轉載:https://www.cnblogs.com/fuhua/p/12738823.html
KeyPatch插件作用:可以直接在IDA中修改arm指令
KeyPatch插件地址:https://github.com/keystone-engine/keypatch
1.首先下載安裝KeyStone,https://github.com/keystone-engine/keystone/releases 目前最新版為0.9.0
下載鏈接:https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win64.msi
2.到https://github.com/keystone-engine/keypatch下載keypatch.py文件,將keypatch.py放到IDA安裝目錄下的 plugins文件夾下
3.啟動IDA,此時可以在IDA菜單Edit選項下看到多出了一個Keypatch選項
findcrypt-yara插件安裝
findcrypt-yara插件作用:搜索文件中的加密算法
findcrypt-yara插件地址:https://github.com/polymorf/findcrypt-yara
1.cmd窗口運行命令pip install yara-python
2.從https://github.com/polymorf/findcrypt-yara下載findcrypt3.py 和 findcrypt3.rules放到IDA的Plugins目錄下
3.打開IDA,Edit->Plugins下可以看到多出了Findcrypt選項
4.測試效果
