/ANSSI-FR/polichombr)算法创建二进制文件的CFG Hash,与其他样本对比。如果发现1-1关系,则重命名
- [14星][5y] [C++] binsigma/binclone 检测恶意代码中的相似代码
Yara
- [424星][26d] [Py] polymorf/findcrypt-yara 使用Yara规则查找加密常量
- 重复区段: 工具/加密解密 |
- [92星][1m] [Py] hyuunnn/hyara 辅助编写Yara规则
- [92星][1m] [Py] hyuunnn/hyara Yara rule making tool (IDA Pro & Binary Ninja Plugin)
- [81星][1y] [Py] oalabs/findyara 使用Yara规则扫描二进制文件
- [16星][10m] [Py] bnbdr/ida-yara-processor 针对已编译Yara规则文件的Loader&&Processor
- 重复区段: 工具/针对特定分析目标/Loader&Processor |
- [14星][1y] [Py] alexander-hanel/ida_yara 使用Yara扫描IDB数据
- [14星][1y] [Py] souhailhammou/idaray-plugin IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.
IDB操作
- [312星][5m] [Py] williballenthin/python-idb idb 文件解析和分析工具
- [144星][14d] [Py] nccgroup/idahunt 在IDA外部使用IDAPython脚本, 批量创建/读取/解析IDB文件, 可编写自己的IDB分析脚本,命令行工具,
- [84星][4m] [C++] nlitsme/idbutil 从 IDA 数据库中提取数据,支持 idb 及 i64
- [78星][3m] [Py] nlitsme/pyidbutil 读取IDB数据库
- [18星][1y] [Py] kkhaike/tinyidb 从巨型IDB数据库中导出用户数据
- [0星][4y] [C] hugues92/idaextrapassplugin 修复与清理IDB数据库
协作逆向&&多人操作相同IDB文件
- [504星][10m] [Py] idarlingteam/idarling 多人协作插件
- [257星][1y] [C++] dga-mi-ssi/yaco 利用Git版本控制,同步多人对相同二进制文件的修改
- [88星][5y] [Py] cubicalabs/idasynergy 集成了版本控制系统(svn)的IDA插件
- [71星][20d] [C++] cseagle/collabreate Hook IDA的事件通知,将事件涉及的修改内容广播到中心服务器,中心服务器转发给其他分析相同文件的用户
- [4星][2y] [Py] argussecurity/psida IDAPython脚本收集,当前只有协作逆向的脚本
与调试器同步&&通信&&交互
- [448星][21d] [C] bootleg/ret-sync 在反汇编工具和调试器之间同步调试会话
- [285星][10m] [C] a1ext/labeless 在IDA和调试器之间无缝同步Label/注释等
- [168星][12m] [Py] andreafioraldi/idangr 在IDA中使用angrdbg调试器进行调试
- [128星][2y] [Py] comsecuris/gdbida 使用GDB调试时,在IDA中自动跟随当前GDB的调试位置
- [98星][4y] [C++] quarkslab/qb-sync 使用调试器调试时,自动在IDA中跟随调试位置
- [43星][3m] [JS] sinakarvandi/windbg2ida 在IDA中显示Windbg调试的每个步骤
- [36星][9m] [Py] anic/ida2pwntools IDA插件,远程连接pwntools启动的程序进行pwn调试
- [28星][1y] [Py] iweizime/dbghider 向被调试进程隐藏IDA调试器
- [17星][7y] [Py] rmadair/windbg2ida 将WinDBG中的调试trace导入到IDA
导入导出&与其他工具交互
未分类
- [159星][1m] [Py] x64dbg/x64dbgida x64dbg插件,用于IDA数据导入导出
- [143星][1m] [C++] alschwalm/dwarfexport Export dwarf debug information from IDA Pro
- [95星][2y] [Py] robindavid/idasec IDA插件,与Binsec 平台进行交互
- [67星][11m] [Py] lucasg/idamagnum 在IDA中向MagnumDB发起请求, 查询枚举常量可能的值
- [58星][11d] [Py] binaryanalysisplatform/bap-ida-python IDAPython脚本,在IDA中集成BAP
- [35星][5y] [Py] siberas/ida2sym IDAScript to create Symbol file which can be loaded in WinDbg via AddSyntheticSymbol
- [29星][5y] [C++] oct0xor/deci3dbg Ida Pro debugger module for Playstation 3
- 重复区段: 工具/针对特定分析目标/PS3&&PS4 |
- [28星][4m] [C++] thalium/idatag IDA plugin to explore and browse tags
- [19星][2y] [Py] brandon-everhart/angryida 在IDA中集成angr二进制分析框架
- [16星][4y] [C++] m417z/mapimp This is an OllyDbg plugin which will help you to import map files exported by IDA, Dede, IDR, Microsoft and Borland linkers.
- [16星][5y] [Py] danielmgmi/virusbattle-ida-plugin The plugin is an integration of Virus Battle API to the well known IDA Disassembler.
- [8星][7y] [C++] patois/madnes 从IDB中导出符号和名称,使可在FCEUXD SP中导入
- [3星][1y] [Py] r00tus3r/differential_debugging Differential debugging using IDA Python and GDB
Ghidra
- [288星][3m] [Py] cisco-talos/ghida 在IDA中集成Ghidra反编译器
- [235星][8m] [Py] daenerys-sre/source 使IDA和Ghidra脚本通用, 无需修改
- [85星][3m] [Py] cisco-talos/ghidraaas 通过REST API暴露Ghidra分析服务, 也是GhIDA的后端
- [47星][1m] [Py] utkonos/lst2x64dbg Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database.
- [42星][7m] [Py] nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
BinNavi
- [378星][17d] [C++] google/binexport 将反汇编以Protocol Buffer的形式导出为PostgreSQL数据库, 导入到BinNavi中使用
- [213星][3y] [PLpgSQL] cseagle/freedom 从IDA中导出反汇编信息, 导入到binnavi中使用
- [25星][7y] [Py] tosanjay/bopfunctionrecognition This python/jython script is used as plugin to BinNavi tool to analyze a x86 binanry file to find buffer overflow prone functions. Such functions are important for vulnerability analysis.
BinaryNinja
- [67星][8m] [Py] lunixbochs/revsync IDA和Binja实时同步插件
- [60星][5m] [Py] zznop/bnida 4个脚本,在IDA和BinaryNinja间交互数据
- ida_export 将数据从IDA中导入
- ida_import 将数据导入到IDA
- binja_export 将数据从BinaryNinja中导出
- binja_import 将数据导入到BinaryNinja
- [14星][5m] [Py] cryptogenic/idc_importer Binary Ninja插件,从IDA中导入IDC数据库转储
Radare2
- [125星][7m] [Py] danigargu/syms2elf 将IDA Pro和Radare2识别的符号(目前仅函数)导出到ELF符号表
- 重复区段: 工具/ELF |工具/函数相关/未分类 |
- [123星][28d] [Py] radare/radare2ida Tools, documentation and scripts to move projects from IDA to R2 and viceversa
Frida
- [129星][3y] [Py] friedappleteam/frapl 在Frida Client和IDA之间建立连接,将运行时信息直接导入IDA,并可直接在IDA中控制Frida
- 重复区段: 工具/调试&&动态运行&动态数据/DBI数据 |
- IDA插件
- Frida脚本
- [81星][5y] [Py] techbliss/frida_for_ida_pro 在IDA中使用Frida, 主要用于追踪函数
- [50星][2m] [Py] lich4/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
- 重复区段: 工具/未分类 |
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA多个脚本
- IDA-read_unicode.py IDA插件,识别程序中的中文字符
- IDA-add_xref_for_macho 辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb 使用gdbserver和IDA调试Android时,读取module列表和segment
- IDA-trace_instruction 追踪指令流
- IDA-detect_ollvm 检测OLLVM,在某些情况下修复(Android/iOS)
- IDA-add_block_for_macho 分析macho文件中的block结构
IntelPin
- [133星][1y] [Py] carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
- 重复区段: 工具/调试&&动态运行&动态数据/DBI数据 |工具/漏洞/未分类 |
- IDA插件
- PinTracer
- [43星][3y] [Batchfile] maldiohead/idapin plugin of ida with pin
针对特定分析目标
未分类
- [539星][2y] [Py] anatolikalysch/vmattack 基于虚拟化的壳的分析(静态/动态)与反混淆
- 重复区段: 工具/反混淆 |
- [195星][4y] [Py] f8left/decllvm 针对OLLVM的IDA分析插件
- [117星][1y] [Py] xerub/idastuff 针对ARM处理器
- [93星][3m] [Py] themadinventor/ida-xtensa 分析Tensilica Xtensa (as seen in ESP8266)
- [81星][4y] [C++] wjp/idados DOSBox调试器插件
- 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
- [74星][2m] [Py] coldzer0/ida-for-delphi 针对Delphi的IDAPython脚本,从 Event Constructor (VCL)中获取所有函数名称
- [59星][2y] [Py] isra17/nrs 脱壳并分析NSIS installer打包的文件
- [58星][2d] [Py] fboldewin/com-code-helper IDAPython脚本, 辅助重建MS COM 代码
- [54星][3m] [Py] giantbranch/mipsaudit IDA MIPS静态扫描脚本,汇编审计辅助脚本
- [53星][5m] [C++] troybowman/dtxmsg 辅助逆向DTXConnectionServices 框架
- [47星][2y] [C++] antid0tecom/aarch64_armv81extension IDA AArch64 处理器扩展:添加对ARMv8.1 opcodes的支持
- [47星][8m] [C] lab313ru/smd_ida_tools Sega Genesis/MegaDrive ROM文件加载器,Z80音频驱动加载器,IDA Pro调试器
