hrdev
詳細參考:
https://github.com/ax330d/hrdev/issues/2
在ida7.0環境下驗證的
1.python是2.7版本,需要安裝對應的clang版本11.0
c:\python27\Scripts\pip.exe install clang
Collecting clang Downloading https://files.pythonhosted.org/packages/ee/9b/2f0594be271803247d95e27c7135fe588c722b57624230b30b47f246184e/clang-11.0.tar.gz Installing collected packages: clang Running setup.py install for clang ... done Successfully installed clang-11.0
2.安裝llvm exe,版本和python綁定的版本一致11.0
LLVM-11.0.0-win64.exe
3.拷貝clang.dll到ida7.0目錄下,並將之拷貝到system32下,因為測試的系統及python和ida都是64位的。
C:\Program Files\IDA 7.0\libclang.dll
c:\windows\system32\libclang.dll
4.下載hrdev,在github上,將之拷貝到ida的plugins目錄下
C:\Program Files\IDA 7.0\plugins
github地址為:
5.使用的時候,默認快捷鍵是alt+F5
參考的文章節選:
Okay two steps are needed to fix that error: 1.Get python clang. That's easy open cmd.exe and run: c:\python27\Scripts\pip.exe install clang 2.Get that libclang.dll and copy it into c:\Program Files\IDA 7.3 Take care for ida64.exe requires a 64-bit version while ida.exe needs a 32-bit version. Use Everything or some other search tool - maybe it's already somewhere hidden on your harddisk. Else well there is llvm but it's f**king big. So llvm 11 installation is 1,5 GB. but all you need from it is that libclang.dll that is just 70MB. So don't install it instead open LLVM-11.0.0-win64.exe in 7-Zip. Go to /bin and extract libclang.dll to the IDA folder. And you are done. To elaborated that 32-bit vs 64-bit thing. Extract 32-bit version to C:\Windows\SysWOW64 and 64-bit version to C:\Windows\System32. Use an old version like https://releases.llvm.org/download.html#3.7.0. Smaller and works as well. To get over that "Please ensure that your python bindings are compatible with your libclang.so version." Error Open C:\python27-x64\lib\site-packages\clang\cindex.py search for 'compatibility_check' and chance to and ya done.compatibility_check = Truecompatibility_check = False Well since there is no doc so far - there is some config file: c:\Program Files\IDA 7.3\plugins\hrdev_plugin\data\config.ini The shortcut Alt-F5 is not well chosen - it is very close to Alt+F4 that will just close IDA. And also clashes with Repeat_RTTI_command bdescr Alt-F5 of the standard plugins.cfg I changed it to Alt+F6 by editing hrdev.py Okay finally seeing hrdev in action I was a little disappointed. All that interactivity got lost. :( Click on a function to open it doesn't work anymore. Rename stuff also got lost. So what is the point of that plugin? A little bit sugar candy in syntax highlighting? Copy and paste the actual function to your favorite editor will probably accomplish the same. Despite the hex number all the time and highlighting probably exploitable string functions like strcpy it won't make it into my toolkit because it is just decreasing usability.