{"id":7157,"url":"https://github.com/alphaSeclab/awesome-reverse-engineering","name":"awesome-reverse-engineering","description":"Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts\u0026videos)","projects_count":1455,"last_synced_at":"2026-06-16T02:00:21.733Z","repository":{"id":38050638,"uuid":"227038548","full_name":"alphaSeclab/awesome-reverse-engineering","owner":"alphaSeclab","description":"Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts\u0026videos)","archived":false,"fork":false,"pushed_at":"2021-09-01T16:55:49.000Z","size":1314,"stargazers_count":4942,"open_issues_count":6,"forks_count":899,"subscribers_count":156,"default_branch":"master","last_synced_at":"2026-05-30T11:03:13.557Z","etag":null,"topics":["android-security","angr","apk-analysis","binaryninja","binnavi","cuckoo","dynamorio","frida","gdb","ghidra","ida-plugin","idapro","idapython","intelpt","radare2","reverse-engineering","windbg","x64dbg"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alphaSeclab.png","metadata":{"files":{"readme":"Readme.md","changelog":"history/ReverseEngineering_20191223120344.json","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-12-10T05:45:37.000Z","updated_at":"2026-05-28T13:10:47.000Z","dependencies_parsed_at":"2022-07-09T06:46:24.867Z","dependency_job_id":null,"html_url":"https://github.com/alphaSeclab/awesome-reverse-engineering","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/alphaSeclab/awesome-reverse-engineering","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fawesome-reverse-engineering","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fawesome-reverse-engineering/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fawesome-reverse-engineering/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fawesome-reverse-engineering/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alphaSeclab","download_url":"https://codeload.github.com/alphaSeclab/awesome-reverse-engineering/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fawesome-reverse-engineering/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34387472,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-16T02:00:06.860Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"created_at":"2024-01-12T00:17:27.086Z","updated_at":"2026-06-16T02:00:21.733Z","primary_language":null,"list_of_lists":false,"displayable":true,"categories":["\u003ca id=\"2110ded2aa5637fa933cc674bc33bf21\"\u003e\u003c/a\u003e工具","\u003ca id=\"58cd9084afafd3cd293564c1d615dd7f\"\u003e\u003c/a\u003e工具","\u003ca id=\"004d0b9e325af207df8e1ca61af7b721\"\u003e\u003c/a\u003eLLDB","\u003ca id=\"977cef2fc942ac125fa395254ab70eea\"\u003e\u003c/a\u003eXCode","\u003ca id=\"18c6a45392d6b383ea24b363d2f3e76b\"\u003e\u003c/a\u003e文章","\u003ca id=\"ac43a3ce5a889d8b18cf22acb6c31a72\"\u003e\u003c/a\u003eETW","\u003ca id=\"f24f1235fd45a1aa8d280eff1f03af7e\"\u003e\u003c/a\u003eFrida","\u003ca id=\"95fdc7692c4eda74f7ca590bb3f12982\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"0e08f9478ed8388319f267e75e2ef1eb\"\u003e\u003c/a\u003e插件\u0026\u0026脚本","\u003ca id=\"2d24dd6f0c01a084e88580ad22ce5b3c\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"273df546f1145fbed92bb554a327b87a\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"1d9dec1320a5d774dc8e0e7604edfcd3\"\u003e\u003c/a\u003e工具-新添加的","\u003ca id=\"f11ab1ff46aa300cc3e86528b8a98ad7\"\u003e\u003c/a\u003e插件\u0026\u0026脚本","使用","\u003ca id=\"620af0d32e6ac1f4a3e97385d4d3efc0\"\u003e\u003c/a\u003ePE","\u003ca id=\"fa45b20f6f043af1549b92f7c46c9719\"\u003e\u003c/a\u003e插件\u0026\u0026脚本","\u003ca id=\"22894d6f2255dc43d82dd46bdbc20ba1\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"8dd3e63c4e1811973288ea8f1581dfdb\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"6d8bac8bfb5cda00c7e3bd38d64cbce3\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"f0493b259e1169b5ddd269b13cfd30e6\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"830f40713cef05f0665180d840d56f45\"\u003e\u003c/a\u003eMach-O","\u003ca id=\"bba00652bff1672ab1012abd35ac9968\"\u003e\u003c/a\u003e越狱","\u003ca id=\"ec0a441206d9a2fe1625dce0a679d466\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"c8cdb0e30f24e9b7394fcd5681f2e419\"\u003e\u003c/a\u003eDynamoRIO","\u003ca id=\"b2fca17481b109a9b3b0bc290a1a1381\"\u003e\u003c/a\u003eQBDI","\u003ca id=\"5a9974bfcf7cdf9b05fe7a7dc5272213\"\u003e\u003c/a\u003e其他","\u003ca id=\"4fe330ae3e5ce0b39735b1bfea4528af\"\u003e\u003c/a\u003eangr","\u003ca id=\"2683839f170250822916534f1db22eeb\"\u003e\u003c/a\u003eBinNavi","\u003ca id=\"975d9f08e2771fccc112d9670eae1ed1\"\u003e\u003c/a\u003eGDB","\u003ca id=\"89f963773ee87e2af6f9170ee60a7fb2\"\u003e\u003c/a\u003eDLL","\u003ca id=\"40fd1488e4a26ebf908f44fdcedd9675\"\u003e\u003c/a\u003eUAC","\u003ca id=\"0fed6a96b28f339611e7b111b8f42c23\"\u003e\u003c/a\u003eSysmon","\u003ca id=\"184bbacd8b9e08c30cc9ffcee9513f44\"\u003e\u003c/a\u003eAppLocker","\u003ca id=\"b478e9a9a324c963da11437d18f04998\"\u003e\u003c/a\u003e工具","\u003ca id=\"3939f5e83ca091402022cb58e0349ab8\"\u003e\u003c/a\u003e文章","\u003ca id=\"a63015576552ded272a242064f3fe8c9\"\u003e\u003c/a\u003eELF","\u003ca id=\"89e277bca2740d737c1aeac3192f374c\"\u003e\u003c/a\u003e工具","\u003ca id=\"37eea2c2e8885eb435987ccf3f467122\"\u003e\u003c/a\u003e插件\u0026\u0026脚本","\u003ca id=\"324874bb7c3ead94eae6f1fa1af4fb68\"\u003e\u003c/a\u003eDebug\u0026\u0026调试","\u003ca id=\"9f8d3f2c9e46fbe6c25c22285c8226df\"\u003e\u003c/a\u003eBAP","\u003ca id=\"0971f295b0f67dc31b7aa45caf3f588f\"\u003e\u003c/a\u003eDecompiler\u0026\u0026反编译器","\u003ca id=\"2df6d3d07e56381e1101097d013746a0\"\u003e\u003c/a\u003eDisassemble\u0026\u0026反汇编","\u003ca id=\"b4a856db286f9f29b5a32d477d6b3f3a\"\u003e\u003c/a\u003e插件\u0026\u0026脚本","\u003ca id=\"3034389f5aaa9d7b0be6fa7322340aab\"\u003e\u003c/a\u003e插件\u0026\u0026脚本","\u003ca id=\"5830a8f8fb3af1a336053d84dd7330a1\"\u003e\u003c/a\u003e工具","Uncategorized","\u003ca id=\"70e64e3147675c9bcd48d4f475396e7f\"\u003e\u003c/a\u003eMonitor\u0026\u0026监控\u0026\u0026Trace\u0026\u0026追踪","\u003ca id=\"7b8a493ca344f41887792fcc008573e7\"\u003e\u003c/a\u003eIntelPin"],"sub_categories":["\u003ca id=\"63fd2c592145914e99f837cecdc5a67c\"\u003e\u003c/a\u003e新添加的1","\u003ca id=\"d0108e91e6863289f89084ff09df39d0\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"c20772abc204dfe23f3e946f8c73dfda\"\u003e\u003c/a\u003e工具","\u003ca id=\"7037d96c1017978276cb920f65be2297\"\u003e\u003c/a\u003e工具","\u003ca id=\"3d3bc775abd7f254ff9ff90d669017c9\"\u003e\u003c/a\u003e工具\u0026\u0026插件\u0026\u0026脚本介绍","\u003ca id=\"11c4c804569626c1eb02140ba557bb85\"\u003e\u003c/a\u003e文章","\u003ca id=\"a1a7e3dd7091b47384c75dba8f279caf\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"a4debf888d112b91e56c90136f513ec0\"\u003e\u003c/a\u003e未分类","\u003ca id=\"f7778a5392b90b03a3e23ef94a0cc3c6\"\u003e\u003c/a\u003eGUI","\u003ca id=\"bba1171ac550958141dfcb0027716f41\"\u003e\u003c/a\u003e与其他工具交互","\u003ca id=\"0d086cf7980f65da8f7112b901fecdc1\"\u003e\u003c/a\u003e工具\u0026\u0026插件\u0026\u0026脚本","\u003ca id=\"8f1b9c5c2737493524809684b934d49a\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"c39a6d8598dde6abfeef43faf931beb5\"\u003e\u003c/a\u003e未分类","\u003ca id=\"a8f5db3ab4bc7bc3d6ca772b3b9b0b1e\"\u003e\u003c/a\u003e固件\u0026\u0026嵌入式设备","\u003ca id=\"83de90385d03ac8ef27360bfcdc1ab48\"\u003e\u003c/a\u003e作为辅助\u0026\u0026构成其他的一环","\u003ca id=\"f7d311685152ac005cfce5753c006e4b\"\u003e\u003c/a\u003e与调试器同步\u0026\u0026通信\u0026\u0026交互","\u003ca id=\"e3e7030efc3b4de3b5b8750b7d93e6dd\"\u003e\u003c/a\u003e调试\u0026\u0026动态运行\u0026动态数据","\u003ca id=\"d2166f4dac4eab7fadfe0fd06467fbc9\"\u003e\u003c/a\u003e反编译器\u0026\u0026AST","\u003ca id=\"7199e8787c0de5b428f50263f965fda7\"\u003e\u003c/a\u003e反混淆","\u003ca id=\"7e890d391fa32df27beb1377a371518b\"\u003e\u003c/a\u003e文章","\u003ca id=\"37634a992983db427ce41b37dd9a98c2\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"4187e477ebc45d1721f045da62dbf4e8\"\u003e\u003c/a\u003e未分类","\u003ca id=\"a4bd25d3dc2f0be840e39674be67d66b\"\u003e\u003c/a\u003eTips\u0026\u0026Tricks","\u003ca id=\"04cba8dbb72e95d9c721fe16a3b48783\"\u003e\u003c/a\u003e系列文章-Labeless插件介绍","\u003ca id=\"1a2e56040cfc42c11c5b4fa86978cc19\"\u003e\u003c/a\u003e系列文章-使用IDA从零开始学逆向","\u003ca id=\"e838a1ecdcf3d068547dd0d7b5c446c6\"\u003e\u003c/a\u003e系列文章-IDAPython-让你的生活更美好","\u003ca id=\"8433dd5df40aaf302b179b1fda1d2863\"\u003e\u003c/a\u003e系列文章-使用IDA逆向C代码","\u003ca id=\"ea11818602eb33e8b165eb18d3710965\"\u003e\u003c/a\u003e翻译-TheIDAProBook","\u003ca id=\"ec5f7b9ed06500c537aa25851a3f2d3a\"\u003e\u003c/a\u003e翻译-ReverseEngineeringCodeWithIDAPro","\u003ca id=\"2120fe5420607a363ae87f5d2fed459f\"\u003e\u003c/a\u003eIDA本身","\u003ca id=\"d8e48eb05d72db3ac1e050d8ebc546e1\"\u003e\u003c/a\u003e逆向实战","\u003ca id=\"e9ce398c2c43170e69c95fe9ad8d22fc\"\u003e\u003c/a\u003eMicrocode","\u003ca id=\"9c0ec56f402a2b9938417f6ecbaeaa72\"\u003e\u003c/a\u003eIDA对抗","\u003ca id=\"ce70b8d45be0a3d29705763564623aca\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"8962bde3fbfb1d1130879684bdf3eed0\"\u003e\u003c/a\u003e新添加的1","\u003ca id=\"ce49901b4914f3688ef54585c8f9df1a\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"b7fb955b670df2babc67e5942297444d\"\u003e\u003c/a\u003eGhidra漏洞","\u003ca id=\"dd0d49a5e6bd34b372d9bbf4475e8024\"\u003e\u003c/a\u003e实战分析","\u003ca id=\"da5688c7823802e734c39b539aa39df7\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"92c44f98ff5ad8f8b0f5e10367262f9b\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"2ef75ae7852daa9862b2217dca252cc3\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"6d2b758b3269bac7d69a2d2c8b45194c\"\u003e\u003c/a\u003eReverseEngineering","\u003ca id=\"750700dcc62fbd83e659226db595b5cc\"\u003e\u003c/a\u003e文章","\u003ca id=\"ff19d5d94315d035bbcb3ef0c348c75b\"\u003e\u003c/a\u003e工具","\u003ca id=\"cbb847a025d426a412c7cd5d8a2332b5\"\u003e\u003c/a\u003e文章","\u003ca id=\"86eca88f321a86712cc0a66df5d72e56\"\u003e\u003c/a\u003e文章","\u003ca id=\"a2d228a68b40162953d3d482ce009d4e\"\u003e\u003c/a\u003e文章","\u003ca id=\"f2b5c44c2107db2cec6c60477c6aa1d0\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"9479ce9f475e4b9faa4497924a2e40fc\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"2cf79f93baf02a24d95d227a0a3049d8\"\u003e\u003c/a\u003e文章\u0026\u0026视频","\u003ca id=\"042ef9d415350eeb97ac2539c2fa530e\"\u003e\u003c/a\u003e文章","\u003ca id=\"ff4dc5c746cb398d41fb69a4f8dfd497\"\u003e\u003c/a\u003e文章","\u003ca id=\"37b17362d72f9c8793973bc4704893a2\"\u003e\u003c/a\u003e文章","\u003ca id=\"d86e19280510aee0bcf2599f139cfbf7\"\u003e\u003c/a\u003eCutter","\u003ca id=\"4dcfd9135aa5321b7fa65a88155256f9\"\u003e\u003c/a\u003e新添加","\u003ca id=\"3b4617e54405a32290224b729ff9f2b3\"\u003e\u003c/a\u003eDLL注入","\u003ca id=\"f39e40e340f61ae168b67424baac5cc6\"\u003e\u003c/a\u003eDLL劫持","\u003ca id=\"90d7d5feb7fd506dc8fd6ee0d7e98285\"\u003e\u003c/a\u003e文章","\u003ca id=\"2c8cb7fdf765b9d930569f7c64042d62\"\u003e\u003c/a\u003e文章","\u003ca id=\"286317d6d7c1a0578d8f5db940201320\"\u003e\u003c/a\u003e文章","\u003ca id=\"920b69cea1fc334bbc21a957dd0d9f6f\"\u003e\u003c/a\u003e注册表","\u003ca id=\"fa89526db1f9373c57ea4ffa1ac8c39f\"\u003e\u003c/a\u003eDEP","\u003ca id=\"af06263e9a92f6036dc5d4c4b28b9d8c\"\u003e\u003c/a\u003eProcmon","\u003ca id=\"72d101d0f32d5521d5d305e7e653fdd3\"\u003e\u003c/a\u003e文章","\u003ca id=\"203d00ef3396d68f5277c90279f4ebf3\"\u003e\u003c/a\u003e新添加","\u003ca id=\"1ede5ade1e55074922eb4b6386f5ca65\"\u003e\u003c/a\u003e工具","\u003ca id=\"1afda3039b4ab9a3a1f60b179ccb3e76\"\u003e\u003c/a\u003e其他","\u003ca id=\"fb4f0c061a72fc38656691746e7c45ce\"\u003e\u003c/a\u003e结构体\u0026\u0026类的检测\u0026\u0026创建\u0026\u0026恢复","\u003ca id=\"fabf03b862a776bbd8bcc4574943a65a\"\u003e\u003c/a\u003e外观\u0026\u0026主题","\u003ca id=\"02088f4884be6c9effb0f1e9a3795e58\"\u003e\u003c/a\u003e签名(FLIRT等)\u0026\u0026比较(Diff)\u0026\u0026匹配","\u003ca id=\"206ca17fc949b8e0ae62731d9bb244cb\"\u003e\u003c/a\u003e协作逆向\u0026\u0026多人操作相同IDB文件","\u003ca id=\"6fb7e41786c49cc3811305c520dfe9a1\"\u003e\u003c/a\u003e导入导出\u0026与其他工具交互","\u003ca id=\"004c199e1dbf71769fbafcd8e58d1ead\"\u003e\u003c/a\u003e针对特定分析目标","\u003ca id=\"9dcc6c7dd980bec1f92d0cc9a2209a24\"\u003e\u003c/a\u003e字符串","功能","\u003ca id=\"2ae406afda6602c8f02d73678b2ff040\"\u003e\u003c/a\u003eGhidra","\u003ca id=\"fa49f65b8d3c71b36c6924ce51c2ca0c\"\u003e\u003c/a\u003eHotFix","\u003ca