标签:操作 ble key off sub 导入 modify let nts
更改数据为结构体和枚举类型//Imports.idc ?г???????????????
//(c) www.PEDIY.com 2000-2008
#include <idc.idc>
static GetImportSeg()
{
auto ea, next, name;
ea = FirstSeg();
next = ea;
while ( (next = NextSeg(next)) != -1) {
name = SegName(next);
if ( substr( name, 0, 6 ) == ".idata" ) break;
}
return next;
}
static main()
{
auto BytePtr, EndImports;
BytePtr = SegStart( GetImportSeg() );
EndImports = SegEnd( BytePtr );
Message(" \n" + "Parsing Import Table...\n");
while ( BytePtr < EndImports ) {
if (LineA(BytePtr, 1) != "") Message("\n" + "____" + LineA(BytePtr,1) + "____" + "\n");
Message(Name(BytePtr) + "\n");
BytePtr = NextAddr(BytePtr);
}
Message("\n" + "Import Table Parsing Complete\n");
}
//exports.idc
//(c) www.PEDIY.com 2000-2008
#include <idc.idc>
static main()
{
auto x, ord, ea;
Message("\n Program Entry Points: \n \n");
for ( x=0; x<= GetEntryPointQty(); x = x+1){ //GetEntryPointQty()得到入口点个数
ord = GetEntryOrdinal( x ); //得到该入口点的序列数
ea = GetEntryPoint( ord );
Message( Name( ea ) + ": Ordinal " + ltoa( ord,16 ) + " at offset " + ltoa( ea, 16) + "\n");
}
Message("\n" + "Export Parsing Complete\n");
}
idc文件如下:
//encrypted.idc
//(c) www.PEDIY.com 2000-2008
#include <idc.idc>
static decrypt(from, size, key ) {
auto i, x;
for ( i=0; i < size; i=i+1 ) {
x = Byte(from);
x = (x^key);
PatchByte(from,x);
from = from + 1;
}
}
static main() {
decrypt(0x00401060,0x15,0x1);
} 如果遇到ida未识别十六进制数据,直接强转为代码即可。
能使IDA能在一系列编译器的标准库里自动找出调用的函数
用法打开如下 signatures
导入我们想加载的库的签名文件 
之后函数就出来了
标签:操作 ble key off sub 导入 modify let nts
原文地址:http://blog.51cto.com/10509896/2139515