- [33星][3y] [Py] sam-b/windows_syscalls_dumper 转储Windows系统调用Call的 number/name,以json格式导出
- [23星][3y] [Py] pfalcon/ida-xtensa2 IDAPython plugin for Tensilica Xtensa (as seen in ESP8266), version 2
- [21星][11m] [Py] howmp/comfinder 查找标记COM组件中的函数
- 重复区段: 工具/函数相关/重命名&&前缀&&标记 |
- [20星][5y] [Py] digitalbond/ibal 辅助Bootrom分析
- [17星][2y] [C] andywhittaker/idaproboschme7x Bosch ME7x C16x反汇编辅助
- [16星][3y] [Py] 0xdeva/ida-cpu-risc-v RISCV-V 反汇编器
- [15星][5y] [Py] dolphin-emu/gcdsp-ida 辅助GC DSP逆向
- [11星][2y] [C++] hyperiris/gekkops Nintendo GameCube Gekko CPU Extension plug-in for IDA Pro 5.2
- [4星][3y] [Py] neogeodev/idaneogeo NeoGeo binary loader & helper for the Interactive Disassembler
- [2星][4m] [C] extremlapin/glua_c_headers_for_ida Glua module C headers for IDA
- [2星][4m] [Py] lucienmp/idapro_m68k 扩展IDA对m68k的支持,添加gdb step-over 和类型信息支持
- [0星][8m] [C] 0xd0cf11e/idcscripts idc脚本
- emotet-decode 解码emotet
- [0星][1m] [C++] marakew/emuppc PowerPC模拟器,脱壳某些 PowerPC 二进制文件
GoLang
- [363星][8m] [Py] sibears/idagolanghelper 解析Go语言编译的二进制文件中的GoLang类型信息
- [285星][26d] [Py] strazzere/golang_loader_assist 辅助Go逆向
Windows驱动
- [303星][1y] [Py] fsecurelabs/win_driver_plugin A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
- [216星][1y] [Py] nccgroup/driverbuddy 辅助逆向Windows内核驱动
- [73星][4y] [Py] tandasat/winioctldecoder IDA插件,将Windows设备IO控制码解码成为DeviceType, FunctionCode, AccessType, MethodType.
- [23星][1y] [C] ioactive/kmdf_re 辅助逆向KMDF驱动
PS3&&PS4
- [68星][2m] [C] aerosoul94/ida_gel A collection of IDA loaders for various game console ELF's. (PS3, PSVita, WiiU)
- [55星][7y] [C++] kakaroto/ps3ida IDA scripts and plugins for PS3
- [44星][2y] [C] aerosoul94/dynlib 辅助PS4用户模式ELF逆向
- 重复区段: 工具/ELF |
- [29星][5y] [C++] oct0xor/deci3dbg Ida Pro debugger module for Playstation 3
- 重复区段: 工具/导入导出&与其他工具交互/未分类 |
Loader&Processor
- [205星][1y] [Py] fireeye/idawasm WebAssembly的加载器和解析器
- [158星][1m] [Py] nforest/droidimg Android/Linux vmlinux loader
- 重复区段: 工具/Android |工具/ELF |
- [155星][2y] [Py] crytic/ida-evm 以太坊虚拟机的Processor模块
- [138星][1m] [Py] argp/iboot64helper IDAPython loader to help with AArch64 iBoot, iBEC, and SecureROM reverse engineering
- [127星][2y] [C] gsmk/hexagon IDA processor module for the hexagon (QDSP6) processor
- [106星][1y] pgarba/switchidaproloader Loader for IDA Pro to support the Nintendo Switch NRO binaries
- [72星][2y] [Py] embedi/meloader 加载英特尔管理引擎固件
- [54星][5m] [C++] mefistotelis/ida-pro-loadmap Plugin for IDA Pro disassembler which allows loading .map files.
- [37星][11m] [C++] patois/nesldr Nintendo Entertainment System (NES) ROM loader module for IDA Pro
- [35星][1y] [Py] bnbdr/ida-bpf-processor BPF Processor for IDA Python
- [32星][5y] [Py] 0xebfe/3dsx-ida-pro-loader IDA PRO Loader for 3DSX files
- [32星][1y] [C++] teammolecule/toshiba-mep-idp IDA Pro module for Toshiba MeP processors
- [28星][4y] [C] gdbinit/teloader A TE executable format loader for IDA
- [27星][3y] [Py] w4kfu/ida_loader loader module 收集
- [25星][2m] [Py] ghassani/mclf-ida-loader An IDA file loader for Mobicore trustlet and driver binaries
- [23星][1y] [C++] balika011/belf Balika011's PlayStation 4 ELF loader for IDA Pro 7.0/7.1
- [23星][6y] vtsingaras/qcom-mbn-ida-loader IDA loader plugin for Qualcomm Bootloader Stages
- [20星][3y] [C++] patois/ndsldr Nintendo DS ROM loader module for IDA Pro
- [18星][8y] [Py] rpw/flsloader IDA Pro loader module for Infineon/Intel-based iPhone baseband firmwares
- [17星][8m] [C++] gocha/ida-snes-ldr SNES ROM Cartridge File Loader for IDA (Interactive Disassembler) 6.x
- [16星][10m] [Py] bnbdr/ida-yara-processor 针对已编译Yara规则文件的Loader&&Processor
- 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/Yara |
- [16星][8m] [C++] gocha/ida-65816-module SNES 65816 processor plugin for IDA (Interactive Disassembler) 6.x
- [16星][12m] [Py] lcq2/riscv-ida RISC-V ISA处理器模块
- [16星][1y] [Py] ptresearch/nios2 IDA Pro processor module for Altera Nios II Classic/Gen2 microprocessor architecture
- [13星][2y] [Py] patois/necromancer IDA Pro V850 Processor Module Extension
- [13星][1y] [Py] rolfrolles/hiddenbeeloader IDA loader module for Hidden Bee's custom executable file format
- [10星][4y] [C++] areidz/nds_loader Nintendo DS loader module for IDA Pro 6.1
- [10星][6y] [Py] cycad/mbn_loader IDA Pro Loader Plugin for Samsung Galaxy S4 ROMs
- [7星][1y] [C++] fail0verflow/rl78-ida-proc Renesas RL78 processor module for IDA
- [5星][8m] [C++] gocha/ida-spc700-module SNES SPC700 processor plugin for IDA (Interactive Disassembler)
- [3星][8m] [C++] gocha/ida-snes_spc-ldr SNES-SPC700 Sound File Loader for IDA (Interactive Disassembler)
- [2星][2m] [C] cisco-talos/ida_tilegx This is an IDA processor module for the Tile-GX processor architecture
PDB
- [87星][4m] [C++] mixaill/fakepdb 通过IDA数据库生成PDB文件
- [38星][1y] [Py] ax330d/ida_pdb_loader IDA PDB Loader
- [14星][1y] [CMake] gdataadvancedanalytics/bindifflib Automated library compilation and PDB annotation with CMake and IDA Pro
- [2星][5m] [Py] clarkb7/annotate_lineinfo Annotate IDA with source and line number information from a PDB
Flash&&SWF
- [33星][1y] [Py] kasperskylab/actionscript3 SWF Loader、ActionScript3 Processor和 IDA 调试辅助插件
- [27星][4y] [C++] nihilus/ida-pro-swf 处理SWF文件
特定样本家族
- [9星][2y] [Py] d00rt/easy_way_nymaim IDA脚本, 用于去除恶意代码nymaim的混淆,创建干净的idb
- [8星][3y] [Py] thngkaiyuan/mynaim Nymaim 家族样本反混淆插件
- 重复区段: 工具/反混淆 |
- [4星][2y] [Py] immortalp0ny/fyvmdisassembler 对 FinSpy VM进行反虚拟化/反汇编的IDAPython脚本
- [4星][7m] [C] lacike/gandcrab_string_decryptor 解密 GandCrab v5.1-5.3 中的字符串
- 重复区段: 工具/字符串 |
CTF
- [130星][2y] [Py] pwning/defcon25-public DEFCON 25 某Talk用到的 反汇编器和 IDA 模块
IDAPython本身
未分类
- [707星][10d] [Py] idapython/src IDAPython源码
- [365星][1m] [Py] tmr232/sark IDAPython的高级抽象
- [249星][2y] [Py] intezer/docker-ida 在Docker容器中执行IDA, 以自动化/可扩展/分布式的方式执行IDAPython脚本
- [79星][4y] idapython/bin IDAPython binaries
- [65星][2y] [Py] alexander-hanel/idapython6to7 None
- [43星][1y] [Py] nirizr/pytest-idapro 辅助对IDAPython脚本进行单元测试
- [28星][2y] [Py] kerrigan29a/idapython_virtualenv 在IDAPython中启用Virtualenv或Conda,使可以有多个虚拟环境
- [23星][3y] [Py] devttys0/idascript IDA的Wrapper,在命令行中自动对目标文件执行IDA脚本
cheatsheets
- [232星][2m] [Py] inforion/idapython-cheatsheet Scripts and cheatsheets for IDAPython
指令参考&文档
- [494星][12m] [PLpgSQL] nologic/idaref 指令参考插件.
