By making
all of the features of Python available to a script developer, IDAPython provides both
an easier path to IDA scripting, because users can leverage their knowledge of Python
Gray Hat Hacking: The Ethical Hacker??™s Handbook
332
rather than learning a new language??”IDC, and a much more powerful scripting interface,
because all of the features of Python including data structures and APIs become
available to the script author. A similar plug-in named IDARub was created by Spoonm
to bring Ruby scripting to IDA as well.
The x86emu Plug-In
The x86emu plug-in by Chris Eagle addresses a different type of problem for the IDA
user, that of analyzing obfuscated code. All too often, malware samples, among other
things, employ some form of obfuscation technique to make disassembly analysis more
difficult. The majority of obfuscation techniques employ some form of self-modifying
code that renders static disassembly listings all but useless other than to analyze the deobfuscation
algorithms. Unfortunately, the de-obfuscation algorithms seldom contain
the malicious behavior of the code being analyzed, and as a result, the analyst is unable
to make much progress until the code can be de-obfuscated and disassembled yet again.
Pages:
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596