rsrcExtractor IDA Plugin
/******************************************************************************
* One of the things I always missed in IDA is parsing of resources. IDA has
* option to load resources, but it's nothing more than dummy data.
* This plugin allows us to load resources from file on disk, and see their
* structure. First time you use plugin on existing database you must have
* that file on disk, as only 1st time I'm using file on disk to parse resources
* and store them into netnodes, which allows ppl to share database with full
* resource layout without need to distribute original file.
*
* To use plugin, just press 'P' and you should see resource layout. Before loading
* file, it's smart to select "Load Resources" in IDA, thus Jump to Data option
* will actually work, and you will be able to inspect resources in IDA without
* saving them to the disk.
*
* (c) 2011 deroko of ARTeam
*******************************************************************************/
High Level Assembly IDE
High Level Assembly: http://en.wikipedia.org/wiki/High_Level_Assembly
IDA Name Chang via idc Script
IDA 6.0设置WinDbg调试器路径
在早期版本的IDA中可以直接通过进程选项来设置Windbg的路径,但是在6.0之后这个菜单没了。
但是可以直接编辑ida.cfg文件来设置调试器路径,修改如下内容即可。
//-------------------------------------------------------------------------
// Processor specific parameters
//-------------------------------------------------------------------------
#ifdef __PC__ // INTEL 80x86 PROCESSORS
//
// Location of Microsoft Debugging Engine Library (dbgeng.dll)
// This value is used by both the windmp (dump file loader) and the windbg
// debugger module. Please also refer to dbg_windbg.cfg
// (note: make sure there is a semicolon at the end)
//DBGTOOLS = "C:\\Program Files\\Debugging Tools for Windows (x86)\\";将这一行注释修改为windbg的路径
DBGTOOLS = "C:\\WinDDK\\7600.16385.1\\Debuggers\\";
USE_FPP = YES // Floating Point Processor
// instructions are enabled
// IBM PC specific analyzer options
PC_ANALYZE_PUSH = YES // Convert immediate operand of "push" to offset
//
// In sequence
//
// push seg
// push num
//