- [441星][3m] [C++] alexhude/friend 反汇编显示增强, 文档增强插件
- 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
- [242星][2y] [Py] gdelugre/ida-arm-system-highlight 用于高亮和解码 ARM 系统指令
- [104星][28d] [Py] neatmonster/amie 针对ARM架构的
FRIEND
插件, 文档增强 - [45星][8y] [Py] zynamics/msdn-plugin-ida Imports MSDN documentation into IDA Pro
- [25星][3y] [AutoIt] yaseralnajjar/ida-msdn-helper IDA Pro MSDN Helper
辅助脚本编写
未分类
- [383星][3y] [Py] 36hours/idaemu 基于Unicorn引擎的代码模拟插件
- 重复区段: 工具/模拟器集成 |
- [271星][10d] [Py] fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
- 重复区段: 工具/模拟器集成 |
- [135星][11d] [Py] arizvisa/ida-minsc IDA-minsc is a plugin for IDA Pro that assists a user with scripting the IDAPython plugin that is bundled with the disassembler. This plugin groups the different aspects of the IDAPython API into a simpler format which allows a reverse engineer to script aspects of their work with very little investment. Smash that "Star" button if you like this.
- [97星][26d] [Py] patois/idapyhelper IDAPython脚本编写辅助
- [74星][3m] [C++] 0xeb/ida-qscripts IDA“最近脚本/执行脚本”的进化版
- 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
- [42星][5m] [C++] 0xeb/ida-climacros 在IDA命令行接口中定义和使用静态/动态的宏
- [32星][2y] [CMake] zyantific/ida-cmake 使用CMake编译C++编写的IDA脚本
- [22星][1y] [Py] nirizr/idasix IDAPython兼容库。创建平滑的IDA开发流程,使相同代码可应用于多个IDA/IDAPython版本
- [4星][6m] inndy/idapython-cheatsheet scripting IDA like a Pro
Qt
- [25星][12m] techbliss/ida_pro_ultimate_qt_build_guide Ida Pro Ultimate Qt Build Guide
- [13星][2m] [Py] tmr232/cute 在IDAPython中兼容QT4/QT5
- [9星][3y] [Py] techbliss/ida_pro_screen_recorder PyQt plugin for Ida Pro for Screen recording.
控制台&&窗口界面
- [260星][20d] [Py] eset/ipyida 集成IPython控制台
- [231星][2y] [Jupyter Notebook] james91b/ida_ipython 嵌入IPython内核,集成IPython
- [175星][4m] [Py] techbliss/python_editor Python脚本编辑窗口
插件模板
- [5星][2y] [C++] patois/ida_vs2017 IDA 7.x VS 2017 项目模板
- [4星][5y] [JS] nihilus/ida-pro-plugin-wizard-for-vs2013 None
其他语言
- [22星][3y] [Java] cblichmann/idajava Java integration for Hex-Rays IDA Pro
- [8星][3y] [C++] nlitsme/idaperl 在IDA中使用Perl编写脚本
古老的
- [163星][4y] [Py] osirislab/fentanyl 简化打补丁
- [127星][6y] [C++] crowdstrike/crowddetox None
- [94星][5y] [Py] nihilus/ida-idc-scripts 多个IDC脚本收集
- [83星][6y] [Py] einstein-/hexrays-python Python bindings for the Hexrays Decompiler
- [76星][5y] [PHP] v0s/plus22 Tool to analyze 64-bit binaries with 32-bit Hex-Rays Decompiler
- [63星][5y] [C] nihilus/idastealth None
- [40星][6y] [C++] wirepair/idapinlogger Logs instruction hits to a file which can be fed into IDA Pro to highlight which instructions were called.
- [39星][10y] izsh/ida-python-scripts IDA Python Scripts
- [39星][8y] [Py] zynamics/bincrowd-plugin-ida BinCrowd Plugin for IDA Pro
- [35星][8y] [Py] zynamics/ida2sql-plugin-ida None
- [27星][4y] [C++] luorui110120/idaplugins 一堆IDA插件,无文档
- [21星][10y] [C++] sporst/ida-pro-plugins Collection of IDA Pro plugins I wrote over the years
- [18星][10y] [Py] binrapt/ida Python script which extracts procedures from IDA Win32 LST files and converts them to correctly dynamically linked compilable Visual C++ inline assembly.
- [15星][7y] [Py] nihilus/optimice None
- [10星][10y] jeads-sec/etherannotate_ida EtherAnnotate IDA Pro Plugin - Parse EtherAnnotate trace files and markup IDA disassemblies with runtime values
- [6星][10y] [C] jeads-sec/etherannotate_xen EtherAnnotate Xen Ether Modification - Adds a feature to Ether that pulls register values and potential string values at each instruction during an instruction trace.
调试&&动态运行&动态数据
未分类
- [390星][11m] [C++] cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
- 重复区段: 工具/模拟器集成 |
- [184星][5y] [C++] nihilus/scyllahide 用户模式反-反调试
- [105星][2m] [Py] danielplohmann/apiscout 简化导入API恢复。可以从内存中恢复API信息。包含命令行版本和IDA插件。可以处理PE头被抹掉等ImpRec/ImpRec无法处理的情况。
- [81星][4y] [C++] wjp/idados DOSBox调试器插件
- 重复区段: 工具/针对特定分析目标/未分类 |
- [56星][7y] [Py] cr4sh/ida-vmware-gdb 辅助Windows内核调试
- [42星][5y] [Py] nihilus/idasimulator 扩展IDA的条件断点支持,在被调试进行中使用Python代码替换复杂的执行代码
- [38星][2y] [Py] thecjw/ida_android_script 辅助Android调试的IDAPython脚本
- 重复区段: 工具/Android |
- [22星][5y] [Py] techbliss/scylladumper Ida Plugin to Use the Awsome Scylla plugin
- [14星][5y] [Py] techbliss/free_the_debuggers 自动加载并执行调试器插件??
- [0星][2y] [Py] benh11235/ida-windbglue 与远程WinDBG调试服务器进行连接的"胶水"脚本
DBI数据
- [929星][12m] [Py] gaasedelen/lighthouse 从DBI中收集代码覆盖情况,在IDA/Binja中映射、浏览、查看
- coverage-frida 使用Frida收集信息
- coverage-pin 使用Pin收集覆盖信息
- 插件 支持IDA和BinNinja
- [133星][1y] [Py] carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
- 重复区段: 工具/导入导出&与其他工具交互/IntelPin |工具/漏洞/未分类 |
- IDA插件
- PinTracer
- [129星][3y] [Py] friedappleteam/frapl 在Frida Client和IDA之间建立连接,将运行时信息直接导入IDA,并可直接在IDA中控制Frida
- 重复区段: 工具/导入导出&与其他工具交互/Frida |
- IDA插件
- Frida脚本
- [121星][5y] [C++] zachriggle/ida-splode 使用Pin收集动态运行数据, 导入到IDA中查看
- [117星][2y] [C++] 0xphoenix/mazewalker 使用Pin收集数据,导入到IDA中查看
- [88星][8y] [C] neuroo/runtime-tracer 使用Pin收集运行数据并在IDA中显示
- [79星][3y] [Py] davidkorczynski/repeconstruct 自动脱壳并重建二进制文件
- [51星][10m] [Py] cisco-talos/dyndataresolver 动态数据解析: 在IDA中控制DyRIO执行程序的指定部分, 记录执行过程后传回数据到IDA
- [20星][8m] [C++] secrary/findloop 使用DyRIO查找执行次数过多的代码块
- [15星][12m] [C++] agustingianni/instrumentation PinTool收集。收集数据可导入到IDA中
调试数据
-
[595星][2m] [Py] 0xgalz/virtuailor 利用IDA调试获取的信息,自动创建C++的虚表
-
重复区段: 工具/结构体&&类的检测&&创建&&恢复/C++类&&虚表 |
查看详情
-
-
[383星][4m] [Py] ynvb/die 使用IDA调试器收集动态运行信息, 辅助静态分析
-
[378星][4y] [Py] deresz/funcap 使用IDA调试时记录动态信息, 辅助静态分析
-
[103星][3y] [Py] c0demap/codemap Hook IDA,调试命中断点时将寄存器/内存信息保存到数据库,在web浏览器中查看
反编译器&&AST
-
[1661星][6m] [C++] yegord/snowman Snowman反编译器,支持x86, AMD64, ARM。有独立的GUI工具、命令行工具、IDA/Radare2/x64dbg插件,也可以作为库使用
-
[1317星][1y] [C++] rehints/hexrayscodexplorer 反编译插件, 多功能
-
重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
查看详情
-
-
[465星][4y] [Py] einstein-/decompiler 多后端的反编译器, 支持IDA和Capstone.
