dalao 发表于 2013-10-11 15:45

最新的IDA Pro 2013年牛x获奖插件出炉 一等奖1900美元

【推荐】最新的IDA Pro 2013年牛x获奖插件出炉 一等奖1900美元
作者:大老(翻译整理)
qq:79234668
大老的博客:http://blog.sina.com.cn/dalaoqd

2013年的反编译插件。很高兴看到我们的用户会在制作新的插件!
今年我们第一次颁发三个奖项。他们是
一等奖(1900美元):米兰bohacek,hexrays_tools插件
二等奖(950美元):Andrzej dereszowski,funcap插件
第三等奖(450美元):杰森杰夫特,crowddetox插件


3个新的插件分别是


第1名

米兰bohacek hexrays_tools,布拉格查尔斯特大学
这个插件增加了新的功能,许多的编译器和艾达:
使用指针变量的访问在多个功能互动的结构重建
发现一个结构相匹配给定的模式访问指针变量
函数原型:删除删除助手返回类型,参数,转换为__usercall
-从分配到另一个侧式快速传播,或从一个函数调用的函数指针
处理的C++类和虚函数表,用于导航到从编译器支持虚拟函数
结构编辑器的改进
显示图中的树的相关结构
和几个小的特点
评价:此插件是非常在处理复杂的,面向对象的代码。在结构重构和C + +的支持是主要的集锦,甚至更小的特征有助于许多重复性的工作。
原文:
hexrays_tools by Milan Bohacek, Charles University in Prague
This plugin adds dozens of new functions to the decompiler and IDA:

- interactive structure reconstruction using pointer variable accesses across multiple functions
- finding a structure which matches a given pattern of accesses to a pointer variable
- function prototype helpers: remove return type, remove argument, convert to __usercall
- quick propagation of type from one side of assignment to another, or from a function call to the function pointer
- handle C++ classes and virtual function tables, with support for navigation to virtual functions from the decompiler
- structure editor improvements
- show a tree of related structures in a graph
- and several more minor features
Our comments: Milan's plugin is invaluable when dealing with complex, object-oriented code. While structure reconstruction and C++ support are the main highlights, even the smaller features help with many repetitive tasks which are common when dealing with big code bases. It's a clear winner of this year's submissions.


下载地址
https://www.hex-rays.com/contests/2013/hexrays_tools.zip
演示
https://www.hex-rays.com/contests/2013/milan_videos.7z

第2名
funcap由Andrzej dereszowski

这idapython脚本使用IDA的调试API记录程序连同它们的参数的函数调用(前、后)。
这是非常有用的在处理,加壳的软件使用的辅助函数来解密他们的字符串,或程序使许多间接调用。
评价:插件被记录和提供了一些额外的功能。从动态执行信息增广静态反汇编可以加快一个未知的二进制的分析,所以它可能会给许多分析人士带来非常有用的信息!
原文:
funcap by Andrzej Dereszowski
This IDAPython script uses IDA's debugging API to record function calls in a program together with their arguments (before and after).

This is very useful when dealing with malware which uses helper functions to decrypt their strings, or programs which make many indirect calls.

Our comments: The plugin is well-documented and offers several extra features (such as the call graph). Augmenting static disassembly with info from dynamic execution can speed up investigation of an unknown binary, so it will likely be very useful for many analysts!


下载地址
https://www.hex-rays.com/contests/2013/funcap.zip

第3名
crowddetox
说明
crowddetox是一个反编译优化插件。它能解决可能发生在处理模糊处理的二进制文件的问题:垃圾代码分析和去除(无用的代码)。

原文:
CrowdDetox by Jason Geffner
CrowdDetox is another decompiler plugin. It tries to solve the problem which can happen when dealing with obfuscated binaries: removal of junk code (useless code).

Our comments:
While the decompiler already does some dead code removal, it opts for pessimistic approach and doesn't remove code unless it can prove its results are not used. Jason's plugin is useful in situations where you can make more assumptions and be more aggressive in code removal.

We thank Jason for contacting us before the contest and implementing our feedback (e.g. making the plugin optional and not always-on). The code is very well commented and has a supporting whitepaper which explains the approach used.

下载地址
https://www.hex-rays.com/contests/2013/CrowdDetox.zip

原文链接
https://www.hex-rays.com/contests/2013/index.shtml

转载请保留完整谢谢。

夜的静night 发表于 2013-10-11 15:54

xiangjinglin 发表于 2013-10-11 16:01

不错!!谢谢分享了!!!

车俊 发表于 2013-10-11 16:22

这个精品啊,给力啊

amulin 发表于 2013-10-11 18:44

作者:大老

还以为是获奖插件作者

星空不语 发表于 2013-10-13 12:31

人才呐。。。。

122577218 发表于 2013-10-13 20:47

看看咋样

人禾水 发表于 2013-10-28 22:30

真的很强大

easyman 发表于 2013-11-22 10:32


谢谢分享哈

那一抹灬微笑 发表于 2013-11-23 08:51

厉害,顶{:1_921:}
页: [1] 2
查看完整版本: 最新的IDA Pro 2013年牛x获奖插件出炉 一等奖1900美元