id=\"7f353b27e45b5de6b0e6ac472b02cbf1\"\u003e\u003c/a\u003eXposed","\u003ca id=\"50f63dce18786069de2ec637630ff167\"\u003e\u003c/a\u003e加壳\u0026\u0026脱壳","\u003ca id=\"bb9f8e636857320abf0502c19af6c763\"\u003e\u003c/a\u003eDebug\u0026\u0026调试","\u003ca id=\"1d83ca6d8b02950be10ac8e4b8a2d976\"\u003e\u003c/a\u003eObfuscate\u0026\u0026混淆","\u003ca id=\"9b0f5682dc818c93c4de3f46fc3f43d0\"\u003e\u003c/a\u003e工具","\u003ca id=\"6c4841dd91cb173093ea2c8d0b557e71\"\u003e\u003c/a\u003e工具","\u003ca id=\"a5336a0f9e8e55111bda45c8d74924c1\"\u003e\u003c/a\u003e工具","\u003ca id=\"d22bd989b2fdaeda14b64343b472dfb6\"\u003e\u003c/a\u003e工具","\u003ca id=\"f10e9553770db6f98e8619dcd74166ef\"\u003e\u003c/a\u003e工具","\u003ca id=\"e67c18b4b682ceb6716388522f9a1417\"\u003e\u003c/a\u003e工具","\u003ca id=\"59f472c7575951c57d298aef21e7d73c\"\u003e\u003c/a\u003e工具","\u003ca id=\"574db8bbaafbee72eeb30e28e2799458\"\u003e\u003c/a\u003e工具","\u003ca id=\"02517eda8c2519c564a19219e97d6237\"\u003e\u003c/a\u003e工具","\u003ca id=\"d48f038b58dc921660be221b4e302f70\"\u003e\u003c/a\u003e工具","\u003ca id=\"0af4bd8ca0fd27c9381a2d1fa8b71a1f\"\u003e\u003c/a\u003e工具","\u003ca id=\"d90b60dc79837e06d8ba2a7ee1f109d3\"\u003e\u003c/a\u003e.NET","\u003ca id=\"6d2fe834b7662ecdd48c17163f732daf\"\u003e\u003c/a\u003eEnvironment\u0026\u0026环境\u0026\u0026配置","\u003ca id=\"5f4381b0a90d88dd2296c2936f7e7f70\"\u003e\u003c/a\u003e工具","\u003ca id=\"ec3f0b5c2cf36004c4dd3d162b94b91a\"\u003e\u003c/a\u003eRadare2","\u003ca id=\"90bf5d31a3897400ac07e15545d4be02\"\u003e\u003c/a\u003e函数相关","\u003ca id=\"1ded622dca60b67288a591351de16f8b\"\u003e\u003c/a\u003e漏洞","\u003ca id=\"c08ebe5b7eec9fc96f8eff36d1d5cc7d\"\u003e\u003c/a\u003e辅助脚本编写","\u003ca id=\"34ac84853604a7741c61670f2a075d20\"\u003e\u003c/a\u003e污点分析\u0026\u0026符号执行","\u003ca id=\"d295182c016bd9c2d5479fe0e98a75df\"\u003e\u003c/a\u003e系统调用","\u003ca id=\"596b6cf8fd36bc4c819335f12850a915\"\u003e\u003c/a\u003eHOOK","\u003ca id=\"a750ac8156aa0ff337a8639649415ef1\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"f975a85510f714ec3cc2551e868e75b8\"\u003e\u003c/a\u003eMalware\u0026\u0026恶意代码","\u003ca id=\"929786b8490456eedfb975a41ca9da07\"\u003e\u003c/a\u003e工具","\u003ca id=\"19cfd3ea4bd01d440efb9d4dd97a64d0\"\u003e\u003c/a\u003eVT\u0026\u0026虚拟化\u0026\u0026Hypbervisor","\u003ca id=\"c3cda3278305549f4c21df25cbf638a4\"\u003e\u003c/a\u003e内核\u0026\u0026驱动","\u003ca id=\"353ea40f2346191ecb828210a685f9db\"\u003e\u003c/a\u003ex64dbg","\u003ca id=\"17408290519e1ca7745233afea62c43c\"\u003e\u003c/a\u003e各类App","\u003ca id=\"e72b766bcd3b868c438a372bc365221e\"\u003e\u003c/a\u003e工具","\u003ca id=\"06d2caabef97cf663bd29af2b1fe270c\"\u003e\u003c/a\u003e加密解密","Uncategorized","\u003ca id=\"a7dac37cd93b8bb42c7d6aedccb751b3\"\u003e\u003c/a\u003e收集","\u003ca id=\"8f1876dff78e80b60d00de25994276d9\"\u003e\u003c/a\u003e工具","\u003ca id=\"6922457cb0d4b6b87a34caf39aa31dfe\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"5afa336e229e4c38ad378644c484734a\"\u003e\u003c/a\u003eEmulator\u0026\u0026模拟器","\u003ca id=\"ad68872e14f70db53e8d9519213ec039\"\u003e\u003c/a\u003eIDAPython本身","\u003ca id=\"cd76e644d8ddbd385939bb17fceab205\"\u003e\u003c/a\u003e工具","\u003ca id=\"7d557bc3d677d206ef6c5a35ca8b3a14\"\u003e\u003c/a\u003e补丁\u0026\u0026Patch","\u003ca id=\"846eebe73bef533041d74fc711cafb43\"\u003e\u003c/a\u003e指令参考\u0026文档","\u003ca id=\"5e91b280aab7f242cbc37d64ddbff82f\"\u003e\u003c/a\u003eIDB操作","\u003ca id=\"fcf75a0881617d1f684bc8b359c684d7\"\u003e\u003c/a\u003e效率\u0026\u0026导航\u0026\u0026快速访问\u0026\u0026图形\u0026\u0026图像\u0026\u0026可视化","\u003ca id=\"b38dab81610be087bd5bc7785269b8cc\"\u003e\u003c/a\u003e模拟器集成","\u003ca id=\"7a2977533ccdac70ee6e58a7853b756b\"\u003e\u003c/a\u003eMicrocode","\u003ca id=\"66052f824f5054aa0f70785a2389a478\"\u003e\u003c/a\u003eAndroid","\u003ca id=\"ec395c8f974c75963d88a9829af12a90\"\u003e\u003c/a\u003e打包","\u003ca id=\"fe5a6d7f16890542c9e60857706edfde\"\u003e\u003c/a\u003e工具"],"readme":"# 所有收集类项目:\n- [收集的所有开源工具: sec-tool-list](https://github.com/alphaSeclab/sec-tool-list): 超过18K, 包括Markdown和Json两种格式\n- [全平台逆向资源: awesome-reverse-engineering](https://github.com/alphaSeclab/awesome-reverse-engineering):\n - Windows平台安全: PE/DLL/DLL-Injection/Dll-Hijack/Dll-Load/UAC-Bypass/Sysmon/AppLocker/ETW/WSL/.NET/Process-Injection/Code-Injection/DEP/Kernel/...\n - Linux安全: ELF/...\n - macOS/iXxx安全: Mach-O/越狱/LLDB/XCode/...\n - Android安全: HotFix/XPosed/Pack/Unpack/Emulator/Obfuscate\n - 知名工具: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/...\n- [网络相关的安全资源: awesome-network-stuff](https://github.com/alphaSeclab/awesome-network-stuff): \n - 网络通信: 代理/SS/V2ray/GFW/反向代理/隧道/VPN/Tor/I2P/...\n - 网络攻击: 中间人/PortKnocking/...\n - 网络分析: 嗅探/协议分析/网络可视化/网络分析/网络诊断等\n- [攻击性网络安全资源: awesome-cyber-security](https://github.com/alphaSeclab/awesome-cyber-security): 漏洞/渗透/物联网安全/数据渗透/Metasploit/BurpSuite/KaliLinux/C\u0026C/OWASP/免杀/CobaltStrike/侦查/OSINT/社工/密码/凭证/威胁狩猎/Payload/WifiHacking/无线攻击/后渗透/提权/UAC绕过/...\n- [开源远控和恶意远控分析报告: awesome-rat](https://github.com/alphaSeclab/awesome-rat): 开源远控工具: Windows/Linux/macOS/Android; 远控类恶意恶意代码的分析报告等\n- [Webshell工具和分析/使用文章: awesome-webshell](https://github.com/alphaSeclab/awesome-webshell): Webshell资源收集, 包括150个Github项目, 200个左右文章\n- [取证相关工具和文章: awesome-forensics](https://github.com/alphaSeclab/awesome-forensics): 近300个取开源证工具,近600与取证相关文章\n\n\n\n\n# ReverseEngineering\n\n\n- 跟逆向有关的资源收集。当前包括的工具个数3500+,并根据功能进行了粗糙的分类。部分工具添加了中文描述。当前包括文章数2300+。\n- 此页只包含部分内容. [查看完整版](https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_full.md)\n\n\n\n# 说明\n[EnglishVersion](https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md)\n\n\n# 目录\n- [Windows](#2f81493de610f9b796656b269380b2de)\n - [PE](#620af0d32e6ac1f4a3e97385d4d3efc0)\n - [(68) 工具](#574db8bbaafbee72eeb30e28e2799458)\n - [(324) 文章](#7e890d391fa32df27beb1377a371518b)\n - [DLL](#89f963773ee87e2af6f9170ee60a7fb2)\n - [DLL注入](#3b4617e54405a32290224b729ff9f2b3)\n - [(67) 工具](#b0d50ee42d53b1f88b32988d34787137)\n - [(70) 文章](#1a0b0dab4cdbab08bbdc759bab70dbb6)\n - [DLL劫持](#f39e40e340f61ae168b67424baac5cc6)\n - [(60) 文章](#01e95333e07439ac8326253aa8950b4f)\n - [(18) 工具](#c9cdcc6f4acbeda6c8ac8f4a1ba1ea6b)\n - [新添加](#4dcfd9135aa5321b7fa65a88155256f9)\n - [(16) 文章](#b05f4c5cdfe64e1dde2a3c8556e85827)\n - [(107) 工具](#9753a9d52e19c69dc119bf03e9d7c3d2)\n - [UAC](#40fd1488e4a26ebf908f44fdcedd9675)\n - [(29) 工具](#02517eda8c2519c564a19219e97d6237)\n - [(123) 文章](#90d7d5feb7fd506dc8fd6ee0d7e98285)\n - [Sysmon](#0fed6a96b28f339611e7b111b8f42c23)\n - [(12) 工具](#d48f038b58dc921660be221b4e302f70)\n - [(131) 文章](#2c8cb7fdf765b9d930569f7c64042d62)\n - [ETW](#ac43a3ce5a889d8b18cf22acb6c31a72)\n - [(64) 文章](#11c4c804569626c1eb02140ba557bb85)\n - [(35) 工具](#0af4bd8ca0fd27c9381a2d1fa8b71a1f)\n - [AppLocker](#184bbacd8b9e08c30cc9ffcee9513f44)\n - [(11) 工具](#8f1876dff78e80b60d00de25994276d9)\n - [(93) 文章](#286317d6d7c1a0578d8f5db940201320)\n - [工具](#b478e9a9a324c963da11437d18f04998)\n - [(213) 其他](#1afda3039b4ab9a3a1f60b179ccb3e76)\n - [(10) .NET](#d90b60dc79837e06d8ba2a7ee1f109d3)\n - [新添加的](#f9fad1d4d1f0e871a174f67f63f319d8)\n - [(5) Environment\u0026\u0026环境\u0026\u0026配置](#6d2fe834b7662ecdd48c17163f732daf)\n - [进程注入](#8bfd27b42bb75956984994b3419fb582)\n - [代码注入](#1c6069610d73eb4246b58d78c64c9f44)\n - [内存模块](#7c1541a69da4c025a89b0571d8ce73d2)\n - [(6) VT\u0026\u0026虚拟化\u0026\u0026Hypbervisor](#19cfd3ea4bd01d440efb9d4dd97a64d0)\n - [(8) 内核\u0026\u0026驱动](#c3cda3278305549f4c21df25cbf638a4)\n - [(3) 注册表](#920b69cea1fc334bbc21a957dd0d9f6f)\n - [(4) 系统调用](#d295182c016bd9c2d5479fe0e98a75df)\n - [(3) Procmon](#518d80dfb8e9dda028d18ace1d3f3981)\n - [文章](#3939f5e83ca091402022cb58e0349ab8)\n - [新添加](#8e1344cae6e5f9a33e4e5718a012e292)\n - [(5) Procmon](#af06263e9a92f6036dc5d4c4b28b9d8c)\n - [(68) DEP](#fa89526db1f9373c57ea4ffa1ac8c39f)\n- [Linux](#dc664c913dc63ec6b98b47fcced4fdf0)\n - [ELF](#a63015576552ded272a242064f3fe8c9)\n - [(59) 工具](#929786b8490456eedfb975a41ca9da07)\n - [(102) 文章](#72d101d0f32d5521d5d305e7e653fdd3)\n - [工具](#89e277bca2740d737c1aeac3192f374c)\n - [(99) 新添加](#203d00ef3396d68f5277c90279f4ebf3)\n - [文章](#f6d78e82c3e5f67d13d9f00c602c92f0)\n - [新添加](#bdf33f0b1200cabea9c6815697d9e5aa)\n- [Apple\u0026\u0026iOS\u0026\u0026iXxx](#069664f347ae73b1370c4f5a2ec9da9f)\n - [Mach-O](#830f40713cef05f0665180d840d56f45)\n - [(28) 工具](#9b0f5682dc818c93c4de3f46fc3f43d0)\n - [(24) 文章](#750700dcc62fbd83e659226db595b5cc)\n - [越狱](#bba00652bff1672ab1012abd35ac9968)\n - [(96) 工具](#ff19d5d94315d035bbcb3ef0c348c75b)\n - [(14) 文章](#cbb847a025d426a412c7cd5d8a2332b5)\n - [LLDB](#004d0b9e325af207df8e1ca61af7b721)\n - [(11) 工具](#c20772abc204dfe23f3e946f8c73dfda)\n - [(17) 文章](#86eca88f321a86712cc0a66df5d72e56)\n - [XCode](#977cef2fc942ac125fa395254ab70eea)\n - [(18) 工具](#7037d96c1017978276cb920f65be2297)\n - [(49) 文章](#a2d228a68b40162953d3d482ce009d4e)\n - [工具](#58cd9084afafd3cd293564c1d615dd7f)\n - [(319) 新添加的](#d0108e91e6863289f89084ff09df39d0)\n - [文章\u0026\u0026视频](#c97bbe32bbd26c72ceccb43400e15bf1)\n - [新添加](#d4425fc7c360c2ff324be718cf3b7a78)\n- [Android](#11a59671b467a8cdbdd4ea9d5e5d9b51)\n - [工具](#2110ded2aa5637fa933cc674bc33bf21)\n - [(183) 新添加的](#883a4e0dd67c6482d28a7a14228cd942)\n - [(4) HotFix](#fa49f65b8d3c71b36c6924ce51c2ca0c)\n - [(1) 打包](#ec395c8f974c75963d88a9829af12a90)\n - [(2) 收集](#767078c52aca04c452c095f49ad73956)\n - [(1) 各类App](#17408290519e1ca7745233afea62c43c)\n - [(30) Xposed](#7f353b27e45b5de6b0e6ac472b02cbf1)\n - [(19) 加壳\u0026\u0026脱壳](#50f63dce18786069de2ec637630ff167)\n - [(12) HOOK](#596b6cf8fd36bc4c819335f12850a915)\n - [(9) Emulator\u0026\u0026模拟器](#5afa336e229e4c38ad378644c484734a)\n - [(6) IDA](#0a668d220ce74e11ed2738c4e3ae3c9e)\n - [(11) Debug\u0026\u0026调试](#bb9f8e636857320abf0502c19af6c763)\n - [(34) Malware\u0026\u0026恶意代码](#f975a85510f714ec3cc2551e868e75b8)\n - [(5) Obfuscate\u0026\u0026混淆](#1d83ca6d8b02950be10ac8e4b8a2d976)\n - [(15) ReverseEngineering](#6d2b758b3269bac7d69a2d2c8b45194c)\n - [(319) 新添加的1](#63fd2c592145914e99f837cecdc5a67c)\n - [(2) 文章\u0026\u0026视频](#f0493b259e1169b5ddd269b13cfd30e6)\n- [IDA](#08e59e476824a221f6e4a69c0bba7d63)\n - [插件\u0026\u0026脚本](#f11ab1ff46aa300cc3e86528b8a98ad7)\n - [(97) 未分类](#c39a6d8598dde6abfeef43faf931beb5)\n - [结构体\u0026\u0026类的检测\u0026\u0026创建\u0026\u0026恢复](#fb4f0c061a72fc38656691746e7c45ce)\n - [(6) 未分类](#fa5ede9a4f58d4efd98585d3158be4fb)\n - [(8) C++类\u0026\u0026虚表](#4900b1626f10791748b20630af6d6123)\n - [(3) 收集](#a7dac37cd93b8bb42c7d6aedccb751b3)\n - [(9) 外观\u0026\u0026主题](#fabf03b862a776bbd8bcc4574943a65a)\n - [(4) 固件\u0026\u0026嵌入式设备](#a8f5db3ab4bc7bc3d6ca772b3b9b0b1e)\n - [签名(FLIRT等)\u0026\u0026比较(Diff)\u0026\u0026匹配](#02088f4884be6c9effb0f1e9a3795e58)\n - [(17) 未分类](#cf04b98ea9da0056c055e2050da980c1)\n - [FLIRT签名](#19360afa4287236abe47166154bc1ece)\n - [(3) FLIRT签名收集](#1c9d8dfef3c651480661f98418c49197)\n - [(2) FLIRT签名生成](#a9a63d23d32c6c789ca4d2e146c9b6d0)\n - [(11) Diff\u0026\u0026Match工具](#161e5a3437461dc8959cc923e6a18ef7)\n - [(7) Yara](#46c9dfc585ae59fe5e6f7ddf542fb31a)\n - [(6) IDB操作](#5e91b280aab7f242cbc37d64ddbff82f)\n - [(5) 协作逆向\u0026\u0026多人操作相同IDB文件](#206ca17fc949b8e0ae62731d9bb244cb)\n - [(9) 与调试器同步\u0026\u0026通信\u0026\u0026交互](#f7d311685152ac005cfce5753c006e4b)\n - [导入导出\u0026与其他工具交互](#6fb7e41786c49cc3811305c520dfe9a1)\n - [(13) 未分类](#8ad723b704b044e664970b11ce103c09)\n - [(5) Ghidra](#c7066b0c388cd447e980bf0eb38f39ab)\n - [(3) BinNavi](#11139e7d6db4c1cef22718868f29fe12)\n - [(3) BinaryNinja](#d1ff64bee76f6749aef6100d72bfbe3a)\n - [(2) Radare2](#21ed198ae5a974877d7a635a4b039ae3)\n - [(4) Frida](#a1cf7f7f849b4ca2101bd31449c2a0fd)\n - [(2) IntelPin](#dd0332da5a1482df414658250e6357f8)\n - [针对特定分析目标](#004c199e1dbf71769fbafcd8e58d1ead)\n - [(26) 未分类](#5578c56ca09a5804433524047840980e)\n - [(2) GoLang](#1b17ac638aaa09852966306760fda46b)\n - [(4) Windows驱动](#4c158ccc5aee04383755851844fdd137)\n - [(4) PS3\u0026\u0026PS4](#315b1b8b41c67ae91b841fce1d4190b5)\n - [(33) Loader\u0026Processor](#cb59d84840e41330a7b5e275c0b81725)\n - [(4) PDB](#f5e51763bb09d8fd47ee575a98bedca1)\n - [(2) Flash\u0026\u0026SWF](#7d0681efba2cf3adaba2780330cd923a)\n - [(4) 特定样本家族](#841d605300beba45c3be131988514a03)\n - [(1) CTF](#ad44205b2d943cfa2fa805b2643f4595)\n - [IDAPython本身](#ad68872e14f70db53e8d9519213ec039)\n - [(8) 未分类](#2299bc16945c25652e5ad4d48eae8eca)\n - [(1) 清单](#c42137cf98d6042372b1fd43c3635135)\n - [(6) 