-
[400星][2m] [C++] avast/retdec-idaplugin retdec 的 IDA 插件
-
[291星][5y] [C++] smartdec/smartdec 反编译器, 带IDA插件(进阶版为: snowman)
-
[286星][5y] [Py] aaronportnoy/toolbag 反编译强化插件
-
[225星][6m] [Py] patois/dsync 反汇编和反编译窗口同步插件
- 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
-
[167星][1y] [Py] tintinweb/ida-batch_decompile 将多个文件及其import用附加注释(外部参照,堆栈变量大小)反编译到pseudocode.c文件
-
[149星][1y] [Py] ax330d/hrdev 反编译输出增强: 使用Python Clang解析标准的IDA反编译结果
-
[103星][7m] [Py] sibears/hrast 演示如何修改AST(抽象语法树)
-
[89星][5m] [Py] patois/hrdevhelper 反编译函数CTree可视化
-
[41星][30d] [Py] patois/mrspicky IDA反编译器脚本,辅助审计对于memcpy() 和memmove()函数的调用
- 重复区段: 工具/漏洞/未分类 |
-
[23星][1y] [C++] dougallj/dj_ida_plugins 向Hex-Rays反编译器添加VMX intrinsics
反混淆
- [1351星][2m] [Py] fireeye/flare-floss 自动从恶意代码中提取反混淆后的字符串
- [539星][2y] [Py] anatolikalysch/vmattack 基于虚拟化的壳的分析(静态/动态)与反混淆
- 重复区段: 工具/针对特定分析目标/未分类 |
- [290星][3m] [C++] rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
- 重复区段: 工具/Microcode |
- [202星][2y] [Py] tkmru/nao 移除死代码(dead code), 基于Unicorn引擎
- 重复区段: 工具/模拟器集成 |
- [47星][2y] [Py] riscure/drop-ida-plugin Experimental opaque predicate detection for IDA Pro
- [22星][3m] [Py] jonathansalwan/x-tunnel-opaque-predicates IDA+Triton plugin in order to extract opaque predicates using a Forward-Bounded DSE. Example with X-Tunnel.
- 重复区段: 工具/污点分析&&符号执行 |
- [8星][3y] [Py] thngkaiyuan/mynaim Nymaim 家族样本反混淆插件
- 重复区段: 工具/针对特定分析目标/特定样本家族 |
效率&&导航&&快速访问&&图形&&图像&&可视化
其他
-
[1317星][1y] [C++] rehints/hexrayscodexplorer 反编译插件, 多功能
-
重复区段: 工具/反编译器&&AST |
查看详情
-
-
[441星][3m] [C++] alexhude/friend 反汇编显示增强, 文档增强插件
- 重复区段: 工具/指令参考&文档 |
-
[362星][1m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
-
[327星][2m] [Py] pfalcon/scratchabit 交互式反汇编工具, 有与IDAPython兼容的插件API
-
[225星][6m] [Py] patois/dsync 反汇编和反编译窗口同步插件
- 重复区段: 工具/反编译器&&AST |
-
[183星][28d] [Py] danigargu/dereferencing 调试时寄存器和栈显示增强
-
[130星][2y] [Py] comsecuris/ida_strcluster 扩展IDA的字符串导航功能
- 重复区段: 工具/字符串 |
-
[98星][1y] [Py] darx0r/stingray 递归查找函数和字符串
- 重复区段: 工具/字符串 |工具/函数相关/导航&&查看&&查找 |
-
[80星][1y] [Py] ax330d/functions-plus 解析函数名称,按命名空间分组,将分组结果以树的形式展示
- 重复区段: 工具/函数相关/导航&&查看&&查找 |
-
[74星][3m] [C++] 0xeb/ida-qscripts IDA“最近脚本/执行脚本”的进化版
- 重复区段: 工具/辅助脚本编写/未分类 |
-
[48星][2m] [C++] jinmo/ifred IDA command palette & more (Ctrl+Shift+P, Ctrl+P)
-
[40星][4m] [Py] tmr232/brutal-ida 在IDA 7.3中禁用Undo/Redo
-
[23星][6y] [C++] cr4sh/ida-ubigraph IDA Pro plug-in and tools for displaying 3D graphs of procedures using UbiGraph
-
[17星][2y] [Py] tmr232/graphgrabber 获取IDA图的全分辨率图像
-
[5星][2y] [Py] handsomematt/ida_func_ptr 右键菜单中快速拷贝函数指针定义
显示增强
- [200星][1m] [Py] patois/idacyber 交互式数据可视化插件
- [149星][1y] [Py] ax330d/hrdev 反编译输出增强: 使用Python Clang解析标准的IDA反编译结果
- 重复区段: 工具/反编译器&&AST |
- [104星][2y] [Py] danigargu/idatropy 使用idapython和matplotlib的功能生成熵和直方图的图表
- [89星][5m] [Py] patois/hrdevhelper 反编译函数CTree可视化
- 重复区段: 工具/反编译器&&AST |
- [47星][1m] [Py] patois/xray 根据正则表达式对IDA反编译输出的特定内容进行高亮显示
- [20星][3m] [C++] revspbird/hightlight 反编译窗口中代码块和括号高亮
- [5星][3y] [Py] oct0xor/ida_pro_graph_styling call/jump指令高亮显示
- [5星][2y] [C] teppay/ida 指令高亮,黑色主题
- [4星][2y] [Py] andreafioraldi/idaretaddr 在IDA调试器中高亮函数的返回地址
- 重复区段: 工具/函数相关/未分类 |
图形&&图像
- [2562星][4m] [Java] google/binnavi 二进制分析IDE, 对反汇编代码的控制流程图和调用图进行探查/导航/编辑/注释.(IDA插件的作用是导出反汇编)
- [231星][2y] [C++] fireeye/simplifygraph 复杂graphs的简化
- [39星][8m] [Py] rr-/ida-images 图像预览插件,辅助查找图像解码函数(运行复杂代码,查看内存中是否存在图像)
搜索
- [149星][2y] [Py] ga-ryo/idafuzzy 模糊搜索: 命令/函数/结构体
- 重复区段: 工具/函数相关/导航&&查看&&查找 |
- [64星][3y] [Py] xorpd/idsearch 搜索工具
- [23星][5m] [Py] alexander-hanel/hansel IDA搜索插件
Android
- [223星][2y] [Py] strazzere/android-scripts Android逆向脚本收集
- [158星][1m] [Py] nforest/droidimg Android/Linux vmlinux loader
- 重复区段: 工具/ELF |工具/针对特定分析目标/Loader&Processor |
- [115星][4y] [Py] cvvt/dumpdex 基于IDA python的Android DEX内存dump工具
- [79星][2y] [Py] zhkl0228/androidattacher IDA debugging plugin for android armv7 so
- [39星][5y] [Py] techbliss/adb_helper_qt_super_version All You Need For Ida Pro And Android Debugging
- [38星][2y] [Py] thecjw/ida_android_script 辅助Android调试的IDAPython脚本
- 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
- [16星][7y] [C++] strazzere/dalvik-header-plugin Dalvik Header Plugin for IDA Pro
Apple&&macOS&&iXxx&&Objective-C&&SWift&&Mach-O
未分类
- [173星][2y] [Py] duo-labs/idapython Duo 实验室使用的IDAPython 脚本收集
- 重复区段: 工具/固件&&嵌入式设备 |
- cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
- amnesia 使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
- REobjc 在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
- [167星][8y] [Py] zynamics/objc-helper-plugin-ida 辅助Objective-C二进制文件的分析
- [19星][2y] aozhimin/ios-monitor-resources 对各厂商的 iOS SDK 性能监控方案的整理和收集后的资源
- [17星][9y] [C++] alexander-pick/patchdiff2_ida6 patched up patchdiff2 to compile and work with IDA 6 on OSX
- [14星][8y] [Standard ML] letsunlockiphone/iphone-baseband-ida-pro-signature-files IDA签名文件,iPhone基带逆向
- 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/未分类 |
内核缓存
- [168星][12m] [Py] bazad/ida_kernelcache 使用IDA Pro重建iOS内核缓存的C++类
- 重复区段: 工具/结构体&&类的检测&&创建&&恢复/未分类 |
- [137星][8y] stefanesser/ida-ios-toolkit 辅助处理iOS kernelcache的IDAPython收集
- [50星][1y] [Py] synacktiv-contrib/kernelcache-laundering load iOS12 kernelcaches and PAC code in IDA
Mach-O
- [47星][7m] [C] gdbinit/extractmacho IDA plugin to extract Mach-O binaries located in the disassembly or data
- [18星][3y] [C] cocoahuke/iosdumpkernelfix This tool will help to fix the Mach-O header of iOS kernel which dump from the memory. So that IDA or function symbol-related tools can loaded function symbols of ios kernel correctly
