ida脚本也有一段时间了,一直有个痛点是找不到比较好的方法热重载脚本来实时改动生效,导致开发效率老慢了。固总结下比较友好的环境搭配
使用ida热加载插件让你开发脚本更高效
github地址: GitHub - 0xeb/ida-qscripts: An IDA plugin to increase productivity when developing scripts for IDA, 这位老外是个知名视频网站小博主,挺多小妙招的
1.下载源码:
|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 | /``/``1.``下载 ida``-``cmake cd ``/``path``/``to``/``ida``/``plugin && git clone https:``/``/``github.com``/``0xeb``/``ida``-``cmake /``/``2.``下载 ida``-``qscripts cd ``/``path``/``to``/``ida``/``idasdk``/``plugins && git clone https:``/``/``github.com``/``0xeb``/``ida``-``qscripts /``/``3.``下载idax cd ``/``path``/``to``/``ida``/``idasdk``/``plugins``/``ida``-``qscripts && git clone https:``/``/``github.com``/``0xeb``/``idax |
2.编译:
-
mac or linux 环境
|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 |/``/``1.``环境变量添加 IDASDK/``/``mac ``orlinuxexport IDASDK``=``/``path``/``to``/``ida``/``idasdk/``/``2.clion直接打开 ida``-``qscripts/``/``3.clion-``-settings ``-``-build,execution,deployment 中 新增配置,并设置 cmake ida插件变量(``64``位的需要)/``/``4.``将编译出来的 qscripts.dylib qscripts64.dylib ``orqscripts.so qscripts.so 手动复制到 ``/``path``/``to``/``ida``/``plugins 中,重启ida即生效|
-
windows 环境
|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 |/``/``1.``设置环境变量setx IDASDK ``/``path``/``to``/``ida``/``idasdk/``/``2.``使用visual studio打开,测试环境为vs2022,打开后在cmakefile中看情况设置/``/``3.vs点击 项目``-``-``> qscripts的 CMake设置,在下面设置才能编译``64``位的dll|
|---|------------------------------------------------------------------------------------|
| 1 |/``/``4.``将 qscripts.dll qscripts64.dll 复制到 ``/``path``/``to``/``ida``/``plugins|
3.运行图:
- ida 运行图
- mac or linux
- windows
- mac or linux
4.pycharm 配置 idapython开发环境
- 代码提示配置
- 打开pycharm的setting --> python interpreter --> showall
- 打开pycharm的setting --> python interpreter --> showall
点击这个图标
添加ida目录下的python3
验证
动态调试
- pycharm 新增一个remote debug
- 点击pycharm debug按钮,此时pycharm会循环监听目标端口
- ida打开qscripts进行加载和监听
命中断点
- 热加载
- ida-qscripts勾选指定idapython脚本后,当修改脚本后,会触发插件reload实现重新载入脚本,自动更新上去了
5.clion 配置 idacpp开发环境
- 代码提示配置
- camkefile中添加ida目录
- camkefile中添加ida目录
这边导入就不报错了
- 简单的插件模板
|----------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | #include <ida.hpp> #include <idp.hpp> #include <loader.hpp> #include <kernwin.hpp> plugmod_t *idaapi init(``void``) { ``msg(``"Plugin initialized!\n"``); ``return PLUGIN_OK; } void idaapi term(``void``) { ``msg(``"Plugin term()\n"``); } bool idaapi run(``size_t arg) { ``msg(``"Plugin run()\n"``); ``return true``; } plugin_t PLUGIN = { ``IDP_INTERFACE_VERSION, ``PLUGIN_UNL, ``//需要这个标记,否则不触发qscripts ``init, ``term, ``run, ``""``, ``""``, ``"Sample plugin"``, ``"" }; |
|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | /``/``cmakefile 配置 cmake_minimum_required(VERSION ``3.26``) project(ByeObf) set``(CMAKE_CXX_STANDARD ``20``) #set(CMAKE_RUNTIME_OUTPUT_DIRECTORY /Applications/IDAPro8.3/ida.app/Contents/MacOS/plugins) include_directories(``/``Applications``/``IDAPro``/``ida.app``/``Contents``/``MacOS``/``plugins``/``hexrays_sdk``/``include``/``) include_directories(``/``Applications``/``IDAPro``/``ida.app``/``Contents``/``MacOS``/``idasdk_pro``/``include``/``) #导入idaapi的目录 set``(PLUGIN_NAME byeobf) set``(PLUGIN_SOURCES library.h library.cpp) set``(PLUGIN_OUTPUT_NAME ${PLUGIN_NAME}) set``(PLUGIN_RUN_ARGS ``"-t"``) include($ENV{IDASDK}``/``ida``-``cmake``/``addons.cmake) |
|---|-------------------|
| 1 | 编译64位插件定义EA64即可 |
- 修改ida-cmake的addons.cmake改编译后的插件生成目录
- 修改 LIBRARY_OUTPUT_DIRECTORY 、RUNTIME_OUTPUT_DIRECTORY_${cfg} 属性,改为/path/to/ida/plugins
- 动态调试
- 这边没测试到搭配了插件能像python那样热重载还能命中得情况,得每次都要手动载入命中
- 热重载
-
1.模板定义了插件名byeobf,需要创建两个文件 byteobf.py 和 byteobf.py.deps.qscripts,确保插件名要一样
-
2.byteobf.py内容
|-------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 |importtimeimportidaapi# Give the linker time to finish flushing the binarytime.sleep(``1``)# Optionally clear the screen:#idaapi.msg_clear()# Load your plugin and pass any arg value you wantidaapi.load_and_run_plugin(``'byeobf'``, ``0``)# Optionally, do post work, etc.| -
3.deps.qscripts内容
- 改为你要触发的插件绝对路径
|---|-----------------------------------------------------------------------------------------|
| 1 |/triggerfile /keep /Applications/IDAPro/ida.app/Contents/MacOS/plugins/byeobf64.dylib| -
4.将byteobf.py 和 byteobf.py.deps.qscripts 放到 /path/to/ida/plugins
-
5.重启ida打开qscripts,导入并双击 byteobf.py,此时你每次重新编译idacpp改动都会被自动载入到ida中了
-
6.效果图请看 ida-qscripts项目
-
6.vs 配置 idacpp开发环境 idapython环境
|---|-----------------------|
| 1 | - 这里大差不差都参考上述改动即可 |
ida-win 7.7下载: [下载]IDA Pro 7.7.220118 (SP1) 全插件绿色版-资源下载-看雪-安全社区|安全招聘|kanxue.com