指令参考\u0026文档](#846eebe73bef533041d74fc711cafb43)\n - [辅助脚本编写](#c08ebe5b7eec9fc96f8eff36d1d5cc7d)\n - [(9) 未分类](#45fd7cfce682c7c25b4f3fbc4c461ba2)\n - [(3) Qt](#1a56a5b726aaa55ec5b7a5087d6c8968)\n - [(3) 控制台\u0026\u0026窗口界面](#1721c09501e4defed9eaa78b8d708361)\n - [(2) 插件模板](#227fbff77e3a13569ef7b007344d5d2e)\n - [(2) 其他语言](#8b19bb8cf9a5bc9e6ab045f3b4fabf6a)\n - [(16) 古老的](#dc35a2b02780cdaa8effcae2b6ce623e)\n - [调试\u0026\u0026动态运行\u0026动态数据](#e3e7030efc3b4de3b5b8750b7d93e6dd)\n - [(10) 未分类](#2944dda5289f494e5e636089db0d6a6a)\n - [(10) DBI数据](#0fbd352f703b507853c610a664f024d1)\n - [(4) 调试数据](#b31acf6c84a9506066d497af4e702bf5)\n - [(14) 反编译器\u0026\u0026AST](#d2166f4dac4eab7fadfe0fd06467fbc9)\n - [(7) 反混淆](#7199e8787c0de5b428f50263f965fda7)\n - [效率\u0026\u0026导航\u0026\u0026快速访问\u0026\u0026图形\u0026\u0026图像\u0026\u0026可视化 ](#fcf75a0881617d1f684bc8b359c684d7)\n - [(15) 其他](#c5b120e1779b928d860ad64ff8d23264)\n - [(9) 显示增强](#03fac5b3abdbd56974894a261ce4e25f)\n - [(3) 图形\u0026\u0026图像](#3b1dba00630ce81cba525eea8fcdae08)\n - [(3) 搜索](#8f9468e9ab26128567f4be87ead108d7)\n - [(7) Android](#66052f824f5054aa0f70785a2389a478)\n - [Apple\u0026\u0026macOS\u0026\u0026iXxx\u0026\u0026Objective-C\u0026\u0026SWift\u0026\u0026Mach-O](#2adc0044b2703fb010b3bf73b1f1ea4a)\n - [(5) 未分类](#8530752bacfb388f3726555dc121cb1a)\n - [(3) 内核缓存](#82d0fa2d6934ce29794a651513934384)\n - [(3) Mach-O](#d249a8d09a3f25d75bb7ba8b32bd9ec5)\n - [(3) Swift](#1c698e298f6112a86c12881fbd8173c7)\n - [(9) ELF](#e5e403123c70ddae7bd904d3a3005dbb)\n - [(5) Microcode](#7a2977533ccdac70ee6e58a7853b756b)\n - [(6) 模拟器集成](#b38dab81610be087bd5bc7785269b8cc)\n - [(4) 新添加的](#c39dbae63d6a3302c4df8073b4d1cdc8)\n - [(4) 作为辅助\u0026\u0026构成其他的一环](#83de90385d03ac8ef27360bfcdc1ab48)\n - [漏洞](#1ded622dca60b67288a591351de16f8b)\n - [(7) 未分类](#385d6777d0747e79cccab0a19fa90e7e)\n - [(2) ROP](#cf2efa7e3edb24975b92d2e26ca825d2)\n - [(7) 补丁\u0026\u0026Patch](#7d557bc3d677d206ef6c5a35ca8b3a14)\n - [(3) 其他](#7dfd8abad50c14cd6bdc8d8b79b6f595)\n - [函数相关](#90bf5d31a3897400ac07e15545d4be02)\n - [(4) 未分类](#347a2158bdd92b00cd3d4ba9a0be00ae)\n - [(6) 重命名\u0026\u0026前缀\u0026\u0026标记](#73813456eeb8212fd45e0ea347bec349)\n - [(5) 导航\u0026\u0026查看\u0026\u0026查找](#e4616c414c24b58626f834e1be079ebc)\n - [(2) demangle](#cadae88b91a57345d266c68383eb05c5)\n - [(3) 污点分析\u0026\u0026符号执行](#34ac84853604a7741c61670f2a075d20)\n - [(8) 字符串](#9dcc6c7dd980bec1f92d0cc9a2209a24)\n - [(3) 加密解密](#06d2caabef97cf663bd29af2b1fe270c)\n - [文章](#18c6a45392d6b383ea24b363d2f3e76b)\n - [(6) 系列文章-Labeless插件介绍](#04cba8dbb72e95d9c721fe16a3b48783)\n - [(24) 系列文章-使用IDA从零开始学逆向](#1a2e56040cfc42c11c5b4fa86978cc19)\n - [系列文章-IDAPython-让你的生活更美好](#e838a1ecdcf3d068547dd0d7b5c446c6)\n - [(6) 原文](#7163f7c92c9443e17f3f76cc16c2d796)\n - [(5) 译文](#fc62c644a450f3e977af313edd5ab124)\n - [工具\u0026\u0026插件\u0026\u0026脚本介绍](#3d3bc775abd7f254ff9ff90d669017c9)\n - [(51) 未分类](#cd66794473ea90aa6241af01718c3a7d)\n - [(3) Loader\u0026\u0026Processor](#43a4761e949187bf737e378819752c3b)\n - [(1) 与其他工具交互](#c7483f3b20296ac68084a8c866230e15)\n - [(10) Tips\u0026\u0026Tricks](#a4bd25d3dc2f0be840e39674be67d66b)\n - [(125) 未分类](#4187e477ebc45d1721f045da62dbf4e8)\n - [(5) 翻译-TheIDAProBook](#ea11818602eb33e8b165eb18d3710965)\n - [(2) 翻译-ReverseEngineeringCodeWithIDAPro](#ec5f7b9ed06500c537aa25851a3f2d3a)\n - [(5) 系列文章-使用IDA逆向C代码](#8433dd5df40aaf302b179b1fda1d2863)\n - [逆向实战](#d8e48eb05d72db3ac1e050d8ebc546e1)\n - [(11) 未分类](#374c6336120363a5c9d9a27d7d669bf3)\n - [(15) 恶意代码分析](#0b3e1936ad7c4ccc10642e994c653159)\n - [(2) 漏洞分析\u0026\u0026挖掘](#03465020d4140590326ae12c9601ecfd)\n - [(27) 新添加的](#37634a992983db427ce41b37dd9a98c2)\n - [(4) IDA本身](#2120fe5420607a363ae87f5d2fed459f)\n - [(1) Microcode](#e9ce398c2c43170e69c95fe9ad8d22fc)\n - [(1) IDA对抗](#9c0ec56f402a2b9938417f6ecbaeaa72)\n- [Ghidra](#319821036a3319d3ade5805f384d3165)\n - [插件\u0026\u0026脚本](#fa45b20f6f043af1549b92f7c46c9719)\n - [(12) 新添加的](#ce70b8d45be0a3d29705763564623aca)\n - [特定分析目标](#69dc4207618a2977fe8cd919e7903fa5)\n - [(4) 未分类](#da5d2b05da13f8e65aa26d6a1c95a8d0)\n - [(18) Loader\u0026\u0026Processor](#058bb9893323f337ad1773725d61f689)\n - [(2) Xbox](#51a2c42c6d339be24badf52acb995455)\n - [与其他工具交互](#99e3b02da53f1dbe59e0e277ef894687)\n - [(2) Radare2](#e1cc732d1388084530b066c26e24887b)\n - [未分类](#5923db547e1f04f708272543021701d2)\n - [(5) IDA](#d832a81018c188bf585fcefa3ae23062)\n - [(1) DBI](#60e86981b2c98f727587e7de927e0519)\n - [(1) 调试器](#e81053b03a859e8ac72f7fe79e80341a)\n - [(1) 外观\u0026\u0026主题](#cccbd06c6b9b03152d07a4072152ae27)\n - [(4) Ghidra](#2ae406afda6602c8f02d73678b2ff040)\n - [脚本编写](#45910c8ea12447df9cdde2bea425f23f)\n - [(1) 其他](#c12ccb8e11ba94184f8f24767eb64212)\n - [(1) 编程语言](#b24e162720cffd2d2456488571c1a136)\n - [文章\u0026\u0026视频](#273df546f1145fbed92bb554a327b87a)\n - [(30) 新添加的](#ce49901b4914f3688ef54585c8f9df1a)\n - [(4) Ghidra漏洞](#b7fb955b670df2babc67e5942297444d)\n - [实战分析](#dd0d49a5e6bd34b372d9bbf4475e8024)\n - [(3) 漏洞分析\u0026\u0026挖掘](#375c75af4fa078633150415eec7c867d)\n - [(9) 未分类](#f0ab053d7a282ab520c3a327fc91ba2e)\n - [(9) 恶意代码](#4e3f53845efe99da287b2cea1bdda97c)\n - [其他](#92f60c044ed13b3ffde631794edd2756)\n - [Tips\u0026\u0026Tricks](#4bfa6dcf708b3f896870c9d3638c0cde)\n - [(5) 工具\u0026\u0026插件\u0026\u0026脚本](#0d086cf7980f65da8f7112b901fecdc1)\n - [(15) 新添加的1](#8962bde3fbfb1d1130879684bdf3eed0)\n- [x64dbg](#b1a6c053e88e86ce01bbd78c54c63a7c)\n - [插件\u0026\u0026脚本](#b4a856db286f9f29b5a32d477d6b3f3a)\n - [(63) 新添加的](#da5688c7823802e734c39b539aa39df7)\n - [(1) x64dbg](#353ea40f2346191ecb828210a685f9db)\n - [(21) 文章\u0026\u0026视频](#22894d6f2255dc43d82dd46bdbc20ba1)\n- [OllyDbg](#37e37e665eac00de3f55a13dcfd47320)\n - [插件\u0026\u0026脚本](#7834e399e48e6c64255a1a0fdb6b88f5)\n - [(13) 新添加的](#92c44f98ff5ad8f8b0f5e10367262f9b)\n - [(122) 文章\u0026\u0026视频](#8dd3e63c4e1811973288ea8f1581dfdb)\n- [WinDBG](#0a506e6fb2252626add375f884c9095e)\n - [插件\u0026\u0026脚本](#37eea2c2e8885eb435987ccf3f467122)\n - [(67) 新添加的](#2ef75ae7852daa9862b2217dca252cc3)\n - [(155) 文章\u0026\u0026视频](#6d8bac8bfb5cda00c7e3bd38d64cbce3)\n- [Radare2](#86cb7d8f548ca76534b5828cb5b0abce)\n - [插件\u0026\u0026脚本](#0e08f9478ed8388319f267e75e2ef1eb)\n - [(76) 新添加的](#6922457cb0d4b6b87a34caf39aa31dfe)\n - [(1) Radare2](#ec3f0b5c2cf36004c4dd3d162b94b91a)\n - [与其他工具交互](#1a6652a1cb16324ab56589cb1333576f)\n - [(4) 未分类](#dfe53924d678f9225fc5ece9413b890f)\n - [(3) IDA](#1cfe869820ecc97204a350a3361b31a7)\n - [GUI](#f7778a5392b90b03a3e23ef94a0cc3c6)\n - [(4) GUI](#8f151d828263d3bc038f75f8d6418758)\n - [(5) Cutter](#df45c3c60bd074e21d650266aa85c241)\n - [文章\u0026\u0026视频](#95fdc7692c4eda74f7ca590bb3f12982)\n - [(167) 未分类](#a4debf888d112b91e56c90136f513ec0)\n - [(5) Cutter](#d86e19280510aee0bcf2599f139cfbf7)\n- [Cuckoo](#0ae4ddb81ff126789a7e08b0768bd693)\n - [工具](#5830a8f8fb3af1a336053d84dd7330a1)\n - [(40) 新添加的](#f2b5c44c2107db2cec6c60477c6aa1d0)\n - [(62) 文章\u0026\u0026视频](#ec0a441206d9a2fe1625dce0a679d466)\n- [BinaryNinja](#afb7259851922935643857c543c4b0c2)\n - [插件\u0026\u0026脚本](#3034389f5aaa9d7b0be6fa7322340aab)\n - [(58) 新添加的](#a750ac8156aa0ff337a8639649415ef1)\n - [与其他工具交互](#bba1171ac550958141dfcb0027716f41)\n - [(2) 未分类](#c2f94ad158b96c928ee51461823aa953)\n - [(3) IDA](#713fb1c0075947956651cc21a833e074)\n - [(12) 文章\u0026\u0026视频](#2d24dd6f0c01a084e88580ad22ce5b3c)\n- [DBI](#7ab3a7005d6aa699562b3a0a0c6f2cff)\n - [DynamoRIO](#c8cdb0e30f24e9b7394fcd5681f2e419)\n - [工具](#6c4841dd91cb173093ea2c8d0b557e71)\n - [(8) 新添加的](#ff0abe26a37095f6575195950e0b7f94)\n - [(2) DynamoRIO](#3a577a5b4730a1b5b3b325269509bb0a)\n - [(3) 与其他工具交互](#928642a55eff34b6b52622c6862addd2)\n - [(15) 文章\u0026\u0026视频](#9479ce9f475e4b9faa4497924a2e40fc)\n - [IntelPin](#7b8a493ca344f41887792fcc008573e7)\n - [工具](#fe5a6d7f16890542c9e60857706edfde)\n - [(18) 新添加的](#78a2edf9aa41eb321436cb150ea70a54)\n - [与其他工具交互](#e6a829abd8bbc5ad2e5885396e3eec04)\n - [(8) 未分类](#e129288dfadc2ab0890667109f93a76d)\n - [文章\u0026\u0026视频](#226190bea6ceb98ee5e2b939a6515fac)\n - [Frida](#f24f1235fd45a1aa8d280eff1f03af7e)\n - [工具](#a5336a0f9e8e55111bda45c8d74924c1)\n - [(100) 新添加的](#54836a155de0c15b56f43634cd9cfecf)\n - [与其他工具交互](#74fa0c52c6104fd5656c93c08fd1ba86)\n - [(1) 未分类](#00a86c65a84e58397ee54e85ed57feaf)\n - [(3) IDA](#d628ec92c9eea0c4b016831e1f6852b3)\n - [(2) BinaryNinja](#f9008a00e2bbc7535c88602aa79c8fd8)\n - [(2) Radare2](#ac053c4da818ca587d57711d2ff66278)\n - [(1) Frida](#6d3c24e43835420063f9ca50ba805f15)\n - [(92) 文章\u0026\u0026视频](#a1a7e3dd7091b47384c75dba8f279caf)\n - [QBDI](#b2fca17481b109a9b3b0bc290a1a1381)\n - [(1) 工具](#e72b766bcd3b868c438a372bc365221e)\n - [(6) 文章\u0026\u0026视频](#2cf79f93baf02a24d95d227a0a3049d8)\n - [其他](#5a9974bfcf7cdf9b05fe7a7dc5272213)\n - [(4) 工具](#104bc99e36692f133ba70475ebc8825f)\n - [(1) 文章\u0026\u0026视频](#8f1b9c5c2737493524809684b934d49a)\n- [其他](#d3690e0b19c784e104273fe4d64b2362)\n - [ 文章-新添加的](#9162e3507d24e58e9e944dd3f6066c0e)\n - [(284) 工具-新添加的](#1d9dec1320a5d774dc8e0e7604edfcd3)\n - [(3) 工具-其他](#bc2b78af683e7ba983205592de8c3a7a)\n - [angr](#4fe330ae3e5ce0b39735b1bfea4528af)\n - [(27) 工具](#1ede5ade1e55074922eb4b6386f5ca65)\n - [(4) 文章](#042ef9d415350eeb97ac2539c2fa530e)\n - [Debug\u0026\u0026调试](#324874bb7c3ead94eae6f1fa1af4fb68)\n - [(116) 工具](#d22bd989b2fdaeda14b64343b472dfb6)\n - [文章](#136c41f2d05739a74c6ec7d8a84df1e8)\n - [BAP](#9f8d3f2c9e46fbe6c25c22285c8226df)\n - [(26) 工具](#f10e9553770db6f98e8619dcd74166ef)\n - [文章](#e111826dde8fa44c575ce979fd54755d)\n - [BinNavi](#2683839f170250822916534f1db22eeb)\n - [(3) 工具](#2e4980c95871eae4ec0e76c42cc5c32f)\n - [(5) 文章](#ff4dc5c746cb398d41fb69a4f8dfd497)\n - [Decompiler\u0026\u0026反编译器](#0971f295b0f67dc31b7aa45caf3f588f)\n - [(73) 工具](#e67c18b4b682ceb6716388522f9a1417)\n - [文章](#a748b79105651a8fd8ae856a7dc2b1de)\n - [Disassemble\u0026\u0026反汇编](#2df6d3d07e56381e1101097d013746a0)\n - [(30) 工具](#59f472c7575951c57d298aef21e7d73c)\n - [文章](#a6eb5a22deb33fc1919eaa073aa29ab5)\n - [GDB](#975d9f08e2771fccc112d9670eae1ed1)\n - [(80) 工具](#5f4381b0a90d88dd2296c2936f7e7f70)\n - [(102) 文章](#37b17362d72f9c8793973bc4704893a2)\n - [Monitor\u0026\u0026监控\u0026\u0026Trace\u0026\u0026追踪](#70e64e3147675c9bcd48d4f475396e7f)\n - [(29) 工具](#cd76e644d8ddbd385939bb17fceab205)\n- [TODO](#35f8efcff18d0449029e9d3157ac0899)\n\n\n# \u003ca id=\"35f8efcff18d0449029e9d3157ac0899\"\u003e\u003c/a\u003eTODO\n\n\n- 对工具进行更细致的分类\n- 为工具添加详细的中文描述,包括其内部实现原理和使用方式\n- 添加非Github repo\n- 补充文章\n- 修改已添加文章的描述\n\n\n# \u003ca id=\"08e59e476824a221f6e4a69c0bba7d63\"\u003e\u003c/a\u003eIDA\n\n\n***\n\n\n## \u003ca id=\"f11ab1ff46aa300cc3e86528b8a98ad7\"\u003e\u003c/a\u003e插件\u0026\u0026脚本\n\n\n- 以Github开源工具为主\n\n\n### \u003ca id=\"c39dbae63d6a3302c4df8073b4d1cdc8\"\u003e\u003c/a\u003e新添加的\n\n\n\n\n### \u003ca id=\"c39a6d8598dde6abfeef43faf931beb5\"\u003e\u003c/a\u003e未分类\n\n\n- [**1058**星][17d] [Py] [fireeye/flare-ida](https://github.com/fireeye/flare-ida) 多工具\n - [StackStrings](https://github.com/fireeye/flare-ida/blob/master/plugins/stackstrings_plugin.py) 自动恢复手动构造的字符串\n - [Struct Typer](https://github.com/fireeye/flare-ida/blob/master/plugins/struct_typer_plugin.py) implements the struct typing described [here](https://www.mandiant.com/blog/applying-function-types-structure-fields-ida/)\n - [ApplyCalleeType](https://github.com/fireeye/flare-ida/blob/master/python/flare/apply_callee_type.py) specify or choose a function type for indirect calls as described [here](https://www.fireeye.com/blog/threat-research/2015/04/flare_ida_pro_script.html)\n - [argtracker](https://github.com/fireeye/flare-ida/blob/master/python/flare/argtracker.py) 识别函数使用的静态参数\n - [idb2pat](https://github.com/fireeye/flare-ida/blob/master/python/flare/idb2pat.py) FLIRT签名生成\n - [objc2_analyzer](https://github.com/fireeye/flare-ida/blob/master/python/flare/objc2_analyzer.py) 在目标Mach-O可执行文件的与Objective-C运行时相关的部分中定义的选择器引用及其实现之间创建交叉引用\n - [MSDN Annotations](https://github.com/fireeye/flare-ida/tree/master/python/flare/IDB_MSDN_Annotator) 从XML文件中提取MSDN信息,添加到IDB数据库中\n - [ironstrings](https://github.com/fireeye/flare-ida/tree/master/python/flare/ironstrings) 使用代码模拟执行(flare-emu), 恢复构造的字符串\n - [Shellcode Hashes](https://github.com/fireeye/flare-ida/tree/master/shellcode_hashes) 生成Hash数据库\n- [**737**星][7m] [Py] [devttys0/ida](https://github.com/devttys0/ida) IDA插件/脚本/模块收集\n - [wpsearch](https://github.com/devttys0/ida/blob/master/scripts/wpsearch.py) 查找在MIPS WPS checksum实现中常见的立即数\n - [md5hash](https://github.com/devttys0/ida/tree/master/modules/md5hash) 纯Python版的MD5 hash实现(IDA的hashlib有问题)\n - [alleycat](https://github.com/devttys0/ida/tree/master/plugins/alleycat) 查找向指定的函数内代码块的路径、查找两个或多个函数之间的路径、生成交互式调用图、可编程\n - [codatify](https://github.com/devttys0/ida/tree/master/plugins/codatify) 定义IDA自动化分析时miss的ASCII字符串、函数、代码。