- [17星][8y] [C] gdbinit/machoplugin IDA plugin to Display Mach-O headers
Swift
- [17星][3y] [Py] tylerha97/swiftdemang Demangle Swift
- [17星][4y] [Py] gsingh93/ida-swift-demangle 对Swift函数名进行demangle
- 重复区段: 工具/函数相关/demangle |
ELF
- [518星][2y] [C] lunixbochs/patchkit 给ELF文件打补丁(命令行+IDA插件)(可编写Python回调,C函数替换等)
- 重复区段: 工具/补丁&&Patch |
- IDA插件
- patchkit
- [202星][5y] [C] snare/ida-efiutils 辅助ELF逆向
- [158星][1m] [Py] nforest/droidimg Android/Linux vmlinux loader
- 重复区段: 工具/Android |工具/针对特定分析目标/Loader&Processor |
- [125星][7m] [Py] danigargu/syms2elf 将IDA Pro和Radare2识别的符号(目前仅函数)导出到ELF符号表
- 重复区段: 工具/导入导出&与其他工具交互/Radare2 |工具/函数相关/未分类 |
- [90星][2y] [C++] gdbinit/efiswissknife 辅助 (U)EFI reversing 逆向
- [83星][2m] [Py] yeggor/uefi_retool 在UEFI固件和UEFI模块分析中查找专有协议的工具
- [44星][2y] [C] aerosoul94/dynlib 辅助PS4用户模式ELF逆向
- 重复区段: 工具/针对特定分析目标/PS3&&PS4 |
- [44星][4y] [Py] danse-macabre/ida-efitools 辅助逆向ELF文件
- [43星][4y] [Py] strazzere/idant-wanna ELF header abuse
Microcode
- [290星][3m] [C++] rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
- 重复区段: 工具/反混淆 |
- [186星][4m] [C++] chrisps/hexext 通过操作microcode, 优化反编译器的数据
- [60星][4m] [Py] patois/genmc 显示Hex-Rays 反编译器的Microcode,辅助开发Microcode插件
- [43星][1m] [Py] idapython/pyhexraysdeob 工具 RolfRolles/HexRaysDeob 的Python版本
- [19星][8m] [Py] neatmonster/mcexplorer 工具 RolfRolles/HexRaysDeob 的 Python 版本
模拟器集成
- [482星][12m] [Py] alexhude/uemu 基于Unicorn的模拟器插件
- [390星][11m] [C++] cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
- 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
- [383星][3y] [Py] 36hours/idaemu 基于Unicorn引擎的代码模拟插件
- 重复区段: 工具/辅助脚本编写/未分类 |
- [271星][10d] [Py] fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
- 重复区段: 工具/辅助脚本编写/未分类 |
- [202星][2y] [Py] tkmru/nao 移除死代码(dead code), 基于Unicorn引擎
- 重复区段: 工具/反混淆 |
- [124星][3y] [Py] codypierce/pyemu 在IDA中使用x86模拟器
作为辅助&&构成其他的一环
- [1515星][16d] [Py] lifting-bits/mcsema 将x86, amd64, aarch64二进制文件转换成LLVM字节码
- [416星][25d] [C] mcgill-dmas/kam1n0-community 汇编代码管理与分析平台(独立工具+IDA插件)
- [27星][4y] [Scheme] yifanlu/cgen CGEN的Fork,增加了生成IDA IDP模块的支持
- [23星][2y] [Py] tintinweb/unbox Unbox is a convenient one-click unpack and decompiler tool that wraps existing 3rd party applications like IDA Pro, JD-Cli, Dex2Src, and others to provide a convenient archiver liker command line interfaces to unpack and decompile various types of files
漏洞
未分类
-
[489星][6m] [Py] danigargu/heap-viewer 查看glibc堆, 主要用于漏洞开发
-
[376星][2y] [Py] 1111joe1111/ida_ea 用于辅助漏洞开发和逆向
-
[362星][1m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
-
重复区段: 工具/字符串 |工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
查看详情
-
-
[137星][7m] [Py] iphelix/ida-sploiter 辅助漏洞研究
-
[133星][1y] [Py] carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
-
[41星][30d] [Py] patois/mrspicky IDA反编译器脚本,辅助审计对于memcpy() 和memmove()函数的调用
- 重复区段: 工具/反编译器&&AST |
-
[32星][6y] [Py] coldheat/quicksec IDAPython script for quick vulnerability analysis
ROP
- [53星][3y] [Py] patois/drgadget 开发和分析ROP链
- [19星][1y] [Py] lucasg/idarop 列举并存储ROP gadgets
补丁&&Patch
- [713星][12m] [Py] keystone-engine/keypatch 汇编/补丁插件, 支持多架构, 基于Keystone引擎
- [518星][2y] [C] lunixbochs/patchkit 给ELF文件打补丁(命令行+IDA插件)(可编写Python回调,C函数替换等)
- [87星][5y] [Py] iphelix/ida-patcher 二进制文件和内存补丁
- [42星][3y] [C++] mrexodia/idapatch IDA plugin to patch IDA Pro in memory.
- [30星][3m] [Py] scottmudge/debugautopatch Patching system improvement plugin for IDA.
- [16星][8y] [C++] jkoppel/reprogram Patch binaries at load-time
- [0星][7m] [Py] tkmru/genpatch 生成用于打补丁的Python脚本
其他
- [120星][2y] [Shell] feicong/ida_for_mac_green IDAPro 绿化增强版 (macOS)
- [28星][4m] angelkitty/ida7.0
- [16星][2y] jas502n/ida7.0-pro IDA7.0 下载
函数相关
未分类
- [125星][7m] [Py] danigargu/syms2elf 将IDA Pro和Radare2识别的符号(目前仅函数)导出到ELF符号表
- 重复区段: 工具/ELF |工具/导入导出&与其他工具交互/Radare2 |
- [11星][2y] [C++] fireundubh/ida7-functionstringassociate FunctionStringAssociate plugin by sirmabus, ported to IDA 7
- [4星][2y] [Py] andreafioraldi/idaretaddr 在IDA调试器中高亮函数的返回地址
- [2星][4m] [Py] farzonl/idapropluginlab3 通过静态分析使用的函数,描述恶意代码的行为
重命名&&前缀&&标记
- [285星][1m] [Py] a1ext/auto_re 自动化函数重命名
- [117星][5y] [C++] zyantific/retypedef 函数名称替换,可以自定义规则
- [95星][2y] [Py] gaasedelen/prefix IDA 插件,为函数添加前缀
- [47星][3y] [Py] alessandrogario/ida-function-tagger 根据函数使用的导入表,对函数进行标记
- [21星][11m] [Py] howmp/comfinder 查找标记COM组件中的函数
- 重复区段: 工具/针对特定分析目标/未分类 |
- [3星][4y] [Py] ayuto/discover_win 对比Linux和Windows二进制文件,对Windows文件未命名的函数进行自动重命名
- 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/未分类 |
导航&&查看&&查找
- [178星][5m] [Py] hasherezade/ida_ifl 交互式函数列表
- [149星][2y] [Py] ga-ryo/idafuzzy 模糊搜索: 命令/函数/结构体
- 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /搜索 |
- [98星][1y] [Py] darx0r/stingray 递归查找函数和字符串
- 重复区段: 工具/字符串 |工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
- [80星][1y] [Py] ax330d/functions-plus 解析函数名称,按命名空间分组,将分组结果以树的形式展示
- 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
- [33星][3y] [Py] darx0r/reef 显示"由指定函数发起的"交叉应用。可以理解为函数内部引用的其他函数
demangle
- [17星][4y] [Py] gsingh93/ida-swift-demangle 对Swift函数名进行demangle
- [14星][1y] [Py] ax330d/exports-plus 修复IDA不显示全部导出项以及不对导出项名称进行demangle的问题
污点分析&&符号执行
- [924星][16d] [OCaml] airbus-seclab/bincat 二进制代码静态分析工具。值分析(寄存器、内存)、污点分析、类型重建和传播(propagation)、前向/后向分析
- 重复区段: 工具/结构体&&类的检测&&创建&&恢复/未分类 |
- [863星][2y] [C++] illera88/ponce 简化污点分析+符号执行
- [22星][3m] [Py] jonathansalwan/x-tunnel-opaque-predicates IDA+Triton plugin in order to extract opaque predicates using a Forward-Bounded DSE. Example with X-Tunnel.
