Hmily 发表于 2010-6-30 23:33

IDA Entropy Plugin 0.1

Utility for entropy calculation of 32-bit executable and binary files released. It can be usefull for express searching of a file blocks with a high entropy - encrypted chunks, encryption keys, etc. Utility can be built as a IDA plugin and as a standalone utility.
It allow to calculate entropy of a sections of the file by utility launch, calculate entropy of any block of the file, build entropy map of a specified section.


http://smokedchicken.org/2010/06/30/ida-ent-gen.PNG


Double-click on the row in ListView copies Address and Length to appropiate fields on the form. Calculate button shows entropy for a data block from StartAddress to StartAddress + Length. Draw button allows to build entropy map of the data block. ChunksSize specifies a length of chunks used for entropy calculation in this mode. And StepSize fileld is used as a indent between current and next chunks. Double-click on the map in IDA plugin mode allows to go to the specified location in IDA listing.


http://smokedchicken.org/2010/06/30/ida-ent-graph.PNG


Deep Analyze button performs a lot of calculations from StartAddress to StartAddress + Length with a varing block size from 1 to ChunkSize and with StepSize indent. If calculated entropy value greater than MaxEntropy for the chunk, it will be added to result report. Double-click on the row in IDA plugin mode allows to go to the specified location in IDA listing.


http://smokedchicken.org/2010/06/30/ida-ent-table.PNG


Launch feature in IDA plugin mode is IDA listing selection check. I.e. utility fills StartAddress, Length and pushs to Calculate button. To start utility as IDA plugin simply copy in to ./IDA/plugins/ and press F11 (default hotkey) or choose Edit -> Plugins ->Entropy plugin.
In standalone mode utility shows GetOpenFileName dialog when started without command-line parameters. Command line format is "ida-ent.exe [-sw] filename", where switches are one of the following: --binary (-b), --pe (-p), --elf (-e). By default utility tries to determine file format (PE, ELF) by checking signature.
Sources (for MS Visual C++ 2008 EE) and precompiled standalone utulity, IDA Pro 5.5 plugin, IDA Free 4.9 plugin are available in the archive.

http://smokedchicken.org/2010/06/ida-entropy-plugin.html

Skyfly 发表于 2010-7-1 00:07

老大 这是什么啊 看不懂-_.-!

bbwtjjw 发表于 2010-7-1 00:12

不错谢谢奉享

reckless 发表于 2010-7-1 15:26

收藏,回复!

Alar30 发表于 2010-7-1 22:12

看看神器的新插件哈

wei123 发表于 2010-7-1 23:37

一直不会IDA..教材不多

goodyou520 发表于 2010-7-17 15:54

不错谢谢奉享
页: [1]
查看完整版本: IDA Entropy Plugin 0.1


免责声明:
吾爱破解所发布的一切破解补丁、注册机和注册信息及软件的解密分析文章仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如有侵权请邮件与我们联系处理。

Mail To:Service@52pojie.cn