将data段的所有未定义字节转换为DWORD(于是IDA可识别函数和跳转表指针)\n - [fluorescence](https://github.com/devttys0/ida/tree/master/plugins/fluorescence) 高亮函数调用指令\n - [leafblower](https://github.com/devttys0/ida/tree/master/plugins/leafblower) 识别常用的POSIX函数:printf, sprintf, memcmp, strcpy等\n - [localxrefs](https://github.com/devttys0/ida/tree/master/plugins/localxrefs) 在当前函数内部查找所有对任意选择文本的引用\n - [mipslocalvars](https://github.com/devttys0/ida/tree/master/plugins/mipslocalvars) 对栈上只用于存储寄存器的变量进行命名,简化栈数据分析(MISP)\n - [mipsrop](https://github.com/devttys0/ida/tree/master/plugins/mipsrop) 在MIPS可执行代码中搜寻ROP。查找常见的ROP\n - [rizzo](https://github.com/devttys0/ida/tree/master/plugins/rizzo) 对2个或多个IDB之间的函数进行识别和重命名,基于:函数签名、对唯一字符串/常量的引用、模糊签名、调用图\n- [**318**星][2m] [C] [ohjeongwook/darungrim](https://github.com/ohjeongwook/darungrim) 软件补丁分析工具\n - [IDA插件](https://github.com/ohjeongwook/darungrim/tree/master/Src/IDAPlugin) \n - [DGEngine](https://github.com/ohjeongwook/darungrim/tree/master/Src/DGEngine) \n- [**277**星][4m] [Py] [jpcertcc/aa-tools](https://github.com/jpcertcc/aa-tools) 多脚本\n - [apt17scan.py](https://github.com/jpcertcc/aa-tools/blob/master/apt17scan.py) Volatility插件, 检测APT17相关的恶意代码并提取配置\n - [emdivi_postdata_decoder](https://github.com/jpcertcc/aa-tools/blob/master/emdivi_postdata_decoder.py) 解码Emdivi post的数据\n - [emdivi_string_decryptor](https://github.com/jpcertcc/aa-tools/blob/master/emdivi_string_decryptor.py) IDAPython脚本, 解密Emdivi内的字符串\n - [citadel_decryptor](https://github.com/jpcertcc/aa-tools/tree/master/citadel_decryptor) Data decryption tool for Citadel\n - [adwind_string_decoder](https://github.com/jpcertcc/aa-tools/blob/master/adwind_string_decoder.py) Python script for decoding strings inside Adwind\n - [redleavesscan](https://github.com/jpcertcc/aa-tools/blob/master/redleavesscan.py) Volatility plugin for detecting RedLeaves and extracting its config\n - [datper_splunk](https://github.com/jpcertcc/aa-tools/blob/master/datper_splunk.py) Python script for detects Datper communication and adds result field to Splunk index\n - [datper_elk](https://github.com/jpcertcc/aa-tools/blob/master/datper_elk.py) Python script for detects Datper communication and adds result field to Elasticsearch index\n - [tscookie_decode](https://github.com/jpcertcc/aa-tools/blob/master/tscookie_decode.py) Python script for decrypting and parsing TSCookie configure data\n - [wellmess_cookie_decode](https://github.com/jpcertcc/aa-tools/blob/master/wellmess_cookie_decode.py) Python script for decoding WellMess's cookie data (support Python2)\n - [cobaltstrikescan](https://github.com/jpcertcc/aa-tools/blob/master/cobaltstrikescan.py) Volatility plugin for detecting Cobalt Strike Beacon and extracting its config\n - [tscookie_data_decode](https://github.com/jpcertcc/aa-tools/blob/master/tscookie_data_decode.py) Python script for decrypting and parsing TSCookie configure data\n\n\n### \u003ca id=\"fb4f0c061a72fc38656691746e7c45ce\"\u003e\u003c/a\u003e结构体\u0026\u0026类的检测\u0026\u0026创建\u0026\u0026恢复\n\n\n#### \u003ca id=\"fa5ede9a4f58d4efd98585d3158be4fb\"\u003e\u003c/a\u003e未分类\n\n\n- [**931**星][25d] [OCaml] [airbus-seclab/bincat](https://github.com/airbus-seclab/bincat) 二进制代码静态分析工具。值分析(寄存器、内存)、污点分析、类型重建和传播(propagation)、前向/后向分析\n - 重复区段: [IDA-\u003e插件-\u003e污点分析](#34ac84853604a7741c61670f2a075d20) |\n- [**664**星][27d] [Py] [igogo-x86/hexrayspytools](https://github.com/igogo-x86/hexrayspytools) 结构体和类重建插件\n\n\n#### \u003ca id=\"4900b1626f10791748b20630af6d6123\"\u003e\u003c/a\u003eC++类\u0026\u0026虚表\n\n\n- [**607**星][3m] [Py] [0xgalz/virtuailor](https://github.com/0xgalz/virtuailor) 利用IDA调试获取的信息,自动创建C++的虚表\n - 重复区段: [IDA-\u003e插件-\u003e调试-\u003e调试数据](#b31acf6c84a9506066d497af4e702bf5) |\n \u003cdetails\u003e\n \u003csummary\u003e查看详情\u003c/summary\u003e\n\n\n ## 静态部分: \n - 检测非直接调用\n - 利用条件断点, Hook非直接调用的值赋值过程\n \n ## 动态 部分\n - 创建虚表结构\n - 重命名函数和虚表地址\n - 给反汇编非直接调用添加结构偏移\n - 给非直接调用到虚表之间添加交叉引用\n \n ## 使用\n - File -\u003e Script File -\u003e Main.py(设置断点) -\u003e IDA调试器执行\n \u003c/details\u003e\n\n\n\n\n\n\n### \u003ca id=\"a7dac37cd93b8bb42c7d6aedccb751b3\"\u003e\u003c/a\u003e收集\n\n\n- [**1771**星][10d] [onethawt/idaplugins-list](https://github.com/onethawt/idaplugins-list) IDA插件收集\n- [**363**星][9m] [fr0gger/awesome-ida-x64-olly-plugin](https://github.com/fr0gger/awesome-ida-x64-olly-plugin) IDA x64DBG OllyDBG 插件收集\n - 重复区段: [x64dbg-\u003e插件-\u003e新添加的](#da5688c7823802e734c39b539aa39df7) |\n\n\n### \u003ca id=\"fabf03b862a776bbd8bcc4574943a65a\"\u003e\u003c/a\u003e外观\u0026\u0026主题\n\n\n- [**723**星][7m] [Py] [zyantific/idaskins](https://github.com/zyantific/idaskins) 皮肤插件\n\n\n### \u003ca id=\"a8f5db3ab4bc7bc3d6ca772b3b9b0b1e\"\u003e\u003c/a\u003e固件\u0026\u0026嵌入式设备\n\n\n- [**5228**星][2m] [Py] [refirmlabs/binwalk](https://github.com/ReFirmLabs/binwalk) 固件分析工具(命令行+IDA插件)\n - [IDA插件](https://github.com/ReFirmLabs/binwalk/tree/master/src/scripts) \n - [binwalk](https://github.com/ReFirmLabs/binwalk/tree/master/src/binwalk) \n- [**492**星][5m] [Py] [maddiestone/idapythonembeddedtoolkit](https://github.com/maddiestone/idapythonembeddedtoolkit) 自动分析嵌入式设备的固件\n\n\n### \u003ca id=\"02088f4884be6c9effb0f1e9a3795e58\"\u003e\u003c/a\u003e签名(FLIRT等)\u0026\u0026比较(Diff)\u0026\u0026匹配\n\n\n#### \u003ca id=\"cf04b98ea9da0056c055e2050da980c1\"\u003e\u003c/a\u003e未分类\n\n\n- [**421**星][1m] [C] [mcgill-dmas/kam1n0-community](https://github.com/McGill-DMaS/Kam1n0-Community) 汇编代码管理与分析平台(独立工具+IDA插件)\n - 重复区段: [IDA-\u003e插件-\u003e作为辅助](#83de90385d03ac8ef27360bfcdc1ab48) |\n - [IDA插件](https://github.com/McGill-DMaS/Kam1n0-Community/tree/master2.x/kam1n0-clients/ida-plugin) \n - [kam1n0](https://github.com/McGill-DMaS/Kam1n0-Community/tree/master2.x/kam1n0) \n\n\n#### \u003ca id=\"19360afa4287236abe47166154bc1ece\"\u003e\u003c/a\u003eFLIRT签名\n\n\n##### \u003ca id=\"1c9d8dfef3c651480661f98418c49197\"\u003e\u003c/a\u003eFLIRT签名收集\n\n\n- [**605**星][2m] [Max] [maktm/flirtdb](https://github.com/Maktm/FLIRTDB) A community driven collection of IDA FLIRT signature files\n- [**321**星][5m] [push0ebp/sig-database](https://github.com/push0ebp/sig-database) IDA FLIRT Signature Database\n\n\n##### \u003ca id=\"a9a63d23d32c6c789ca4d2e146c9b6d0\"\u003e\u003c/a\u003eFLIRT签名生成\n\n\n\n\n\n\n#### \u003ca id=\"161e5a3437461dc8959cc923e6a18ef7\"\u003e\u003c/a\u003eDiff\u0026\u0026Match工具\n\n\n- [**1554**星][13d] [Py] [joxeankoret/diaphora](https://github.com/joxeankoret/diaphora) program diffing\n- [**360**星][1m] [Py] [checkpointsw/karta](https://github.com/checkpointsw/karta) source code assisted fast binary matching plugin for IDA\n- [**332**星][1y] [Py] [joxeankoret/pigaios](https://github.com/joxeankoret/pigaios) A tool for matching and diffing source codes directly against binaries.\n\n\n#### \u003ca id=\"46c9dfc585ae59fe5e6f7ddf542fb31a\"\u003e\u003c/a\u003eYara\n\n\n- [**449**星][2m] [Py] [polymorf/findcrypt-yara](https://github.com/polymorf/findcrypt-yara) 使用Yara规则查找加密常量\n - 重复区段: [IDA-\u003e插件-\u003e加密解密](#06d2caabef97cf663bd29af2b1fe270c) |\n\n\n\n\n### \u003ca id=\"5e91b280aab7f242cbc37d64ddbff82f\"\u003e\u003c/a\u003eIDB操作\n\n\n- [**316**星][6m] [Py] [williballenthin/python-idb](https://github.com/williballenthin/python-idb) idb 文件解析和分析工具\n\n\n### \u003ca id=\"206ca17fc949b8e0ae62731d9bb244cb\"\u003e\u003c/a\u003e协作逆向\u0026\u0026多人操作相同IDB文件\n\n\n- [**508**星][11m] [Py] [idarlingteam/idarling](https://github.com/IDArlingTeam/IDArling) 多人协作插件\n- [**258**星][1y] [C++] [dga-mi-ssi/yaco](https://github.com/dga-mi-ssi/yaco) 利用Git版本控制,同步多人对相同二进制文件的修改\n\n\n### \u003ca id=\"f7d311685152ac005cfce5753c006e4b\"\u003e\u003c/a\u003e与调试器同步\u0026\u0026通信\u0026\u0026交互\n\n\n- [**471**星][13d] [C] [bootleg/ret-sync](https://github.com/bootleg/ret-sync) 在反汇编工具和调试器之间同步调试会话\n - 重复区段: [x64dbg-\u003e插件-\u003e新添加的](#da5688c7823802e734c39b539aa39df7) |\n - [GDB插件](https://github.com/bootleg/ret-sync/tree/master/ext_gdb) \n - [Ghidra插件](https://github.com/bootleg/ret-sync/tree/master/ext_ghidra) \n - [IDA插件](https://github.com/bootleg/ret-sync/tree/master/ext_ida) \n - [LLDB](https://github.com/bootleg/ret-sync/tree/master/ext_lldb) \n - [OD](https://github.com/bootleg/ret-sync/tree/master/ext_olly1) \n - [OD2](https://github.com/bootleg/ret-sync/tree/master/ext_olly2) \n - [WinDgb](https://github.com/bootleg/ret-sync/tree/master/ext_windbg/sync) \n - [x64dbg](https://github.com/bootleg/ret-sync/tree/master/ext_x64dbg) \n- [**292**星][11m] [C] [a1ext/labeless](https://github.com/a1ext/labeless) 在IDA和调试器之间无缝同步Label/注释等\n - [IDA插件](https://github.com/a1ext/labeless/tree/master/labeless_ida) \n - [OD](https://github.com/a1ext/labeless/tree/master/labeless_olly) \n - [OD2](https://github.com/a1ext/labeless/tree/master/labeless_olly2) \n - [x64dbg](https://github.com/a1ext/labeless/tree/master/labeless_x64dbg) \n\n\n### \u003ca id=\"6fb7e41786c49cc3811305c520dfe9a1\"\u003e\u003c/a\u003e导入导出\u0026与其他工具交互\n\n\n#### \u003ca id=\"8ad723b704b044e664970b11ce103c09\"\u003e\u003c/a\u003e未分类\n\n\n\n\n#### \u003ca id=\"c7066b0c388cd447e980bf0eb38f39ab\"\u003e\u003c/a\u003eGhidra\n\n\n- [**299**星][4m] [Py] [cisco-talos/ghida](https://github.com/cisco-talos/ghida) 在IDA中集成Ghidra反编译器\n - 重复区段: [Ghidra-\u003e插件-\u003e与其他工具交互-\u003eIDA](#d832a81018c188bf585fcefa3ae23062) |\n- [**238**星][9m] [Py] [daenerys-sre/source](https://github.com/daenerys-sre/source) 使IDA和Ghidra脚本通用, 无需修改\n - 重复区段: [Ghidra-\u003e插件-\u003e与其他工具交互-\u003eIDA](#d832a81018c188bf585fcefa3ae23062) |\n\n\n#### \u003ca id=\"11139e7d6db4c1cef22718868f29fe12\"\u003e\u003c/a\u003eBinNavi\n\n\n- [**382**星][26d] [C++] [google/binexport](https://github.com/google/binexport) 将反汇编以Protocol Buffer的形式导出为PostgreSQL数据库, 导入到BinNavi中使用\n - 重复区段: [其他-\u003eBinNavi-\u003e工具](#2e4980c95871eae4ec0e76c42cc5c32f) |\n\n\n#### \u003ca id=\"d1ff64bee76f6749aef6100d72bfbe3a\"\u003e\u003c/a\u003eBinaryNinja\n\n\n\n\n#### \u003ca id=\"21ed198ae5a974877d7a635a4b039ae3\"\u003e\u003c/a\u003eRadare2\n\n\n\n\n#### \u003ca id=\"a1cf7f7f849b4ca2101bd31449c2a0fd\"\u003e\u003c/a\u003eFrida\n\n\n\n\n#### \u003ca id=\"dd0332da5a1482df414658250e6357f8\"\u003e\u003c/a\u003eIntelPin\n\n\n\n\n\n\n### \u003ca id=\"004c199e1dbf71769fbafcd8e58d1ead\"\u003e\u003c/a\u003e针对特定分析目标\n\n\n#### \u003ca id=\"5578c56ca09a5804433524047840980e\"\u003e\u003c/a\u003e未分类\n\n\n\n\n#### \u003ca id=\"cb59d84840e41330a7b5e275c0b81725\"\u003e\u003c/a\u003eLoader\u0026Processor\n\n\n- [**205**星][1y] [Py] [fireeye/idawasm](https://github.com/fireeye/idawasm) WebAssembly的加载器和解析器\n\n\n#### \u003ca id=\"1b17ac638aaa09852966306760fda46b\"\u003e\u003c/a\u003eGoLang\n\n\n- [**376**星][9m] [Py] [sibears/idagolanghelper](https://github.com/sibears/idagolanghelper) 解析Go语言编译的二进制文件中的GoLang类型信息\n- [**297**星][2m] [Py] [strazzere/golang_loader_assist](https://github.com/strazzere/golang_loader_assist) 辅助Go逆向\n\n\n#### \u003ca id=\"4c158ccc5aee04383755851844fdd137\"\u003e\u003c/a\u003eWindows驱动\n\n\n- [**306**星][1y] [Py] [fsecurelabs/win_driver_plugin](https://github.com/FSecureLABS/win_driver_plugin) A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.\n- [**218**星][1y] [Py] [nccgroup/driverbuddy](https://github.com/nccgroup/driverbuddy) 辅助逆向Windows内核驱动\n\n\n#### \u003ca id=\"315b1b8b41c67ae91b841fce1d4190b5\"\u003e\u003c/a\u003ePS3\u0026\u0026PS4\n\n\n\n\n#### \u003ca id=\"f5e51763bb09d8fd47ee575a98bedca1\"\u003e\u003c/a\u003ePDB\n\n\n\n\n#### \u003ca id=\"7d0681efba2cf3adaba2780330cd923a\"\u003e\u003c/a\u003eFlash\u0026\u0026SWF\n\n\n\n\n#### \u003ca id=\"841d605300beba45c3be131988514a03\"\u003e\u003c/a\u003e特定样本家族\n\n\n\n\n#### \u003ca id=\"ad44205b2d943cfa2fa805b2643f4595\"\u003e\u003c/a\u003eCTF\n\n\n\n\n\n\n### \u003ca id=\"ad68872e14f70db53e8d9519213ec039\"\u003e\u003c/a\u003eIDAPython本身\n\n\n#### \u003ca id=\"2299bc16945c25652e5ad4d48eae8eca\"\u003e\u003c/a\u003e未分类\n\n\n- [**720**星][15d] [Py] [idapython/src](https://github.com/idapython/src) IDAPython源码\n- [**373**星][3m] [Py] [tmr232/sark](https://github.com/tmr232/sark) IDAPython的高级抽象\n\n\n#### \u003ca id=\"c42137cf98d6042372b1fd43c3635135\"\u003e\u003c/a\u003e清单\n\n\n- [**258**星][28d] [Py] [inforion/idapython-cheatsheet](https://github.com/inforion/idapython-cheatsheet) Scripts and cheatsheets for IDAPython\n\n\n\n\n### \u003ca id=\"846eebe73bef533041d74fc711cafb43\"\u003e\u003c/a\u003e指令参考\u0026文档\n\n\n- [**497**星][1y] [PLpgSQL] [nologic/idaref](https://github.com/nologic/idaref) 指令参考插件.