- 重复区段: 工具/反混淆 |
字符串
-
[1351星][2m] [Py] fireeye/flare-floss 自动从恶意代码中提取反混淆后的字符串
-
[362星][1m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
-
重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |工具/漏洞/未分类 |
查看详情
-
-
[178星][17d] [Py] joxeankoret/idamagicstrings 从字符串常量中提取信息
-
[130星][2y] [Py] comsecuris/ida_strcluster 扩展IDA的字符串导航功能
- 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
-
[98星][1y] [Py] darx0r/stingray 递归查找函数和字符串
-
[45星][5y] [Py] kyrus/ida-translator 将IDB数据库中的任意字符集转换为Unicode,然后自动调用基于网页的翻译服务(当前只有谷歌翻译)将非英文语言翻译为英文
-
[4星][3y] [C#] andreafioraldi/idagrabstrings 在指定地址区间内搜索字符串,并将其映射为C结构体
- 重复区段: 工具/结构体&&类的检测&&创建&&恢复/未分类 |
-
[4星][7m] [C] lacike/gandcrab_string_decryptor 解密 GandCrab v5.1-5.3 中的字符串
- 重复区段: 工具/针对特定分析目标/特定样本家族 |
加密解密
- [424星][26d] [Py] polymorf/findcrypt-yara 使用Yara规则查找加密常量
- 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/Yara |
- [122星][2m] [Py] you0708/ida 查找加密常量
- [41星][7y] [C++] vlad902/findcrypt2-with-mmx 对findcrypt2插件的增强,支持MMX AES指令
TODO
- 对工具进行更细致的分类
- 为工具添加详细的中文描述,包括其内部实现原理和使用方式
- 添加非Github repo
- 补充文章
- 修改已添加文章的描述
文章
未分类
- 2019.10 [amossys] 探秘Hex-Rays microcode
- 2019.07 [kienbigmummy] Cách export data trong IDA
- 2019.05 [360_anquanke_learning] IDAPython实战项目——DES算法识别
- 2019.05 [carbonblack] fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA
- 2019.05 [aliyun_xz] 混淆IDA F5的一个小技巧-x86
- 2019.03 [freebuf] Ponce:一键即可实现符号执行(IDA插件)
- 2019.03 [360_anquanke_learning] 为CHIP-8编写IDA processor module
- 2019.01 [pediy_new_digest] [原创]IDA7.2安装包分析
- 2019.01 [pediy_new_digest] [原创]IDA 在解析 IA64 中的 brl 指令时存在一个 Bug
- 2019.01 [ly0n] Cracking with IDA (redh@wk 2.5 crackme)
- 2018.11 [hexblog] IDA 7.2 – The Mac Rundown
- 2018.11 [pediy_new_digest] [原创]IDA动态调试ELF
- 2018.10 [pediy_new_digest] [原创] 修复 IDA Pro 7.0在macOS Mojave崩溃的问题
- 2018.10 [ptsecurity_blog] Modernizing IDA Pro: how to make processor module glitches go away
- 2018.10 [aliyun_xz] IDA-minsc在Hex-Rays插件大赛中获得第二名(2)
- 2018.10 [aliyun_xz] IDA-minsc在Hex-Rays插件大赛中获得第二名(1)
- 2018.10 [aliyun_xz] 通过两个IDAPython插件支持A12 PAC指令和iOS12 kernelcache 重定位
- 2018.09 [cisco_blogs] IDA-minsc Wins Second Place in Hex-Rays Plugins Contest
- 2018.09 [dustri] IDAPython vs. r2pipe
- 2018.06 [pediy_new_digest] [翻译]在IDA中使用Python Z3库来简化函数中的算术运算
- 2018.05 [hexblog] IDAPython: wrappers are only wrappers
- 2018.05 [tradahacking] So sánh binary bằng IDA và các công cụ bổ trợ
- 2018.04 [pediy_new_digest] [翻译]IDAPython-Book(Alexander Hanel)
- 2018.03 [hexblog] IDA on non-OS X/Retina Hi-DPI displays
- 2018.03 [pediy_new_digest] [翻译]IDA v6.5 文本执行
- 2018.02 [pediy_new_digest] [原创]逆向技术之熟悉IDA工具
- 2018.01 [pediy_new_digest] [原创]ARM Linux下搭建IDA Pro远程调试环境
- 2018.01 [pediy_new_digest] [翻译]对抗IDA Pro调试器ARM反汇编的技巧
- 2017.12 [youtube_OALabs] Debugging shellcode using BlobRunner and IDA Pro
- 2017.12 [pediy_new_digest] [原创]IDA7.0 Mac 插件编译指南
- 2017.12 [pediy_new_digest] [原创]IDA 插件- FRIEND 的安装和使用
- 2017.12 [youtube_BinaryAdventure] IDAPython Tutorial with example script
- 2017.11 [youtube_OALabs] How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro
- 2017.11 [pediy_new_digest] [原创]IDAPython脚本分享 - 自动在JNI_OnLoad下断点
- 2017.11 [pediy_new_digest] [求助]IDA Pro调试so,附加完毕,跳到目标so基址,但是内容都是DCB伪指令?
- 2017.11 [youtube_OALabs] IDA Pro Malware Analysis Tips
- 2017.10 [hexblog] IDA and common Python issues
- 2017.10 [pediy_new_digest] [分享]IDA + VMware 调试win7 x64
- 2017.06 [pediy_new_digest] [翻译]IDA Hex-Rays反编译器使用的一些小技巧
- 2017.06 [qmemcpy] IDA series, part 2: debugging a .NET executable
- 2017.06 [qmemcpy] IDA series, part 1: the Hex-Rays decompiler
- 2017.05 [3gstudent] 逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe
- 2017.05 [pediy_new_digest] [原创] IDA导入Jni.h
- 2017.05 [oct0xor] Advanced Ida Pro Instruction Highlighting
- 2017.05 [repret] 静态分析提高 Fuzzing 的代码覆盖率:使用 IDA 脚本枚举所有 CMP 指令及与CMP 相关的 JUMP 指令,生成反转 CMP 条件的字典,Fuzzing 时由 KFUZZ 注入。
- 2017.04 [osandamalith] 使Windows Loader直接执行ShellCode,IDA载入文件时崩溃,而且绕过大多数杀软。
- 2017.04 [hexacorn] IDA, hotpatched functions and signatures that don’t work…
- 2017.04 [_0xec] Remote debugging in IDA Pro by http tunnelling
- 2017.03 [pediy_new_digest] [翻译]如何让 IDA Pro 使用我们提供的 Python 版本以及如何在 Chroot 的环境中运行 IDA Pro
- 2017.01 [kudelskisecurity] SANS Holiday Hack Challenge 2016
- 2016.12 [adelmas] API Hooking with IDA Pro
- 2016.12 [hexacorn] IDA, function alignment and signatures that don’t work…
- 2016.10 [_0x90] Build IDA Pro KeyPatch for Fedora Linux
- 2016.05 [lucasg] Do not load dll from System32 directly into IDA
- 2016.04 [hexacorn] Creating IDT/IDS files for IDA from MS libraries with symbols
- 2016.02 [pediy_new_digest] [原创]翻译,IDA调试Dalvik
- 2016.01 [pediy_new_digest] [原创]Android 5.0 + IDA 6.8 调试经验分享
- 2016.01 [insinuator] Dynamic IDA Enrichment (aka. DIE)
- 2016.01 [360_anquanke_learning] 在OSX上编译非osx ida pro插件
- 2016.01 [adventuresincyberchallenges] SANS Holiday Hack Quest 2015
- 2015.12 [yifan] CGEN for IDA Pro
- 2015.12 [pediy_new_digest] 调试篇---安卓arm/x86平台之IDA or GDB长驱直入
- 2015.12 [hexacorn] IDAPython – making strings decompiler-friendly
- 2015.12 [pediy_new_digest] [原创]IDA Pro 6.8 安装密码爆破的可行性分析
- 2015.11 [govolution] Very first steps with IDA
- 2015.08 [pediy_new_digest] [原创]一步步搭建ida pro动态调试SO环境。
- 2015.07 [hexblog] Hack of the day #0: Somewhat-automating pseudocode HTML generation, with IDAPython.
- 2015.06 [msreverseengineering_blog] Transparent Deobfuscation with IDA Processor Module Extensions
- 2015.02 [pediy_new_digest] [原创]使用IDA PRO+OllyDbg+PEview 追踪windows API 动态链接库函数的调用过程。
- 2014.12 [hexblog] Augmenting IDA UI with your own actions.
