Hack-Crack 信息安全 【Mars Information Serurity Institute】
站点说明

Scan the QRcode to download

扫描上方二维码下载我的最新应用,Findu(支持iOS Android)关注自己所关注的人,让一切都变的无所遁形,再也不怕搭到黑车啦!

【Findu Today】

本站所破解的程序仅限于分析研究只用,不可用于非法用途,如果喜欢该软件请购买正版。由于程序所造成的损失本人概不负责。

【订阅本站文章】

联系方式:

博客:http://www.h4ck.org.cn

Blog:http://h4ck.ws

微博:http://www.obaby.org.cn

Codes:http://code.h4ck.org.cn

Twitter:http://twitter.com/#!/ob4by

QQ:382291381

danteng link
分类目录/搜索
版权信息:
Nginx Ubuntu php mysql [Valid RSS] Valid CSS!

hacker emblem

知识共享许可协议
火星信息安全研究院 by
obaby is licensed under a Creative Commons 署名-非商业性使用-相同方式共享 2.5 中国大陆 License.
基于www.h4ck.org.cn上的作品创作。

BinDiff is a comparison tool for binary files that helps to quickly find differences and similarities in disassembled code. It is used by security researchers and engineers across the globe to identify and isolate fixes for vulnerabilities in vendor-supplied patches and to analyze multiple versions of the same binary. Another common use case is to transfer analysis results from one binary to another, helping to prevent duplicate analyses of, for example, malware binaries. This also helps to retain knowledge across teams of binary analysts where the individual workflows might vary from analyst to analyst.

More specifically, BinDiff can be used to:

  • Compare binary files for x86, MIPS, ARM/AArch64, PowerPC, and other architectures.
  • Identify identical and similar functions in different binaries.
  • Port function names, comments and local variable names from one disassembly to another.
  • Detect and highlight changes between two variants of the same function.
 
Here is a screenshot demonstrating what using BinDiff to display per-function differences looks like:
 
 
At Google, the BinDiff core engine powers a large-scale malware processing pipeline helping to protect both internal and external users. BinDiff provides the underlying comparison results needed to cluster the world’s malware into related families with billions of comparisons performed so far.
 

继续阅读

idapatch

 

IDA Patcher is a plugin for Hex-Ray’s IDA Pro disassembler designed to enhance IDA’s ability to patch binary files and memory. The plugin is useful for tasks related to malware analysis, exploit development as well as bug patching. IDA Patcher blends into the standard IDA user interface through the addition of a subview and several menu items
Simply copy idapatcher.py into IDA’s plugins folder. The plugin will be automatically loaded the next time you start IDA Pro.
The plugin uses pure IDA Python API, so it should be compatible with all versions of IDA on different platforms. However, it was only extensively tested on IDA Pro 6.5 for Windows with x86, x86-64 and ARM binaries.

Link:http://pan.baidu.com/s/1bnpPvGF

snowman2

  • Enjoys all executable file formats supported by the disassembler.

  • Benefits from IDA’s signature search, parsers of debug information, and demanglers.

  • Decompiles a chosen function or the whole program by push of a button.

  • Allows easy jumping between the disassembler and the decompiled code.

  • Fully integrated into IDA’s GUI.

  • Link:http://derevenets.com/index.html

继续阅读

直接上图,废话就不多说了,目前只有32位的插件,64位的插件编译存在一点点问题,希望能很快解决。 更新64位插件,但是没有合适的二进制文件,未测试!
快捷键为Ctrl+U,该插件只解析未知的并且存在交叉引用的数据格式(数据前缀为unk,如果不是将不会处理),如果是中文已经识别为英文字符串请去掉原来的定义,这样才能重新识别,可以结合2.0版本的进行手工修复。
MachO文件:

macho

继续阅读