\n- [**449**星][4m] [C++] [alexhude/friend](https://github.com/alexhude/friend) 反汇编显示增强, 文档增强插件\n - 重复区段: [IDA-\u003e插件-\u003e效率-\u003e其他](#c5b120e1779b928d860ad64ff8d23264) |\n\n\n### \u003ca id=\"c08ebe5b7eec9fc96f8eff36d1d5cc7d\"\u003e\u003c/a\u003e辅助脚本编写\n\n\n#### \u003ca id=\"45fd7cfce682c7c25b4f3fbc4c461ba2\"\u003e\u003c/a\u003e未分类\n\n\n- [**282**星][2m] [Py] [fireeye/flare-emu](https://github.com/fireeye/flare-emu) 结合Unicorn引擎, 简化模拟脚本的编写\n - 重复区段: [IDA-\u003e插件-\u003e模拟器集成](#b38dab81610be087bd5bc7785269b8cc) |\n\n\n#### \u003ca id=\"1a56a5b726aaa55ec5b7a5087d6c8968\"\u003e\u003c/a\u003eQt\n\n\n\n\n#### \u003ca id=\"1721c09501e4defed9eaa78b8d708361\"\u003e\u003c/a\u003e控制台\u0026\u0026窗口界面\n\n\n- [**269**星][1m] [Py] [eset/ipyida](https://github.com/eset/ipyida) 集成IPython控制台\n\n\n#### \u003ca id=\"227fbff77e3a13569ef7b007344d5d2e\"\u003e\u003c/a\u003e插件模板\n\n\n\n\n#### \u003ca id=\"8b19bb8cf9a5bc9e6ab045f3b4fabf6a\"\u003e\u003c/a\u003e其他语言\n\n\n\n\n\n\n### \u003ca id=\"dc35a2b02780cdaa8effcae2b6ce623e\"\u003e\u003c/a\u003e古老的\n\n\n\n\n### \u003ca id=\"e3e7030efc3b4de3b5b8750b7d93e6dd\"\u003e\u003c/a\u003e调试\u0026\u0026动态运行\u0026动态数据\n\n\n#### \u003ca id=\"2944dda5289f494e5e636089db0d6a6a\"\u003e\u003c/a\u003e未分类\n\n\n- [**395**星][1y] [C++] [cseagle/sk3wldbg](https://github.com/cseagle/sk3wldbg) 用Unicorn引擎做后端的调试插件\n - 重复区段: [IDA-\u003e插件-\u003e模拟器集成](#b38dab81610be087bd5bc7785269b8cc) |\n\n\n#### \u003ca id=\"0fbd352f703b507853c610a664f024d1\"\u003e\u003c/a\u003eDBI数据\n\n\n- [**943**星][1y] [Py] [gaasedelen/lighthouse](https://github.com/gaasedelen/lighthouse) 从DBI中收集代码覆盖情况,在IDA/Binja中映射、浏览、查看\n - 重复区段: [DBI-\u003eIntelPin-\u003e工具-\u003e与其他工具交互-\u003e未分类](#e129288dfadc2ab0890667109f93a76d) |[DBI-\u003eFrida-\u003e工具-\u003e与其他工具交互-\u003eIDA](#d628ec92c9eea0c4b016831e1f6852b3) |[DBI-\u003eFrida-\u003e工具-\u003e与其他工具交互-\u003eBinaryNinja](#f9008a00e2bbc7535c88602aa79c8fd8) |\n - [coverage-frida](https://github.com/gaasedelen/lighthouse/blob/master/coverage/frida/README.md) 使用Frida收集信息\n - [coverage-pin](https://github.com/gaasedelen/lighthouse/blob/master/coverage/pin/README.md) 使用Pin收集覆盖信息\n - [插件](https://github.com/gaasedelen/lighthouse/blob/master/plugin/lighthouse_plugin.py) 支持IDA和BinNinja\n\n\n#### \u003ca id=\"b31acf6c84a9506066d497af4e702bf5\"\u003e\u003c/a\u003e调试数据\n\n\n- [**607**星][3m] [Py] [0xgalz/virtuailor](https://github.com/0xgalz/virtuailor) 利用IDA调试获取的信息,自动创建C++的虚表\n - 重复区段: [IDA-\u003e插件-\u003e结构体-\u003eC++类](#4900b1626f10791748b20630af6d6123) |\n \u003cdetails\u003e\n \u003csummary\u003e查看详情\u003c/summary\u003e\n\n\n ## 静态部分: \n - 检测非直接调用\n - 利用条件断点, Hook非直接调用的值赋值过程\n \n ## 动态 部分\n - 创建虚表结构\n - 重命名函数和虚表地址\n - 给反汇编非直接调用添加结构偏移\n - 给非直接调用到虚表之间添加交叉引用\n \n ## 使用\n - File -\u003e Script File -\u003e Main.py(设置断点) -\u003e IDA调试器执行\n \u003c/details\u003e\n\n\n- [**386**星][5m] [Py] [ynvb/die](https://github.com/ynvb/die) 使用IDA调试器收集动态运行信息, 辅助静态分析\n\n\n\n\n### \u003ca id=\"d2166f4dac4eab7fadfe0fd06467fbc9\"\u003e\u003c/a\u003e反编译器\u0026\u0026AST\n\n\n- [**1672**星][7m] [C++] [yegord/snowman](https://github.com/yegord/snowman) Snowman反编译器,支持x86, AMD64, ARM。有独立的GUI工具、命令行工具、IDA/Radare2/x64dbg插件,也可以作为库使用\n - 重复区段: [x64dbg-\u003e插件-\u003e新添加的](#da5688c7823802e734c39b539aa39df7) |\n - [IDA插件](https://github.com/yegord/snowman/tree/master/src/ida-plugin) \n - [snowman](https://github.com/yegord/snowman/tree/master/src/snowman) QT界面\n - [nocode](https://github.com/yegord/snowman/tree/master/src/nocode) 命令行工具\n - [nc](https://github.com/yegord/snowman/tree/master/src/nc) 核心代码,可作为库使用\n- [**418**星][3m] [C++] [avast/retdec-idaplugin](https://github.com/avast/retdec-idaplugin) retdec 的 IDA 插件\n- [**235**星][7m] [Py] [patois/dsync](https://github.com/patois/dsync) 反汇编和反编译窗口同步插件\n - 重复区段: [IDA-\u003e插件-\u003e效率-\u003e其他](#c5b120e1779b928d860ad64ff8d23264) |\n\n\n### \u003ca id=\"7199e8787c0de5b428f50263f965fda7\"\u003e\u003c/a\u003e反混淆\n\n\n- [**1365**星][3m] [Py] [fireeye/flare-floss](https://github.com/fireeye/flare-floss) 自动从恶意代码中提取反混淆后的字符串\n - 重复区段: [IDA-\u003e插件-\u003e字符串](#9dcc6c7dd980bec1f92d0cc9a2209a24) |\n - [floss](https://github.com/fireeye/flare-floss/tree/master/floss) \n - [IDA插件](https://github.com/fireeye/flare-floss/blob/master/scripts/idaplugin.py) \n- [**304**星][4m] [C++] [rolfrolles/hexraysdeob](https://github.com/rolfrolles/hexraysdeob) 利用Hex-Rays microcode API破解编译器级别的混淆\n - 重复区段: [IDA-\u003e插件-\u003eMicrocode](#7a2977533ccdac70ee6e58a7853b756b) |\n\n\n### \u003ca id=\"fcf75a0881617d1f684bc8b359c684d7\"\u003e\u003c/a\u003e效率\u0026\u0026导航\u0026\u0026快速访问\u0026\u0026图形\u0026\u0026图像\u0026\u0026可视化 \n\n\n#### \u003ca id=\"c5b120e1779b928d860ad64ff8d23264\"\u003e\u003c/a\u003e其他\n\n\n- [**449**星][4m] [C++] [alexhude/friend](https://github.com/alexhude/friend) 反汇编显示增强, 文档增强插件\n - 重复区段: [IDA-\u003e插件-\u003e指令参考](#846eebe73bef533041d74fc711cafb43) |\n- [**372**星][3m] [Py] [l4ys/lazyida](https://github.com/l4ys/lazyida) 若干快速访问功能, 扫描字符串格式化漏洞\n - 重复区段: [IDA-\u003e插件-\u003e字符串](#9dcc6c7dd980bec1f92d0cc9a2209a24) |[IDA-\u003e插件-\u003e漏洞-\u003e未分类](#385d6777d0747e79cccab0a19fa90e7e) |\n \u003cdetails\u003e\n \u003csummary\u003e查看详情\u003c/summary\u003e\n\n\n ### 功能\n - 快速移除函数返回类型\n - 数据格式(format)快速转换\n - 扫描字符串格式化漏洞\n - 双击跳转vtable函数\n - 快捷键: w/c/v\n \u003c/details\u003e\n\n\n- [**329**星][4m] [Py] [pfalcon/scratchabit](https://github.com/pfalcon/scratchabit) 交互式反汇编工具, 有与IDAPython兼容的插件API\n- [**235**星][7m] [Py] [patois/dsync](https://github.com/patois/dsync) 反汇编和反编译窗口同步插件\n - 重复区段: [IDA-\u003e插件-\u003e反编译器](#d2166f4dac4eab7fadfe0fd06467fbc9) |\n\n\n#### \u003ca id=\"03fac5b3abdbd56974894a261ce4e25f\"\u003e\u003c/a\u003e显示增强\n\n\n- [**208**星][1m] [Py] [patois/idacyber](https://github.com/patois/idacyber) 交互式数据可视化插件\n\n\n#### \u003ca id=\"3b1dba00630ce81cba525eea8fcdae08\"\u003e\u003c/a\u003e图形\u0026\u0026图像\n\n\n- [**2569**星][6m] [Java] [google/binnavi](https://github.com/google/binnavi) 二进制分析IDE, 对反汇编代码的控制流程图和调用图进行探查/导航/编辑/注释.(IDA插件的作用是导出反汇编)\n\n\n#### \u003ca id=\"8f9468e9ab26128567f4be87ead108d7\"\u003e\u003c/a\u003e搜索\n\n\n\n\n\n\n### \u003ca id=\"66052f824f5054aa0f70785a2389a478\"\u003e\u003c/a\u003eAndroid\n\n\n- [**246**星][28d] [C++] [strazzere/android-scripts](https://github.com/strazzere/android-scripts) Android逆向脚本收集\n - 重复区段: [Android-\u003e工具-\u003eReverseEngineering](#6d2b758b3269bac7d69a2d2c8b45194c) |\n\n\n### \u003ca id=\"2adc0044b2703fb010b3bf73b1f1ea4a\"\u003e\u003c/a\u003eApple\u0026\u0026macOS\u0026\u0026iXxx\u0026\u0026Objective-C\u0026\u0026SWift\u0026\u0026Mach-O\n\n\n#### \u003ca id=\"8530752bacfb388f3726555dc121cb1a\"\u003e\u003c/a\u003e未分类\n\n\n\n\n#### \u003ca id=\"82d0fa2d6934ce29794a651513934384\"\u003e\u003c/a\u003e内核缓存\n\n\n\n\n#### \u003ca id=\"d249a8d09a3f25d75bb7ba8b32bd9ec5\"\u003e\u003c/a\u003eMach-O\n\n\n\n\n#### \u003ca id=\"1c698e298f6112a86c12881fbd8173c7\"\u003e\u003c/a\u003eSwift\n\n\n\n\n\n\n### \u003ca id=\"e5e403123c70ddae7bd904d3a3005dbb\"\u003e\u003c/a\u003eELF\n\n\n\n\n### \u003ca id=\"7a2977533ccdac70ee6e58a7853b756b\"\u003e\u003c/a\u003eMicrocode\n\n\n- [**304**星][4m] [C++] [rolfrolles/hexraysdeob](https://github.com/rolfrolles/hexraysdeob) 利用Hex-Rays microcode API破解编译器级别的混淆\n - 重复区段: [IDA-\u003e插件-\u003e反混淆](#7199e8787c0de5b428f50263f965fda7) |\n\n\n### \u003ca id=\"b38dab81610be087bd5bc7785269b8cc\"\u003e\u003c/a\u003e模拟器集成\n\n\n- [**504**星][20d] [Py] [alexhude/uemu](https://github.com/alexhude/uemu) 基于Unicorn的模拟器插件\n- [**395**星][1y] [C++] [cseagle/sk3wldbg](https://github.com/cseagle/sk3wldbg) 用Unicorn引擎做后端的调试插件\n - 重复区段: [IDA-\u003e插件-\u003e调试-\u003e未分类](#2944dda5289f494e5e636089db0d6a6a) |\n- [**282**星][2m] [Py] [fireeye/flare-emu](https://github.com/fireeye/flare-emu) 结合Unicorn引擎, 简化模拟脚本的编写\n - 重复区段: [IDA-\u003e插件-\u003e辅助脚本编写-\u003e未分类](#45fd7cfce682c7c25b4f3fbc4c461ba2) |\n\n\n### \u003ca id=\"83de90385d03ac8ef27360bfcdc1ab48\"\u003e\u003c/a\u003e作为辅助\u0026\u0026构成其他的一环\n\n\n- [**1542**星][28d] [Py] [lifting-bits/mcsema](https://github.com/lifting-bits/mcsema) 将x86, amd64, aarch64二进制文件转换成LLVM字节码\n - [IDA7插件](https://github.com/lifting-bits/mcsema/tree/master/tools/mcsema_disass/ida7) 用于反汇编二进制文件并生成控制流程图\n - [IDA插件](https://github.com/lifting-bits/mcsema/tree/master/tools/mcsema_disass/ida) 用于反汇编二进制文件并生成控制流程图\n - [Binja插件](https://github.com/lifting-bits/mcsema/tree/master/tools/mcsema_disass/binja) 用于反汇编二进制文件并生成控制流程图\n - [mcsema](https://github.com/lifting-bits/mcsema/tree/master/mcsema) \n- [**421**星][1m] [C] [mcgill-dmas/kam1n0-community](https://github.com/McGill-DMaS/Kam1n0-Community) 汇编代码管理与分析平台(独立工具+IDA插件)\n - 重复区段: [IDA-\u003e插件-\u003e签名(FLIRT等)-\u003e未分类](#cf04b98ea9da0056c055e2050da980c1) |\n - [IDA插件](https://github.com/McGill-DMaS/Kam1n0-Community/tree/master2.x/kam1n0-clients/ida-plugin) \n - [kam1n0](https://github.com/McGill-DMaS/Kam1n0-Community/tree/master2.x/kam1n0) \n\n\n### \u003ca id=\"1ded622dca60b67288a591351de16f8b\"\u003e\u003c/a\u003e漏洞\n\n\n#### \u003ca id=\"385d6777d0747e79cccab0a19fa90e7e\"\u003e\u003c/a\u003e未分类\n\n\n- [**492**星][7m] [Py] [danigargu/heap-viewer](https://github.com/danigargu/heap-viewer) 查看glibc堆, 主要用于漏洞开发\n- [**372**星][3m] [Py] [l4ys/lazyida](https://github.com/l4ys/lazyida) 若干快速访问功能, 扫描字符串格式化漏洞\n - 重复区段: [IDA-\u003e插件-\u003e字符串](#9dcc6c7dd980bec1f92d0cc9a2209a24) |[IDA-\u003e插件-\u003e效率-\u003e其他](#c5b120e1779b928d860ad64ff8d23264) |\n \u003cdetails\u003e\n \u003csummary\u003e查看详情\u003c/summary\u003e\n\n\n ### 功能\n - 快速移除函数返回类型\n - 数据格式(format)快速转换\n - 扫描字符串格式化漏洞\n - 双击跳转vtable函数\n - 快捷键: w/c/v\n \u003c/details\u003e\n\n\n\n\n#### \u003ca id=\"cf2efa7e3edb24975b92d2e26ca825d2\"\u003e\u003c/a\u003eROP\n\n\n\n\n\n\n### \u003ca id=\"7d557bc3d677d206ef6c5a35ca8b3a14\"\u003e\u003c/a\u003e补丁\u0026\u0026Patch\n\n\n- [**727**星][1y] [Py] [keystone-engine/keypatch](https://github.com/keystone-engine/keypatch) 汇编/补丁插件, 支持多架构, 基于Keystone引擎\n\n\n### \u003ca id=\"7dfd8abad50c14cd6bdc8d8b79b6f595\"\u003e\u003c/a\u003e其他\n\n\n\n\n### \u003ca id=\"90bf5d31a3897400ac07e15545d4be02\"\u003e\u003c/a\u003e函数相关\n\n\n#### \u003ca id=\"347a2158bdd92b00cd3d4ba9a0be00ae\"\u003e\u003c/a\u003e未分类\n\n\n\n\n#### \u003ca id=\"73813456eeb8212fd45e0ea347bec349\"\u003e\u003c/a\u003e重命名\u0026\u0026前缀\u0026\u0026标记\n\n\n- [**291**星][3m] [Py] [a1ext/auto_re](https://github.com/a1ext/auto_re) 自动化函数重命名\n\n\n#### \u003ca id=\"e4616c414c24b58626f834e1be079ebc\"\u003e\u003c/a\u003e导航\u0026\u0026查看\u0026\u0026查找\n\n\n\n\n#### \u003ca id=\"cadae88b91a57345d266c68383eb05c5\"\u003e\u003c/a\u003edemangle\n\n\n\n\n\n\n### \u003ca id=\"34ac84853604a7741c61670f2a075d20\"\u003e\u003c/a\u003e污点分析\u0026\u0026符号执行\n\n\n- [**931**星][25d] [OCaml] [airbus-seclab/bincat](https://github.com/airbus-seclab/bincat) 二进制代码静态分析工具。