- 2014.10 [vexillium] SECURE 2014 slide deck and Hex-Rays IDA Pro advisories published
- 2014.10 [pediy_new_digest] [原创]解决IDA的F5(hexray 1.5)不能用于FPU栈用满的情况
- 2014.08 [3xp10it_archive] ida插件使用备忘录
- 2014.08 [3xp10it_archive] ida通过usb调试ios下的app
- 2014.08 [3xp10it_archive] ida批量下断点追踪函数调用
- 2014.08 [3xp10it_archive] ida插件使用备忘录
- 2014.08 [3xp10it_archive] ida插件mynav
- 2014.08 [3xp10it_archive] ida通过usb调试ios下的app
- 2014.08 [3xp10it_archive] ida批量下断点追踪函数调用
- 2014.07 [hexblog] IDA Dalvik debugger: tips and tricks
- 2014.04 [hexblog] Extending IDAPython in IDA 6.5: Be careful about the GIL
- 2014.03 [zdziarski] The Importance of Forensic Tools Validation
- 2014.03 [evilsocket] Programmatically Identifying and Isolating Functions Inside Executables Like IDA Does.
- 2014.02 [silentsignal_blog] From Read to Domain Admin – Abusing Symantec Backup Exec with Frida
- 2013.12 [hexblog] Interacting with IDA through IPC channels
- 2013.06 [trustwave_SpiderLabs_Blog] 使用IDA调试Android库
- 2013.05 [v0ids3curity] Defeating anti-debugging techniques using IDA and x86 emulator plugin
- 2013.05 [hexblog] Loading your own modules from your IDAPython scripts with idaapi.require()
- 2013.04 [hexblog] Installing PIP packages, and using them from IDA on a 64-bit machine
- 2013.03 [pediy_new_digest] [原创]IDA Demo6.4破解笔记
- 2012.11 [redplait] pyside for ida pro 6.3 - part 2
- 2012.10 [redplait] AVX/XOP instructions processor extender for IDA Pro
- 2012.10 [redplait] IDA Pro 6.3 SDK is broken ?
- 2012.10 [redplait] pyside for ida pro 6.3
- 2012.09 [redplait] IDA loader of .dcu files from XE3
- 2012.08 [tencent_security_blog] 浅谈IDA脚本在漏洞挖掘中的应用
- 2012.07 [cr4] VMware + GDB stub + IDA
- 2012.06 [pediy_new_digest] [原创]PRX loader for IDA
- 2012.06 [pediy_new_digest] [翻译]API Call Tracing - PEfile, PyDbg and IDAPython
- 2012.05 [redplait] dcu files loader for ida pro v2
- 2012.05 [redplait] dcu files loader for ida pro
- 2012.03 [redplait] updated perl binding for IDA Pro
- 2012.03 [pediy_new_digest] [原创]IDA批量模式
- 2012.02 [pediy_new_digest] [原创]IDA Android Remote Debug
- 2012.01 [pediy_new_digest] [原创]IDA 6.1 bool 及 默认对齐 sizeof 设置永久修复
- 2011.12 [redplait] IDA 5.60 PICode analyzer plugin for win64
- 2011.10 [reverse_archives] How to create IDA C/C++ plugins with Xcode
- 2011.10 [pediy_new_digest] [转帖]IDA PRO 6.1 远程调试 Android
- 2011.09 [pediy_new_digest] [推荐]IDA sp-analysis failed 不能F5的 解决方案之(一)
- 2011.08 [pediy_new_digest] [原创]用IDA Pro + OD 来分析扫雷
- 2011.08 [pediy_new_digest] [原创]IDA + GDBServer实现iPhone程序远程调试
- 2011.08 [redplait] perl inside IDA Pro
- 2011.07 [redplait] несколько pdb в ida pro
- 2011.07 [pediy_new_digest] [原创]IDA + Debug 插件 实现64Bit Exe脱壳
- 2011.06 [pediy_new_digest] [翻译]使用VMWare GDB和IDA调试Windows内核
- 2011.05 [pediy_new_digest] [分享]IDA 6.1 版本不能F5的解决办法
- 2011.05 [pediy_new_digest] [原创]IDAPython+OdbgScript动态获取程序执行流程
- 2011.03 [pediy_new_digest] [原创]Ida Pro Advanced 6.0 中木马分析
- 2011.03 [pediy_new_digest] [原创]IDA SDK合并jmp乱序插件代码示例阅读
- 2011.01 [hexblog] IDA & Qt: Under the hood
- 2010.12 [pediy_new_digest] [原创]ida 静态分析 破除时间限制
- 2010.10 [pediy_new_digest] [下载]IDA pro代码破解揭秘的随书例子下载
- 2010.10 [hexblog] Calculating API hashes with IDA Pro
- 2010.09 [publicintelligence] (U//FOUO) FBI Warning: Extremists Likely to Retaliate Against Florida Group’s Planned “International Burn A Koran Day”
- 2010.08 [mattoh] Exporting IDA function for IDC Script Usage
- 2010.07 [hexblog] Implementing command completion for IDAPython
- 2010.07 [hexblog] Running scripts from the command line with idascript
- 2010.06 [hexblog] Extending IDC and IDAPython
- 2010.04 [hexblog] Kernel debugging with IDA Pro / Windbg plugin and VirtualKd
- 2010.03 [hexblog] Using custom viewers from IDAPython
- 2010.01 [hexblog] Debugging ARM code snippets in IDA Pro 5.6 using QEMU emulator
- 2009.12 [pediy_new_digest] [原创]Symbian_Remote_Debugger_With_IDA
- 2009.10 [pediy_new_digest] [原创]IDA学习笔记
- 2009.09 [hexblog] Develop your master boot record and debug it with IDA Pro and the Bochs debugger plugin
- 2009.02 [hexblog] Advanced Windows Kernel Debugging with VMWare and IDA’s GDB debugger
- 2008.10 [evilcodecave] IDA Pro Enhances Hostile Code Analysis Support
- 2008.09 [pediy_new_digest] [原创]ShellCode Locator for IDA 5.2
- 2008.08 [evilcodecave] IDA Debugger Malformed SEH Causes Crash
- 2008.04 [pediy_new_digest] [原创]idb_2_pat for ida pro V5.2
- 2007.08 [pediy_new_digest] [原创]基于 ida 的反汇编转换 Obj 的可行性 笔记(1)
- 2007.04 [pediy_new_digest] [翻译]Pinczakko的AwardBIOS逆向工程指导
- 2007.02 [pediy_new_digest] IDA Plugin 编写基础
- 2006.09 [pediy_new_digest] [翻译]Using IDA Pro's Debugger
- 2006.09 [pediy_new_digest] [翻译]Customizing IDA Pro
- 2006.08 [msreverseengineering_blog] Defeating HyperUnpackMe2 with an IDA Processor Module
- 2004.11 [pediy_new_digest] 又说 IDA 边界修改插件
Tips&&Tricks
- 2019.07 [hexacorn] Batch decompilation with IDA / Hex-Rays Decompiler
- 2019.06 [openanalysis] Disable ASLR for Easier Malware Debugging With x64dbg and IDA Pro
- 2019.06 [youtube_OALabs] Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro
- 2019.06 [openanalysis] Reverse Engineering C++ Malware With IDA Pro: Classes, Constructors, and Structs
- 2019.06 [youtube_OALabs] Reverse Engineering C++ Malware With IDA Pro
- 2019.03 [aliyun_xz] IDA Pro7.0使用技巧总结
- 2018.06 [checkpoint_research] Scriptable Remote Debugging with Windbg and IDA Pro
- 2015.07 [djmanilaice] 在PyCharm中编写IDAPython脚本时自动提示
- 2015.07 [djmanilaice] 使用IDA自动打开当前目录下的DLL和EXE
恶意代码分析
- 2019.04 [360_anquanke_learning] 两种姿势批量解密恶意驱动中的上百条字串
- 2019.03 [cyber] 使用IDAPython分析Trickbot
- 2019.01 [youtube_OALabs] Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!
