Notice
Recent Posts
Recent Comments
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |
Tags
- h5py.File
- ida
- error
- svn update
- Ransomware
- Injection
- idb2pat
- Analysis
- mock.patch
- ecma
- idapython
- data distribution
- 포인터 매핑
- malware
- error fix
- ida pro
- open office xml
- why error
- Python
- javascript
- NumPy Unicode Error
- MySQL
- commandline
- pytest
- Rat
- hex-rays
- debugging
- idapro
- x64
- TensorFlow
Archives
- Today
- Total
13 Security Lab
IDA Pro IDB2PAT for python3 본문
Among the scripting tools provided by IDA pro flare, there is idb2pat.py that creates a signature.
The script is considered to work in python2, so it does not work properly in python3.
In the case of the most recent version, ida pro 7.5, since python3 is the default version, a script error occurs in the normal execution method.
Method 1. Set config USE_PYTHON2
* IDA's install path: path/to/ida_install/python/use_python2
* The 'IDAUSR' directory:
+ ~/.idapro/python/use_python2 (on Linux/OSX)
+ %APPDATA%\Hex-Rays\IDA Pro\python\use_python2 (on Windows)
Create a file called "use_python2" under the install path and make it run as python2. Make the file recognized as a configuration file when ida pro is loaded.
Method 2. Porting to suit python3
It works correctly if the following modifications are reflected.
line 38
iter(itertools.count(start).__next__, end)
line 259
sig += ".." * (32 - (len(sig) // 2))
line 296
for ref_loc, ref in refs.items():
line 417
filename = ask_file(1, name, "Enter the name of the pattern file")
line 467
f.write(b"\r\n")
f.write(b"---")
f.write(b"\r\n")
line 474
f.write(b"\r\n")
f.write(b"---")
f.write(b"\r\n")
IDA Pro FLARE git github.com/fireeye/flare-ida/blob/master/python/flare/idb2pat.py
'Computer Security/Analysis' Related Articles
more
Comments