值分析(寄存器、内存)、污点分析、类型重建和传播(propagation)、前向/后向分析\n - 重复区段: [IDA-\u003e插件-\u003e结构体-\u003e未分类](#fa5ede9a4f58d4efd98585d3158be4fb) |\n\n\n### \u003ca id=\"9dcc6c7dd980bec1f92d0cc9a2209a24\"\u003e\u003c/a\u003e字符串\n\n\n- [**1365**星][3m] [Py] [fireeye/flare-floss](https://github.com/fireeye/flare-floss) 自动从恶意代码中提取反混淆后的字符串\n - 重复区段: [IDA-\u003e插件-\u003e反混淆](#7199e8787c0de5b428f50263f965fda7) |\n - [floss](https://github.com/fireeye/flare-floss/tree/master/floss) \n - [IDA插件](https://github.com/fireeye/flare-floss/blob/master/scripts/idaplugin.py) \n- [**372**星][3m] [Py] [l4ys/lazyida](https://github.com/l4ys/lazyida) 若干快速访问功能, 扫描字符串格式化漏洞\n - 重复区段: [IDA-\u003e插件-\u003e效率-\u003e其他](#c5b120e1779b928d860ad64ff8d23264) |[IDA-\u003e插件-\u003e漏洞-\u003e未分类](#385d6777d0747e79cccab0a19fa90e7e) |\n \u003cdetails\u003e\n \u003csummary\u003e查看详情\u003c/summary\u003e\n\n\n ### 功能\n - 快速移除函数返回类型\n - 数据格式(format)快速转换\n - 扫描字符串格式化漏洞\n - 双击跳转vtable函数\n - 快捷键: w/c/v\n \u003c/details\u003e\n\n\n\n\n### \u003ca id=\"06d2caabef97cf663bd29af2b1fe270c\"\u003e\u003c/a\u003e加密解密\n\n\n- [**449**星][2m] [Py] [polymorf/findcrypt-yara](https://github.com/polymorf/findcrypt-yara) 使用Yara规则查找加密常量\n - 重复区段: [IDA-\u003e插件-\u003e签名(FLIRT等)-\u003eYara](#46c9dfc585ae59fe5e6f7ddf542fb31a) |\n\n\n\n\n***\n\n\n## \u003ca id=\"18c6a45392d6b383ea24b363d2f3e76b\"\u003e\u003c/a\u003e文章\n\n\n### \u003ca id=\"37634a992983db427ce41b37dd9a98c2\"\u003e\u003c/a\u003e新添加的\n\n\n- 2019.12 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P27)](https://medium.com/p/5fa5c173547c)\n- 2019.12 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P26)](https://medium.com/p/f3fc8d187258)\n- 2019.12 [knownsec] [使用 IDA 处理 U-Boot 二进制流文件](https://blog.knownsec.com/2019/12/%e4%bd%bf%e7%94%a8-ida-%e5%a4%84%e7%90%86-u-boot-%e4%ba%8c%e8%bf%9b%e5%88%b6%e6%b5%81%e6%96%87%e4%bb%b6/)\n- 2019.12 [venus] [使用 IDA 处理 U-Boot 二进制流文件](https://paper.seebug.org/1090/)\n- 2019.11 [hexblog] [Extending IDA processor modules for GDB debugging](http://www.hexblog.com/?p=1371)\n- 2019.11 [0x48] [使用IDA处理U-Boot二进制流文件](https://nobb.site/2019/11/29/0x57/)\n- 2019.11 [aliyun] [使用IDA microcode去除ollvm混淆(上)](https://xz.aliyun.com/t/6749)\n- 2019.10 [cisco] [New IDA Pro plugin provides TileGX support](https://blogs.cisco.com/security/talos/new-ida-pro-plugin-provides-tilegx-support)\n- 2019.09 [cisco] [GhIDA: Ghidra decompiler for IDA Pro](https://blogs.cisco.com/security/talos/ghida-ghidra-decompiler-for-ida-pro)\n- 2019.09 [cn0xroot] [Fix IDA Crash bug on osx 10.14](https://cn0xroot.com/2019/09/02/fix-ida-crash-bug-on-osx-10-14/)\n- 2019.08 [hexblog] [IDA 7.4: IDAPython and Python 3](http://www.hexblog.com/?p=1355)\n- 2019.08 [hexblog] [IDA 7.4: Turning off IDA 6.x compatibility in IDAPython by default](http://www.hexblog.com/?p=1352)\n- 2019.06 [hitbsecconf] [#HITB2019AMS D1T2 - fn_fuzzy: Fast Multiple Binary Diffing Triage With IDA - Takahiro Haruyama](https://www.youtube.com/watch?v=kkvNebE9amY)\n- 2019.05 [aliyun] [欺骗IDA F5参数识别](https://xz.aliyun.com/t/5186)\n- 2019.05 [aliyun] [混淆IDA F5的一个小技巧-x64](https://xz.aliyun.com/t/4994)\n- 2018.11 [4hou] [使用IDAPython自动映射二进制文件替换默认函数名](http://www.4hou.com/technology/14149.html)\n- 2018.10 [WarrantyVoider] [Ida Pro Tutorial - Compare Reverse Engineering](https://www.youtube.com/watch?v=7-OytQJRwtE)\n- 2018.06 [freebuf] [MindshaRE:如何利用IDA Python浏览WINDOWS内核](http://www.freebuf.com/articles/system/173269.html)\n- 2018.05 [WarrantyVoider] [Tutorial - Debugging In Source Code With IDA Pro](https://www.youtube.com/watch?v=Jgb3KTVg-rY)\n- 2018.03 [BinaryAdventure] [x86 In-Depth 4: Labeling Structs Properly in IDA Pro](https://www.youtube.com/watch?v=X3xCwNt2ZVY)\n\n\n### \u003ca id=\"4187e477ebc45d1721f045da62dbf4e8\"\u003e\u003c/a\u003e未分类\n\n\n- 2018.05 [tradahacking] [使用IDA和辅助工具比较二进制文件](https://medium.com/p/651e62117695)\n- 2018.04 [pediy] [[翻译]IDAPython-Book(Alexander Hanel)](https://bbs.pediy.com/thread-225920.htm)\n- 2018.03 [hexblog] [IDA on non-OS X/Retina Hi-DPI displays](http://www.hexblog.com/?p=1180)\n- 2018.03 [pediy] [[翻译]IDA v6.5 文本执行](https://bbs.pediy.com/thread-225514.htm)\n- 2018.02 [pediy] [[原创]逆向技术之熟悉IDA工具](https://bbs.pediy.com/thread-224499.htm)\n- 2018.01 [pediy] [[原创]ARM Linux下搭建IDA Pro远程调试环境](https://bbs.pediy.com/thread-224337.htm)\n- 2018.01 [pediy] [[翻译]对抗IDA Pro调试器ARM反汇编的技巧](https://bbs.pediy.com/thread-223894.htm)\n- 2017.12 [OALabs] [Debugging shellcode using BlobRunner and IDA Pro](https://www.youtube.com/watch?v=q9q8dy-2Jeg)\n- 2017.12 [pediy] [[原创]IDA7.0 Mac 插件编译指南](https://bbs.pediy.com/thread-223211.htm)\n- 2017.12 [pediy] [[原创]IDA 插件- FRIEND 的安装和使用](https://bbs.pediy.com/thread-223156.htm)\n- 2017.12 [BinaryAdventure] [IDAPython Tutorial with example script](https://www.youtube.com/watch?v=5ehI2wgcSGo)\n- 2017.11 [OALabs] [How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro](https://www.youtube.com/watch?v=WlE8abc8V-4)\n- 2017.11 [pediy] [[原创]IDAPython脚本分享 - 自动在JNI_OnLoad下断点](https://bbs.pediy.com/thread-222998.htm)\n- 2017.11 [pediy] [[求助]IDA Pro调试so,附加完毕,跳到目标so基址,但是内容都是DCB伪指令?](https://bbs.pediy.com/thread-222646.htm)\n- 2017.11 [OALabs] [IDA Pro Malware Analysis Tips](https://www.youtube.com/watch?v=qCQRKLaz2nQ)\n- 2017.10 [hexblog] [IDA and common Python issues](http://www.hexblog.com/?p=1132)\n- 2017.10 [pediy] [[分享]IDA + VMware 调试win7 x64](https://bbs.pediy.com/thread-221884.htm)\n- 2017.06 [pediy] [[翻译]IDA Hex-Rays反编译器使用的一些小技巧](https://bbs.pediy.com/thread-218780.htm)\n- 2017.06 [qmemcpy] [IDA series, part 2: debugging a .NET executable](https://qmemcpy.io/post/ida-series-2-debugging-net)\n- 2017.06 [qmemcpy] [IDA series, part 1: the Hex-Rays decompiler](https://qmemcpy.io/post/ida-series-1-hex-rays)\n\n\n### \u003ca id=\"a4bd25d3dc2f0be840e39674be67d66b\"\u003e\u003c/a\u003eTips\u0026\u0026Tricks\n\n\n- 2019.07 [kienbigmummy] [Cách export data trong IDA](https://medium.com/p/d4c8128704f)\n- 2019.07 [hexacorn] [Batch decompilation with IDA / Hex-Rays Decompiler](http://www.hexacorn.com/blog/2019/07/04/batch-decompilation-with-ida-hex-rays-decompiler/)\n- 2019.06 [openanalysis] [Disable ASLR for Easier Malware Debugging With x64dbg and IDA Pro](https://oalabs.openanalysis.net/2019/06/12/disable-aslr-for-easier-malware-debugging/)\n- 2019.06 [OALabs] [Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro](https://www.youtube.com/watch?v=DGX7oZvdmT0)\n- 2019.06 [openanalysis] [Reverse Engineering C++ Malware With IDA Pro: Classes, Constructors, and Structs](https://oalabs.openanalysis.net/2019/06/03/reverse-engineering-c-with-ida-pro-classes-constructors-and-structs/)\n- 2019.06 [OALabs] [Reverse Engineering C++ Malware With IDA Pro](https://www.youtube.com/watch?v=o-FFGIloxvE)\n- 2019.03 [aliyun] [IDA Pro7.0使用技巧总结](https://xz.aliyun.com/t/4205)\n- 2018.06 [checkpoint] [Scriptable Remote Debugging with Windbg and IDA Pro](https://research.checkpoint.com/scriptable-remote-debugging-windbg-ida-pro/)\n- 2015.07 [djmanilaice] [在PyCharm中编写IDAPython脚本时自动提示](http://djmanilaice.blogspot.com/2015/07/pycharm-for-your-ida-development.html)\n- 2015.07 [djmanilaice] [使用IDA自动打开当前目录下的DLL和EXE](http://djmanilaice.blogspot.com/2015/07/auto-open-dlls-and-exe-in-current.html)\n\n\n### \u003ca id=\"04cba8dbb72e95d9c721fe16a3b48783\"\u003e\u003c/a\u003e系列文章-Labeless插件介绍\n\n\n- 2018.10 [checkpoint] [Labeless Part 6: How to Resolve Obfuscated API Calls in the Ngioweb Proxy Malware - Check Point Research](https://research.checkpoint.com/labeless-part-6-how-to-resolve-obfuscated-api-calls-in-the-ngioweb-proxy-malware/)\n- 2018.10 [checkpoint] [Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm. - Check Point Research](https://research.checkpoint.com/labeless-part-5-how-to-decrypt-strings-in-boleto-banking-malware-without-reconstructing-decryption-algorithm/)\n- 2018.10 [checkpoint] [Labeless Part 4: Scripting - Check Point Research](https://research.checkpoint.com/labeless-part-4-scripting/)\n- 2018.08 [checkpoint] [Labeless Part 3: How to Dump and Auto-Resolve WinAPI Calls in LockPos Point-of-Sale Malware - Check Point Research](https://research.checkpoint.com/19558-2/)\n- 2018.08 [checkpoint] [Labeless Part 2: Installation - Check Point Research](https://research.checkpoint.com/installing-labeless/)\n- 2018.08 [checkpoint] [Labeless Part 1: An Introduction - Check Point Research](https://research.checkpoint.com/labeless-an-introduction/)\n\n\n### \u003ca id=\"1a2e56040cfc42c11c5b4fa86978cc19\"\u003e\u003c/a\u003e系列文章-使用IDA从零开始学逆向\n\n\n- 2019.11 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P25)](https://medium.com/p/304110bdf635)\n- 2019.10 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P24)](https://medium.com/p/66451e50163e)\n- 2019.10 [tradahacking] [REVERSING WITH IDA FROM SCRATCH (P23)](https://medium.com/p/a03897f960be)\n- 2019.09 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P21)](https://medium.com/p/17ce2ee804af)\n- 2019.08 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P20)](https://medium.com/p/adc2bad58cc3)\n- 2019.08 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P19)](https://medium.com/p/b8a5ccc0efbc)\n- 2019.07 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P18)](https://medium.com/p/b9b5987eea22)\n- 2019.07 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P17)](https://medium.com/p/13aae3c33824)\n- 2019.06 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P16)](https://medium.com/p/66c697636724)\n- 2019.06 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P15)](https://medium.com/p/9bb2bbdf6fbc)\n- 2019.05 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P14)](https://medium.com/p/fd20c144c844)\n- 2019.05 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P13)](https://medium.com/p/adc88403c295)\n- 2019.04 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P12)](https://medium.com/p/6b19df3db60e)\n- 2019.04 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P11)](https://medium.com/p/34e6214132d6)\n- 2019.03 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P10)](https://medium.com/p/f054072cc4cd)\n- 2019.03 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P9)](https://medium.com/p/3ead456499d2)\n- 2019.03 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P8)](https://medium.com/p/c627c70b5efd)\n- 2019.03 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P7)](https://medium.com/p/986cb6c09405)\n- 2019.03 [tradahacking] [REVERSING WITH IDA FROM SCRATCH (P6)](https://medium.com/p/ec232b87a091)\n- 2019.03 [kienbigmummy] [REVERSING WITH IDA FROM SCRATCH (P5)](https://medium.com/p/f153835b4ffc)\n\n\n### \u003ca id=\"e838a1ecdcf3d068547dd0d7b5c446c6\"\u003e\u003c/a\u003e系列文章-IDAPython-让你的生活更美好\n\n\n#### \u003ca id=\"7163f7c92c9443e17f3f76cc16c2d796\"\u003e\u003c/a\u003e原文\n\n\n- 2016.06 [paloaltonetworks] [ Using IDAPython to Make Your Life Easier, Part6](https://unit42.paloaltonetworks.com/unit42-using-idapython-to-make-your-life-easier-part-6/)\n- 2016.01 [paloaltonetworks] [ Using IDAPython to Make Your Life Easier, Part5](https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/)\n- 2016.01 [paloaltonetworks] [ Using IDAPython to Make Your Life Easier, Part4](https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/)\n- 2016.01 [paloaltonetworks] [ Using IDAPython to Make Your Life Easier, Part3](https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/)\n- 2015.12 [paloaltonetworks] [ Using IDAPython to Make Your Life Easier, Part2](https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/)\n- 2015.12 [paloaltonetworks] [ Using IDAPython to Make Your Life Easier, Part1](https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/)\n\n\n#### \u003ca id=\"fc62c644a450f3e977af313edd5ab124\"\u003e\u003c/a\u003e译文\n\n\n- 2016.01 [freebuf] [IDAPython:让你的生活更美好(五)](http://www.freebuf.com/articles/system/93440.html)\n- 2016.01 [freebuf] [IDAPython:让你的生活更美好(四)](http://www.freebuf.com/articles/system/92505.html)\n- 2016.01 [freebuf] [IDAPython:让你的生活更美好(三)](http://www.freebuf.com/articles/system/92488.html)\n- 2016.01 [freebuf] [IDAPython:让你的生活更美好(二)](http://www.freebuf.com/sectool/92168.html)\n- 2016.01 [freebuf] [IDAPython:让你的生活更美好(一)](http://www.freebuf.com/sectool/92107.html)\n\n\n\n\n### \u003ca id=\"8433dd5df40aaf302b179b1fda1d2863\"\u003e\u003c/a\u003e系列文章-使用IDA逆向C代码\n\n\n- 2019.01 [ly0n] [Reversing C code with IDA part V](https://paumunoz.tech/2019/01/12/reversing-c-code-with-ida-part-v/)\n- 2019.01 [ly0n] [Reversing C code with IDA part IV](https://paumunoz.tech/2019/01/07/reversing-c-code-with-ida-part-iv/)\n- 2019.01 [ly0n] [Reversing C code with IDA part III](https://paumunoz.tech/2019/01/02/reversing-c-code-with-ida-part-iii/)\n- 2018.12 [ly0n] [Reversing C code with IDA part II](https://paumunoz.tech/2018/12/31/reversing-c-code-with-ida-part-ii/)\n- 2018.01 [ly0n] [Reversing C code with IDA part I](https://paumunoz.tech/2018/01/11/reversing-c-code-with-ida-part-i/)\n\n\n### \u003ca id=\"3d3bc775abd7f254ff9ff90d669017c9\"\u003e\u003c/a\u003e工具\u0026\u0026插件\u0026\u0026脚本介绍\n\n\n#### \u003ca id=\"cd66794473ea90aa6241af01718c3a7d\"\u003e\u003c/a\u003e未分类\n\n\n- 2019.10 [vmray] [VMRay IDA Plugin v1.1: Streamlining Deep-Dive Malware Analysis](https://www.vmray.com/cyber-security-blog/vmray-ida-plugin-v1-1-streamlining-deep-dive-malware-analysis/)\n- 2019.10 [talosintelligence] [New IDA Pro plugin provides TileGX support](https://blog.talosintelligence.com/2019/10/new-ida-pro-plugin-provides-tilegx.html)\n- 2019.09 [talosintelligence] [GhIDA: Ghidra decompiler for IDA Pro](https://blog.talosintelligence.com/2019/09/ghida.html)\n- 2019.05 [carbonblack] [fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA](https://www.carbonblack.com/2019/05/09/fn_fuzzy-fast-multiple-binary-diffing-triage-with-ida/)\n- 2019.04 [] [climacros – IDA productivity tool](http://0xeb.net/2019/04/climacros-ida-productivity-tool/)\n- 2019.04 [] [QScripts – IDA Scripting productivity tool](http://0xeb.net/2019/04/ida-qscripts/)\n- 2019.03 [] [Daenerys: IDA Pro and Ghidra interoperability framework](http://0xeb.net/2019/03/daenerys-ida-pro-and-ghidra-interoperability-framework/)\n- 2019.03 [freebuf] [Ponce:一键即可实现符号执行(IDA插件)](https://www.freebuf.com/sectool/197708.html)\n- 2019.01 [talosintelligence] [Dynamic Data Resolver (DDR) - IDA Plugin](https://blog.talosintelligence.com/2019/01/ddr.html)\n- 2018.11 [4hou] [FLARE脚本系列:使用idawasm IDA Pro插件逆向WebAssembly(Wasm)模块](http://www.4hou.com/reverse/13935.html)\n- 2018.10 [aliyun] [用idawasm IDA Pro逆向WebAssembly模块](https://xz.aliyun.com/t/2854)\n- 2018.10 [fireeye] [FLARE Script Series: Reverse Engineering WebAssembly Modules Using the\nidawasm IDA Pro Plugin](https://www.fireeye.com/blog/threat-research/2018/10/reverse-engineering-webassembly-modules-using-the-idawasm-ida-pro-plugin.html)\n- 2018.10 [vmray] [Introducing the IDA Plugin for VMRay Analyzer](https://www.vmray.com/cyber-security-blog/ida-plugin-vmray-analyzer/)\n- 2018.10 [aliyun] [IDA-minsc在Hex-Rays插件大赛中获得第二名(2)](https://xz.aliyun.com/t/2842)\n- 2018.10 [aliyun] [IDA-minsc在Hex-Rays插件大赛中获得第二名(1)](https://xz.aliyun.com/t/2841)\n- 2018.10 [aliyun] [通过两个IDAPython插件支持A12 PAC指令和iOS12 kernelcache 重定位](https://xz.aliyun.com/t/2839)\n- 2018.09 [ptsecurity] [How we developed the NIOS II processor module for IDA Pro](http://blog.ptsecurity.com/2018/09/how-we-developed-nios-ii-processor.html)\n- 2018.09 [talosintelligence] [IDA-minsc Wins Second Place in Hex-Rays Plugins Contest](https://blog.talosintelligence.com/2018/09/ida-minsc.html)\n- 2018.09 [cisco] [IDA-minsc Wins Second Place in Hex-Rays Plugins Contest](https://blogs.cisco.com/security/talos/ida-minsc-wins-second-place-in-hex-rays-plugins-contest)\n- 2018.09 [msreverseengineering] [Weekend Project: A Custom IDA Loader Module for the Hidden Bee Malware Family](http://www.msreverseengineering.com/blog/2018/9/2/weekend-project-a-custom-ida-loader-module-for-the-hidden-bee-malware-family)\n\n\n#### \u003ca id=\"43a4761e949187bf737e378819752c3b\"\u003e\u003c/a\u003eLoader\u0026\u0026Processor\n\n\n- 2019.03 [360] [为CHIP-8编写IDA processor module](https://www.anquanke.com/post/id/172217/)\n- 2018.10 [ptsecurity] [Modernizing IDA Pro: how to make processor module glitches go away](http://blog.ptsecurity.com/2018/10/modernizing-ida-pro-how-to-make.html)\n- 2018.08 [360] [Lua程序逆向之为Luac编写IDA Pro处理器模块](https://www.anquanke.com/post/id/153699/)\n\n\n#### \u003ca id=\"c7483f3b20296ac68084a8c866230e15\"\u003e\u003c/a\u003e与其他工具交互\n\n\n- 2018.09 [dustri] [IDAPython vs. r2pipe](https://dustri.org/b/idapython-vs-r2pipe.html)\n\n\n\n\n### \u003ca id=\"ea11818602eb33e8b165eb18d3710965\"\u003e\u003c/a\u003e翻译-TheIDAProBook\n\n\n- 2008.10 [pediy] [[翻译]The IDA Pro Book 第六章](https://bbs.pediy.com/thread-75632.htm)\n- 2008.10 [pediy] [[翻译](20081030更新)The IDA Pro Book 第12章:使用FLIRT签名识别库](https://bbs.pediy.com/thread-75422.htm)\n- 2008.10 [pediy] [[翻译]The IDA Pro Book(第二章)](https://bbs.pediy.com/thread-74943.htm)\n- 2008.10 [pediy] [[翻译]The IDA Pro book 第5章---IDA DATA DISPLAY](https://bbs.pediy.com/thread-74838.htm)\n- 2008.10 [pediy] [[翻译]The IDA Pro Book(第一章)](https://bbs.pediy.com/thread-74564.htm)\n\n\n### \u003ca id=\"ec5f7b9ed06500c537aa25851a3f2d3a\"\u003e\u003c/a\u003e翻译-ReverseEngineeringCodeWithIDAPro\n\n\n- 2009.01 [pediy] [[原创]Reverse Engineering Code with IDA Pro第七章中文译稿](https://bbs.pediy.com/thread-80580.htm)\n- 2008.06 [pediy] [[翻译]Reverse Engineering Code with IDA Pro(第一、二章)](https://bbs.pediy.com/thread-66010.htm)\n\n\n### \u003ca id=\"2120fe5420607a363ae87f5d2fed459f\"\u003e\u003c/a\u003eIDA本身\n\n\n- 2019.01 [pediy] [[原创]IDA7.2安装包分析](https://bbs.pediy.com/thread-248989.htm)\n- 2019.01 [pediy] [[原创]IDA 在解析 IA64 中的 brl 指令时存在一个 Bug](https://bbs.pediy.com/thread-248983.htm)\n- 2018.11 [hexblog] [IDA 7.2 – The Mac Rundown](http://www.hexblog.com/?p=1300)\n- 2018.10 [pediy] [[原创] 修复 IDA Pro 7.0在macOS Mojave崩溃的问题](https://bbs.pediy.com/thread-247334.htm)\n\n\n### \u003ca id=\"d8e48eb05d72db3ac1e050d8ebc546e1\"\u003e\u003c/a\u003e逆向实战\n\n\n#### \u003ca id=\"374c6336120363a5c9d9a27d7d669bf3\"\u003e\u003c/a\u003e未分类\n\n\n- 2019.11 [4hou] [反作弊游戏如何破解,看看《黑色沙漠》逆向分析过程:使用 IDAPython 和 FLIRT 签名恢复 IAT](https://www.4hou.com/web/21806.html)\n- 2019.11 [aliyun] [使用IDA microcode去除ollvm混淆(下)](https://xz.aliyun.com/t/6795)\n- 2019.06 [devco] [破密行動: 以不尋常的角度破解 IDA Pro 偽隨機數](https://devco.re/blog/2019/06/21/operation-crack-hacking-IDA-Pro-installer-PRNG-from-an-unusual-way/)\n- 2019.05 [360] [IDAPython实战项目——DES算法识别](https://www.anquanke.com/post/id/177808/)\n- 2019.04 [venus] [使用 IDA Pro 的 REobjc 模块逆向 Objective-C 二进制文件](https://paper.seebug.org/887/)\n- 2019.01 [ly0n] [Cracking with IDA (redh@wk 2.5 crackme)](https://paumunoz.tech/2019/01/05/cracking-with-ida-redhwk-2-5-crackme/)\n- 2018.11 [somersetrecon] [Introduction to IDAPython for Vulnerability Hunting - Part 2](http://www.somersetrecon.com/blog/2018/8/2/idapython-part-2)\n- 2018.11 [pediy] [[原创]IDA动态调试ELF](https://bbs.pediy.com/thread-247830.htm)\n- 2018.06 [pediy] [[翻译]在IDA中使用Python Z3库来简化函数中的算术运算](https://bbs.pediy.com/thread-228688.htm)\n- 2018.03 [duo] [Reversing Objective-C Binaries With the REobjc Module for IDA Pro](https://duo.com/blog/reversing-objective-c-binaries-with-the-reobjc-module-for-ida-pro)\n- 2006.05 [pediy] [Themida v1008 驱动程序分析,去除花指令的 IDA 文件](https://bbs.pediy.com/thread-25836.htm)\n\n\n#### \u003ca id=\"0b3e1936ad7c4ccc10642e994c653159\"\u003e\u003c/a\u003e恶意代码分析\n\n\n- 2019.04 [360] [两种姿势批量解密恶意驱动中的上百条字串](https://www.anquanke.com/post/id/175964/)\n- 2019.03 [cyber] [使用IDAPython分析Trickbot](https://cyber.wtf/2019/03/22/using-ida-python-to-analyze-trickbot/)\n- 2019.01 [OALabs] [Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!](https://www.youtube.com/watch?v=RfnuMhosxuQ)\n- 2018.09 [4hou] [Hidden Bee恶意软件家族的定制IDA装载模块开发](http://www.4hou.com/technology/13438.html)\n- 2018.09 [4hou] [用IDAPython解密Gootkit中的字符串](http://www.4hou.com/technology/13209.html)\n- 2018.05 [OALabs] [Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg](https://www.youtube.com/watch?v=QgUlPvEE4aw)\n- 2018.04 [OALabs] [Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)](https://www.youtube.com/watch?v=ylWInOcQy2s)\n- 2018.03 [OALabs] [Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request](https://www.youtube.com/watch?v=242Tn0IL2jE)\n- 2018.01 [OALabs] [Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1](https://www.youtube.com/watch?v=HfSQlC76_s4)\n- 2017.11 [OALabs] [Unpacking Process Injection Malware With IDA PRO (Part 2)](https://www.youtube.com/watch?v=kdNQhfgoQoU)\n- 2017.11 [OALabs] [Unpacking Process Injection Malware With IDA PRO (Part 1)](https://www.youtube.com/watch?v=ScBB-Hi7NxQ)\n- 2017.06 [hackers] [Reverse Engineering Malware, Part 3: IDA Pro Introduction](https://www.hackers-arise.com/single-post/2017/06/22/Reverse-Engineering-Malware-Part-3-IDA-Pro-Introduction)\n- 2017.05 [4hou] [逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe](http://www.4hou.com/technology/4832.html)\n- 2017.05 [3gstudent] [逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe](https://3gstudent.github.io/3gstudent.github.io/%E9%80%86%E5%90%91%E5%88%86%E6%9E%90-%E4%BD%BF%E7%94%A8IDA%E5%8A%A8%E6%80%81%E8%B0%83%E8%AF%95WanaCrypt0r%E4%B8%AD%E7%9A%84tasksche.exe/)\n- 2012.06 [trustwave] [使用IDAPython对Flame的字符串进行反混淆](https://www.trustwave.com/Resources/SpiderLabs-Blog/Defeating-Flame-String-Obfuscation-with-IDAPython/)\n\n\n#### \u003ca id=\"03465020d4140590326ae12c9601ecfd\"\u003e\u003c/a\u003e漏洞分析\u0026\u0026挖掘\n\n\n- 2018.07 [360] [如何使用 IDAPython 寻找漏洞](https://www.anquanke.com/post/id/151898/)\n- 2018.07 [somersetrecon] [如何使用IDAPython挖掘漏洞](http://www.somersetrecon.com/blog/2018/7/6/introduction-to-idapython-for-vulnerability-hunting)\n\n\n\n\n### \u003ca id=\"e9ce398c2c43170e69c95fe9ad8d22fc\"\u003e\u003c/a\u003eMicrocode\n\n\n- 2019.10 [amossys] [探秘Hex-Rays microcode](https://blog.amossys.fr/stage-2019-hexraysmicrocode.html)\n\n\n### \u003ca id=\"9c0ec56f402a2b9938417f6ecbaeaa72\"\u003e\u003c/a\u003eIDA对抗\n\n\n- 2019.05 [aliyun] [混淆IDA F5的一个小技巧-x86](https://xz.aliyun.com/t/5062)\n\n\n\n\n# \u003ca id=\"319821036a3319d3ade5805f384d3165\"\u003e\u003c/a\u003eGhidra\n\n\n***\n\n\n## \u003ca id=\"fa45b20f6f043af1549b92f7c46c9719\"\u003e\u003c/a\u003e插件\u0026\u0026脚本\n\n\n### \u003ca id=\"2ae406afda6602c8f02d73678b2ff040\"\u003e\u003c/a\u003eGhidra\n\n\n- [**18649**星][10d] [Java] [nationalsecurityagency/ghidra](https://github.com/nationalsecurityagency/ghidra) 软件逆向框架\n\n\n### \u003ca id=\"ce70b8d45be0a3d29705763564623aca\"\u003e\u003c/a\u003e新添加的\n\n\n- [**455**星][9m] [YARA] [ghidraninja/ghidra_scripts](https://github.com/ghidraninja/ghidra_scripts) Ghidra脚本\n - [binwalk](https://github.com/ghidraninja/ghidra_scripts/blob/master/binwalk.py) 对当前程序运行BinWalk, 标注找到的内容\n - [yara](https://github.com/ghidraninja/ghidra_scripts/blob/master/yara.py) 使用Yara查找加密常量\n - [swift_demangler](https://github.com/ghidraninja/ghidra_scripts/blob/master/swift_demangler.py) 自动demangle Swift函数名\n - [golang_renamer](https://github.com/ghidraninja/ghidra_scripts/blob/master/golang_renamer.py) 恢复stripped Go二进制文件的函数名\n- [**204**星][8m] [Java] [rolfrolles/ghidrapal](https://github.com/rolfrolles/ghidrapal) Ghidra 程序分析库(无文档)\n\n\n### \u003ca id=\"69dc4207618a2977fe8cd919e7903fa5\"\u003e\u003c/a\u003e特定分析目标\n\n\n#### \u003ca id=\"da5d2b05da13f8e65aa26d6a1c95a8d0\"\u003e\u003c/a\u003e未分类\n\n\n\n\n#### \u003ca id=\"058bb9893323f337ad1773725d61f689\"\u003e\u003c/a\u003eLoader\u0026\u0026Processor\n\n\n\n\n#### \u003ca id=\"51a2c42c6d339be24badf52acb995455\"\u003e\u003c/a\u003eXbox\n\n\n\n\n\n\n### \u003ca id=\"99e3b02da53f1dbe59e0e277ef894687\"\u003e\u003c/a\u003e与其他工具交互\n\n\n#### \u003ca id=\"5923db547e1f04f708272543021701d2\"\u003e\u003c/a\u003e未分类\n\n\n\n\n#### \u003ca id=\"e1cc732d1388084530b066c26e24887b\"\u003e\u003c/a\u003eRadare2\n\n\n\n\n#### \u003ca id=\"d832a81018c188bf585fcefa3ae23062\"\u003e\u003c/a\u003eIDA\n\n\n- [**299**星][4m] [Py] [cisco-talos/ghida](https://github.com/cisco-talos/ghida) 在IDA中集成Ghidra反编译器\n - 重复区段: [IDA-\u003e插件-\u003e导入导出-\u003eGhidra](#c7066b0c388cd447e980bf0eb38f39ab) |\n- [**238**星][9m] [Py] [daenerys-sre/source](https://github.com/daenerys-sre/source) 使IDA和Ghidra脚本通用, 无需修改\n - 重复区段: [IDA-\u003e插件-\u003e导入导出-\u003eGhidra](#c7066b0c388cd447e980bf0eb38f39ab) |\n\n\n#### \u003ca id=\"60e86981b2c98f727587e7de927e0519\"\u003e\u003c/a\u003eDBI\n\n\n\n\n#### \u003ca id=\"e81053b03a859e8ac72f7fe79e80341a\"\u003e\u003c/a\u003e调试器\n\n\n\n\n\n\n### \u003ca id=\"cccbd06c6b9b03152d07a4072152ae27\"\u003e\u003c/a\u003e外观\u0026\u0026主题\n\n\n\n\n### \u003ca id=\"45910c8ea12447df9cdde2bea425f23f\"\u003e\u003c/a\u003e脚本编写\n\n\n#### \u003ca id=\"c12ccb8e11ba94184f8f24767eb64212\"\u003e\u003c/a\u003e其他\n\n\n\n\n#### \u003ca id=\"b24e162720cffd2d2456488571c1a136\"\u003e\u003c/a\u003e编程语言\n\n\n\n\n\n\n\n\n***\n\n\n## \u003ca id=\"273df546f1145fbed92bb554a327b87a\"\u003e\u003c/a\u003e文章\u0026\u0026视频\n\n\n### \u003ca id=\"8962bde3fbfb1d1130879684bdf3eed0\"\u003e\u003c/a\u003e新添加的1\n\n\n- 2019.12 [shogunlab] [Here Be Dragons: Reverse Engineering with Ghidra - Part 1 [Data, Functions \u0026 Scripts]](https://www.shogunlab.com/blog/2019/12/22/here-be-dragons-ghidra-1.html)\n- 2019.11 [freebuf] [使用Ghidra分析phpStudy后门](https://www.freebuf.com/sectool/217560.html)\n- 2019.10 [4hou] [使用 Ghidra 分析 phpStudy 后门](https://www.4hou.com/technology/21097.html)\n- 2019.10 [knownsec] [使用 Ghidra 分析 phpStudy 后门](https://blog.knownsec.com/2019/10/%e4%bd%bf%e7%94%a8-ghidra-%e5%88%86%e6%9e%90-phpstudy-%e5%90%8e%e9%97%a8/)\n- 2019.10 [venus] [使用 Ghidra 分析 phpStudy 后门](https://paper.seebug.org/1058/)\n- 2019.10 [WarrantyVoider] [C64LoaderWV - Loading C64 programs into Ghidra](https://www.youtube.com/watch?v=thl6VciaUzg)\n- 2019.08 [pentestpartners] [CVE-2019-12103 – Analysis of a Pre-Auth RCE on the TP-Link M7350, with Ghidra!](https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra/)\n- 2019.08 [xpnsec] [Analysing RPC With Ghidra and