- 2018.09 [4hou] Hidden Bee恶意软件家族的定制IDA装载模块开发
- 2018.09 [4hou] 用IDAPython解密Gootkit中的字符串
- 2018.05 [youtube_OALabs] Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg
- 2018.04 [youtube_OALabs] Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)
- 2018.03 [youtube_OALabs] Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request
- 2018.01 [youtube_OALabs] Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
- 2017.11 [youtube_OALabs] Unpacking Process Injection Malware With IDA PRO (Part 2)
- 2017.11 [youtube_OALabs] Unpacking Process Injection Malware With IDA PRO (Part 1)
- 2017.06 [hackers_arise] Reverse Engineering Malware, Part 3: IDA Pro Introduction
- 2017.05 [4hou] 逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe
- 2017.05 [3gstudent] 逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe
- 2012.06 [trustwave_SpiderLabs_Blog] 使用IDAPython对Flame的字符串进行反混淆
系列文章-Labeless插件介绍
- 2018.10 [checkpoint] Labeless Part 6: How to Resolve Obfuscated API Calls in the Ngioweb Proxy Malware - Check Point Research
- 2018.10 [checkpoint] Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm. - Check Point Research
- 2018.10 [checkpoint] Labeless Part 4: Scripting - Check Point Research
- 2018.08 [checkpoint] Labeless Part 3: How to Dump and Auto-Resolve WinAPI Calls in LockPos Point-of-Sale Malware - Check Point Research
- 2018.08 [checkpoint] Labeless Part 2: Installation - Check Point Research
- 2018.08 [checkpoint] Labeless Part 1: An Introduction - Check Point Research
系列文章-使用IDA从零开始学逆向
- 2019.11 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P25)
- 2019.10 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P24)
- 2019.10 [tradahacking] REVERSING WITH IDA FROM SCRATCH (P23)
- 2019.09 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P21)
- 2019.08 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P20)
- 2019.08 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P19)
- 2019.07 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P18)
- 2019.07 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P17)
- 2019.06 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P16)
- 2019.06 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P15)
- 2019.05 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P14)
- 2019.05 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P13)
- 2019.04 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P12)
- 2019.04 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P11)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P10)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P9)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P8)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P7)
- 2019.03 [tradahacking] REVERSING WITH IDA FROM SCRATCH (P6)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P5)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P4)
- 2019.02 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P3)
- 2019.02 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P2)
- 2019.02 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P1)
系列文章-IDAPython-让你的生活更美好
原文
- 2016.06 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part6
- 2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part5
- 2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part4
- 2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part3
- 2015.12 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part2
- 2015.12 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part1
译文
- 2016.01 [freebuf] IDAPython:让你的生活更美好(五)
- 2016.01 [freebuf] IDAPython:让你的生活更美好(四)
- 2016.01 [freebuf] IDAPython:让你的生活更美好(三)
- 2016.01 [freebuf] IDAPython:让你的生活更美好(二)
- 2016.01 [freebuf] IDAPython:让你的生活更美好(一)
系列文章-使用IDA逆向C代码
- 2019.01 [ly0n] Reversing C code with IDA part V
- 2019.01 [ly0n] Reversing C code with IDA part IV
- 2019.01 [ly0n] Reversing C code with IDA part III
- 2018.12 [ly0n] Reversing C code with IDA part II
- 2018.01 [ly0n] Reversing C code with IDA part I
工具&&插件&&脚本介绍
- 2019.10 [vmray_blog] VMRay IDA Plugin v1.1: Streamlining Deep-Dive Malware Analysis
- 2019.10 [talosintelligence_blog] New IDA Pro plugin provides TileGX support
- 2019.09 [talosintelligence_blog] GhIDA: Ghidra decompiler for IDA Pro
- 2019.04 [_0xeb] climacros – IDA productivity tool
- 2019.04 [_0xeb] QScripts – IDA Scripting productivity tool
- 2019.03 [_0xeb] Daenerys: IDA Pro and Ghidra interoperability framework
- 2019.02 [kitploit_home] HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation
- 2019.02 [kitploit_home] Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!
- 2019.01 [talosintelligence_blog] Dynamic Data Resolver (DDR) - IDA Plugin
- 2018.12 [securityonline] HexRaysCodeXplorer: Hex-Rays Decompiler plugin for better code navigation
- 2018.11 [4hou] FLARE脚本系列:使用idawasm IDA Pro插件逆向WebAssembly(Wasm)模块
- 2018.10 [aliyun_xz] 用idawasm IDA Pro逆向WebAssembly模块
- 2018.10 [fireeye_threat_research] FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro Plugin
- 2018.10 [vmray_blog] Introducing the IDA Plugin for VMRay Analyzer
- 2018.09 [ptsecurity_blog] How we developed the NIOS II processor module for IDA Pro
- 2018.09 [talosintelligence_blog] IDA-minsc Wins Second Place in Hex-Rays Plugins Contest
- 2018.09 [msreverseengineering_blog] Weekend Project: A Custom IDA Loader Module for the Hidden Bee Malware Family
- 2018.08 [360_anquanke_learning] Lua程序逆向之为Luac编写IDA Pro处理器模块
- 2018.06 [dougallj] 编写IDA反编译插件之: 处理VMX指令
- 2018.05 [freebuf] HeapViewer:一款专注于漏洞利用开发的IDA Pro插件
- 2018.03 [pediy_new_digest] [翻译]使用 IDAPython 写一个简单的x86模拟器
- 2018.03 [_0xeb] Using Z3 with IDA to simplify arithmetic operations in functions
- 2018.02 [securityonline] IDAPython Embedded Toolkit: IDAPython scripts for automating analysis of firmware of embedded devices
- 2018.02 [_0xeb] Writing a simple x86 emulator with IDAPython
- 2018.01 [fireeye_threat_research] FLARE IDA Pro Script Series: Simplifying Graphs in IDA
- 2017.12 [ret2] What's New in Lighthouse v0.7
- 2017.12 [youtube_OALabs] Using Yara Rules With IDA Pro - New Tool!
- 2017.11 [youtube_hasherezade] IFL - Interactive Functions List - a plugin for IDA Pro
- 2017.11 [securityonline] IDA EA: A set of exploitation/reversing aids for IDA
- 2017.06 [reverse_archives] EFISwissKnife 介绍
- 2017.04 [redplait] etwex - ida plugin for Etw traces IIDs searching
- 2017.04 [360_anquanke_learning] IDAPython:一个可以解放双手的 IDA 插件
- 2017.03 [duksctf] Make IDA Pro Great Again
- 2017.03 [redplait] ida plugin for RFG fixups processing
- 2017.02 [argus_sec] Collaborative Reverse Engineering with PSIDA - Argus Cyber Security
- 2016.01 [eugenekolo] A walk through the binary with IDA
- 2015.12 [360_anquanke_learning] 适用于IDA Pro的CGEN框架
- 2015.12 [freebuf] FLARE IDA Pro的脚本系列:自动化提取函数参数
- 2015.04 [nul] VMProtect + IDA Pro 做一回强悍的加密
- 2015.03 [joxeankoret] Diaphora, a program diffing plugin for IDA Pro
- 2014.10 [devttys0] A Code Signature Plugin for IDA
- 2014.09 [freebuf] 火眼(FireEye)实验室FLARE IDA Pro脚本系列:MSDN注释插件
- 2014.08 [3xp10it_archive] ida插件mynav
- 2014.05 [oct0xor] Deci3dbg - Ida Pro Debugger Module for Playstation 3
- 2013.11 [quarkslab_blog] IDA processor module
- 2013.06 [redplait] IDA loader of .dcu files from XE4
- 2012.07 [reverse_archives] ExtractMachO: an IDA plugin to extract Mach-O binaries from disassembly
- 2011.11 [reverse_archives] Display Mach-O headers plugin for IDA
- 2011.04 [hexblog] VirusTotal plugin for IDA Pro
- 2010.05 [joxeankoret] MyNav, a python plugin for IDA Pro
翻译-TheIDAProBook
- 2008.10 [pediy_new_digest] [翻译]The IDA Pro Book 第六章
- 2008.10 [pediy_new_digest] [翻译](20081030更新)The IDA Pro Book 第12章:使用FLIRT签名识别库
- 2008.10 [pediy_new_digest] [翻译]The IDA Pro Book(第二章)
- 2008.10 [pediy_new_digest] [翻译]The IDA Pro book 第5章---IDA DATA DISPLAY
- 2008.10 [pediy_new_digest] [翻译]The IDA Pro Book(第一章)
翻译-ReverseEngineeringCodeWithIDAPro
- 2009.01 [pediy_new_digest] [原创]Reverse Engineering Code with IDA Pro第七章中文译稿
- 2008.06 [pediy_new_digest] [翻译]Reverse Engineering Code with IDA Pro(第一、二章)
逆向实战
- 2019.06 [devco] 破密行動: 以不尋常的角度破解 IDA Pro 偽隨機數
- 2019.04 [venus_seebug] 使用 IDA Pro 的 REobjc 模块逆向 Objective-C 二进制文件
- 2018.11 [somersetrecon] Introduction to IDAPython for Vulnerability Hunting - Part 2
- 2018.07 [360_anquanke_learning] 如何使用 IDAPython 寻找漏洞
- 2018.07 [somersetrecon] 如何使用IDAPython挖掘漏洞
- 2018.03 [duo_blog_duo_labs] Reversing Objective-C Binaries With the REobjc Module for IDA Pro
- 2006.05 [pediy_new_digest] Themida v1008 驱动程序分析,去除花指令的 IDA 文件
原文:https://github.com/xrkk/awesome-ida
- 登录 发表评论