首页 > 破解/汇编『Crack/Asm』 > IDA Name Chang via idc Script

IDA Name Chang via idc Script

2011年11月2日
跳到评论 


/////////////////////////////////////////////////////////////////////////////////////////////////////
//Change the unknow names in ida ,such as the IAT struct or the the function names created         //
//by the loadlibrary and getprocadress method.                                                     //
//The data formart show be like fallows:                                                           //
//0x007714F4  CFDictionaryRemoveValue                                                              //
//0x007714F8  CFDictionarySetValue                                                                 //
//The first is a address, and then 2 spaces ,and the last is the function name or the Global names //
//Script by obaby , site:http://www.h4ck.org.cn ,Email:root@h4ck.ws ,Date:15:50 2011-11-2          //
/////////////////////////////////////////////////////////////////////////////////////////////////////
#include 
static main()
{
 Message("====================IDA Name Chang idc Script========================\n");
 Message("                        Code By obaby                                \n");
 Message("                       http://www.h4ck.ws                            \n");
 Message("=====================================================================\n");
 auto func,addr,linetext,oldname,handle,filelen,off,funclen,file,path,oldhandle;
 file = AskFile(1,"*.txt","Please Select the map file");
 path = GetIdbPath();
 path = substr(path, 0, strlen(path) - 4) + "Namebackup.txt";// Back up orginal names
 oldhandle = fopen(path,"w");
 handle = fopen(file,"r");
 off = 0;
 if (handle == 0 || oldhandle == 0)
	{
	 Message("ReadFile or Createfile Error! \n");
	}
 else {
	 filelen = filelength(handle);
	 if (filelen == 0)
		{
			Message("The input file is empty! \n");
		}
	else {
		Message("Now BackUp Old Names and change new names..........\n");
		while (off < filelen)
			{
				linetext = readstr(handle);
				addr = substr(linetext,0,10);			//get the addres
				funclen = strlen(linetext);
				func  = substr(linetext,12,funclen -1 );//get the function name
				off = off + funclen;
				if (strlen(func) == 0)
					{
						break;
					}
				Message("Func addr is %s,and name is %s. \n",addr,func);
				oldname = Name(addr);	//get the old names
				if (strlen(oldname) ==0)
					{
						Message("Error:get name at addr %s Failed.\n",addr);
					}else {
						writestr(oldhandle,addr + "  " + oldname + "\n"); //write the old name and address into the backupfile
					}
				if (!MakeNameEx(addr,func,1))
					{
						Message("Change Paramter Name %s,at Address %X failed.\n",func,addr);
					}
			}		
		}
	fclose(handle);
	fclose(oldhandle);
	Message("Conguratelations,All successed ,now Exit.......\n");
	}
}

 

原创文章,转载请注明: 转载自火星信息安全研究院

本文链接地址: IDA Name Chang via idc Script: http://www.h4ck.org.cn/2011/11/ida-name-chang-via-idc-script/

破解/汇编『Crack/Asm』 ,
«
»
评论 ( 0 )
订阅这里的评论 Trackback 留言
  1. 还没有评论
评论提交中, 请稍候...

留言

:p 8) :lol: =( :8 ;) :(( :o: :[ :) :D :-| :-[) :bloody: :cool: :choler: :love: :oups: :aie: :beurk:
可以使用的标签: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">
Trackbacks & Pingbacks ( 0 )
显示/隐藏 列表
  1. 还没有 trackbacks