Neo4j](https://blog.xpnsec.com/analysing-rpc-with-ghidra-neo4j/)\n- 2019.04 [X0x6d696368] [ghidra_scripts: GoogleSearch.py (to lookup function names via Google)](https://www.youtube.com/watch?v=BMmNg35Cjqo)\n- 2019.04 [X0x6d696368] [ghidra_scripts: SimpleStackStrings.py (to reassemble \"stack strings\")](https://www.youtube.com/watch?v=K_2khlMATew)\n- 2019.04 [X0x6d696368] [ghidra_scripts: colorCallGraphCallsTo.py (using SetBackroundColor and traversing the call graph)](https://www.youtube.com/watch?v=SHNO1ZrIQB8)\n- 2019.04 [4hou] [利用GHIDRA逆向Tytera MD380的固件](https://www.4hou.com/reverse/17464.html)\n- 2019.04 [jeanmichel] [First steps with Ghidra: crackme01](https://medium.com/p/319827a2e80b)\n- 2019.03 [GynvaelEN] [Hacking Livestream #74: Ghidra](https://www.youtube.com/watch?v=tXxiuHzjm34)\n- 2019.01 [sans] [How to Train Your Dragon: Ghidra Basics](https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1574103618.pdf)\n\n\n### \u003ca id=\"ce49901b4914f3688ef54585c8f9df1a\"\u003e\u003c/a\u003e新添加的\n\n\n- 2019.09 [dustri] [Radare2, IDA Pro, and Binary ninja, a metaphoric comparison](https://dustri.org/b/radare2-ida-pro-and-binary-ninja-a-metaphoric-comparison.html)\n- 2019.05 [vimeo] [Three Heads are Better Than One: Mastering Ghidra - Alexei Bulazel, Jeremy Blackthorne - INFILTRATE 2019](https://vimeo.com/335158460)\n- 2019.04 [X0x6d696368] [Ghidra: Stack Depth (to detect stack manipulation)](https://www.youtube.com/watch?v=hP9FQrD61tk)\n- 2019.04 [X0x6d696368] [Ghidra: Version Tracking](https://www.youtube.com/watch?v=K83T7iVla5s)\n- 2019.04 [X0x6d696368] [Ghidra: Export Symbols and Load External Libraries (to resolve imported function names)](https://www.youtube.com/watch?v=Avn8s7iW3Rc)\n- 2019.04 [X0x6d696368] [Ghidra: Data Type Manager / Archives and Parse C Source... (resolve function signatures)](https://www.youtube.com/watch?v=u15-r5Erfnw)\n- 2019.04 [X0x6d696368] [Ghidra: Generate Checksum... (to extract hashes of embedded malware artifacts)](https://www.youtube.com/watch?v=vLG7c5Eae0s)\n- 2019.04 [msreverseengineering] [An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra](https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra)\n- 2019.04 [X0x6d696368] [Ghidra: FunctionID (to identify libraries and code reuse)](https://www.youtube.com/watch?v=P8Ul2K7pEfU)\n- 2019.04 [X0x6d696368] [Ghidra: Server / Shared Projects (using ghidra-server.org)](https://www.youtube.com/watch?v=ka4vGxLmr4w)\n- 2019.04 [X0x6d696368] [Ghidra: Bytes View (to patch binary and export to a working PE file)](https://www.youtube.com/watch?v=utUqAbfURko)\n- 2019.04 [X0x6d696368] [Ghidra: Fixing Bugs (Fixing PE section import size alignment)](https://www.youtube.com/watch?v=vpt7-Hn-Uhg)\n- 2019.04 [X0x6d696368] [Ghidra: Clear Flow and Repair, and Patch Instruction (to defeat anti-disassembly)](https://www.youtube.com/watch?v=H9DyLQ2iuyE)\n- 2019.04 [X0x6d696368] [Ghidra: Scripting (Python) (a quick introduction by implementing pipeDecoder.py)](https://www.youtube.com/watch?v=WLXlq3lvUGs)\n- 2019.04 [X0x6d696368] [Ghidra: Decompile and compile (to quickly reimplement malware decoding functions)](https://www.youtube.com/watch?v=YuwOgBDt_b4)\n- 2019.04 [X0x6d696368] [Ghidra: EditBytesScript (to fix/manipulate PE header to load ShadowHammer setup.exe sample)](https://www.youtube.com/watch?v=7__tiVMPIEE)\n- 2019.04 [X0x6d696368] [Ghidra: Extract and Import ... (to extract resources from PE binaries)](https://www.youtube.com/watch?v=M19ZSTAgubI)\n- 2019.04 [X0x6d696368] [Ghidra: YaraGhidraGUIScript (to generate a YARA signature for threat/retro hunting)](https://www.youtube.com/watch?v=tBvxVkJrkh0)\n- 2019.04 [X0x6d696368] [Ghidra: XORMemoryScript (to XOR decode strings)](https://www.youtube.com/watch?v=vPqs7E_nhdQ)\n- 2019.04 [yoroi] [Ghidra SRE: The AZORult Field Test](https://blog.yoroi.company/research/ghidra-sre-the-azorult-field-test/)\n\n\n### \u003ca id=\"b7fb955b670df2babc67e5942297444d\"\u003e\u003c/a\u003eGhidra漏洞\n\n\n- 2019.10 [securityaffairs] [Ghidra 9.0.4及之前版本的代码执行漏洞](https://securityaffairs.co/wordpress/92280/hacking/ghidra-code-execution-flaw.html)\n- 2019.10 [4hou] [CVE-2019-16941: NSA Ghidra工具RCE漏洞](https://www.4hou.com/info/news/20698.html)\n- 2019.03 [venus] [Ghidra 从 XXE 到 RCE](https://paper.seebug.org/861/)\n- 2019.03 [tencent] [Ghidra 从 XXE 到 RCE](https://xlab.tencent.com/cn/2019/03/18/ghidra-from-xxe-to-rce/)\n\n\n### \u003ca id=\"dd0d49a5e6bd34b372d9bbf4475e8024\"\u003e\u003c/a\u003e实战分析\n\n\n#### \u003ca id=\"f0ab053d7a282ab520c3a327fc91ba2e\"\u003e\u003c/a\u003e未分类\n\n\n- 2019.09 [venus] [使用 Ghidra 对 iOS 应用进行 msgSend 分析](https://paper.seebug.org/1037/)\n- 2019.09 [4hou] [使用Ghidra对iOS应用进行msgSend分析](https://www.4hou.com/system/20326.html)\n- 2019.09 [WarrantyVoider] [X360 XEX Decompiling With Ghidra](https://www.youtube.com/watch?v=coGz0f7hHTM)\n- 2019.08 [WarrantyVoider] [N64 ROM Decompiling With Ghidra - N64LoaderWV](https://www.youtube.com/watch?v=3d3a39LuCwc)\n- 2019.08 [4hou] [基于Ghidra和Neo4j的RPC分析技术](https://www.4hou.com/technology/19730.html)\n- 2019.04 [X0x6d696368] [Ghidra: Search Program Text... (to find XOR decoding functions in malware)](https://www.youtube.com/watch?v=MaxwIxrmrWY)\n- 2019.04 [shogunlab] [Here Be Dragons: Reverse Engineering with Ghidra - Part 0 [Main Windows \u0026 CrackMe]](https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html)\n- 2019.03 [GhidraNinja] [Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme](https://www.youtube.com/watch?v=4urMITJKQQs)\n- 2019.03 [GhidraNinja] [Ghidra quickstart \u0026 tutorial: Solving a simple crackme](https://www.youtube.com/watch?v=fTGTnrgjuGA)\n\n\n#### \u003ca id=\"375c75af4fa078633150415eec7c867d\"\u003e\u003c/a\u003e漏洞分析\u0026\u0026挖掘\n\n\n- 2019.11 [4hou] [使用Ghidra对WhatsApp VOIP Stack 溢出漏洞的补丁对比分析](https://www.4hou.com/vulnerable/21141.html)\n- 2019.09 [4hou] [利用Ghidra分析TP-link M7350 4G随身WiFi的RCE漏洞](https://www.4hou.com/vulnerable/20267.html)\n- 2019.08 [aliyun] [CVE-2019-12103 使用Ghidra分析TP-Link M7350上的预认证RCE](https://xz.aliyun.com/t/6017)\n\n\n#### \u003ca id=\"4e3f53845efe99da287b2cea1bdda97c\"\u003e\u003c/a\u003e恶意代码\n\n\n- 2019.06 [dawidgolak] [IcedID aka #Bokbot Analysis with Ghidra.](https://medium.com/p/560e3eccb766)\n- 2019.04 [aliyun] [利用Ghidra分析恶意软件Emotet](https://xz.aliyun.com/t/4931)\n- 2019.04 [X0x6d696368] [Ghidra: Shadow Hammer (Stage 1: Setup.exe) complete static Analysis](https://www.youtube.com/watch?v=gI0nZR4z7_M)\n- 2019.04 [X0xd0cf11e] [Analyzing Emotet with Ghidra — Part 2](https://medium.com/p/9efbea374b14)\n- 2019.04 [X0x6d696368] [Ghidra: Android APK (it's basically dex2jar with a .dex decompiler)](https://www.youtube.com/watch?v=At_T6riSb9A)\n- 2019.04 [X0xd0cf11e] [Analyzing Emotet with Ghidra — Part 1](https://medium.com/p/4da71a5c8d69)\n- 2019.03 [GhidraNinja] [Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra](https://www.youtube.com/watch?v=Sv8yu12y5zM)\n- 2019.03 [HackerSploit] [Malware Analysis With Ghidra - Stuxnet Analysis](https://www.youtube.com/watch?v=TJhfnItRVOA)\n- 2019.03 [sans] [Analysing meterpreter payload with Ghidra](https://isc.sans.edu/forums/diary/Analysing+meterpreter+payload+with+Ghidra/24722/)\n\n\n\n\n### \u003ca id=\"92f60c044ed13b3ffde631794edd2756\"\u003e\u003c/a\u003e其他\n\n\n\n\n### \u003ca id=\"4bfa6dcf708b3f896870c9d3638c0cde\"\u003e\u003c/a\u003eTips\u0026\u0026Tricks\n\n\n\n\n### \u003ca id=\"0d086cf7980f65da8f7112b901fecdc1\"\u003e\u003c/a\u003e工具\u0026\u0026插件\u0026\u0026脚本\n\n\n- 2019.11 [deadc0de] [使用Python编写Ghidra脚本示例](https://deadc0de.re/articles/ghidra-scripting-python.html)\n- 2019.04 [X0x6d696368] [ghidra_scripts: RC4Decryptor.py](https://www.youtube.com/watch?v=kXaHrPyZtGs)\n- 2019.04 [aliyun] [如何开发用于漏洞研究的Ghidra插件,Part 1](https://xz.aliyun.com/t/4723)\n- 2019.04 [somersetrecon] [Ghidra Plugin Development for Vulnerability Research - Part-1](https://www.somersetrecon.com/blog/2019/ghidra-plugin-development-for-vulnerability-research-part-1)\n- 2019.03 [wololo] [PS4 release: GhidraPS4Loader and Playstation 4 Flash tool](http://wololo.net/2019/03/18/ps4-release-ghidraps4loader-and-playstation-4-flash-tool/)\n\n\n\n\n# \u003ca id=\"b1a6c053e88e86ce01bbd78c54c63a7c\"\u003e\u003c/a\u003ex64dbg\n\n\n***\n\n\n## \u003ca id=\"b4a856db286f9f29b5a32d477d6b3f3a\"\u003e\u003c/a\u003e插件\u0026\u0026脚本\n\n\n### \u003ca id=\"353ea40f2346191ecb828210a685f9db\"\u003e\u003c/a\u003ex64dbg\n\n\n- [**34576**星][1m] [C++] [x64dbg/x64dbg](https://github.com/x64dbg/x64dbg) Windows平台x32/x64调试器\n\n\n### \u003ca id=\"da5688c7823802e734c39b539aa39df7\"\u003e\u003c/a\u003e新添加的\n\n\n- [**1672**星][7m] [C++] [yegord/snowman](https://github.com/yegord/snowman) Snowman反编译器,支持x86, AMD64, ARM。有独立的GUI工具、命令行工具、IDA/Radare2/x64dbg插件,也可以作为库使用\n - 重复区段: [IDA-\u003e插件-\u003e反编译器](#d2166f4dac4eab7fadfe0fd06467fbc9) |\n - [IDA插件](https://github.com/yegord/snowman/tree/master/src/ida-plugin) \n - [snowman](https://github.com/yegord/snowman/tree/master/src/snowman) QT界面\n - [nocode](https://github.com/yegord/snowman/tree/master/src/nocode) 命令行工具\n - [nc](https://github.com/yegord/snowman/tree/master/src/nc) 核心代码,可作为库使用\n- [**1341**星][1m] [C] [x64dbg/x64dbgpy](https://github.com/x64dbg/x64dbgpy) Automating x64dbg using Python, Snapshots:\n- [**972**星][2m] [Py] [x64dbg/docs](https://github.com/x64dbg/docs) x64dbg文档\n- [**471**星][13d] [C] [bootleg/ret-sync](https://github.com/bootleg/ret-sync) 在反汇编工具和调试器之间同步调试会话\n - 重复区段: [IDA-\u003e插件-\u003e与调试器同步](#f7d311685152ac005cfce5753c006e4b) |\n - [GDB插件](https://github.com/bootleg/ret-sync/tree/master/ext_gdb) \n - [Ghidra插件](https://github.com/bootleg/ret-sync/tree/master/ext_ghidra) \n - [IDA插件](https://github.com/bootleg/ret-sync/tree/master/ext_ida) \n - [LLDB](https://github.com/bootleg/ret-sync/tree/master/ext_lldb) \n - [OD](https://github.com/bootleg/ret-sync/tree/master/ext_olly1) \n - [OD2](https://github.com/bootleg/ret-sync/tree/master/ext_olly2) \n - [WinDgb](https://github.com/bootleg/ret-sync/tree/master/ext_windbg/sync) \n - [x64dbg](https://github.com/bootleg/ret-sync/tree/master/ext_x64dbg) \n- [**363**星][9m] [fr0gger/awesome-ida-x64-olly-plugin](https://github.com/fr0gger/awesome-ida-x64-olly-plugin) IDA x64DBG OllyDBG 插件收集\n - 重复区段: [IDA-\u003e插件-\u003e收集](#a7dac37cd93b8bb42c7d6aedccb751b3) |\n\n\n\n\n***\n\n\n## \u003ca id=\"22894d6f2255dc43d82dd46bdbc20ba1\"\u003e\u003c/a\u003e文章\u0026\u0026视频\n\n\n- 2019.02 [freebuf] [使用x64dbg分析微信并获取所有联系人信息](https://www.freebuf.com/articles/terminal/195774.html)\n- 2018.03 [freebuf] [使用x64dbg分析微信聊天函数并实现发信息](http://www.freebuf.com/sectool/164988.html)\n- 2018.03 [360] [使用x64dbg脱壳之开源壳upx](https://www.anquanke.com/post/id/99750/)\n- 2018.02 [360] [使用x64dbg分析微信防多开功能](https://www.anquanke.com/post/id/98825/)\n- 2018.02 [360] [使用x64dbg 分析 TIM2.0 QQ撤销功能](https://www.anquanke.com/post/id/98498/)\n- 2018.02 [KirbiflintCracking] [Patching a Keygenme with x64dbg [Learning Cracking]](https://www.youtube.com/watch?v=tkHW-VNBBQo)\n- 2018.01 [KirbiflintCracking] [Cracking \u0026 Keygen a crackme with x64dbg [Learning Cracking]](https://www.youtube.com/watch?v=6JsYRg8_yeY)\n- 2018.01 [KirbiflintCracking] [Cracking the new Steam Stub drm with x64dbg [Learning Cracking]](https://www.youtube.com/watch?v=yrrcL8xGPoE)\n- 2018.01 [KirbiflintCracking] [Cracking a simple crackme \u0026 bypassing Anti-debugger protection with x64dbg [Learning Cracking]](https://www.youtube.com/watch?v=Sal3xbSJdJA)\n- 2017.12 [KirbiflintCracking] [Cracking some Crackmes with x64dbg [Learning Cracking]](https://www.youtube.com/watch?v=E1zD4Lp7b1g)\n- 2017.12 [KirbiflintCracking] [Cracking a simple Crackme with x64dbg [Learning cracking]](https://www.youtube.com/watch?v=MHw8Xu9Od_c)\n- 2017.10 [x64dbg] [Limitations in x64dbg](https://x64dbg.com/blog/2017/10/06/Limitations-in-x64dbg.html)\n- 2017.09 [pediy] [[翻译]消息断点在x64dbg中的应用 by lantie@15PB](https://bbs.pediy.com/thread-221551.htm)\n- 2017.07 [pediy] [[原创]使用x64dbg+VS2015 Spy++去除WinRAR5.40(64位)广告弹框](https://bbs.pediy.com/thread-219435.htm)\n- 2017.06 [seowhistleblower] [Channel Update + Let's Hack: Sniper Elite 4 (Cheat Engine and x64dbg Tutorial)](https://www.youtube.com/watch?v=KCHsOmebYo4)\n- 2016.10 [x64dbg] [Architecture of x64dbg](https://x64dbg.com/blog/2016/10/04/architecture-of-x64dbg.html)\n- 2016.07 [x64dbg] [x64dbg plugin SDK](https://x64dbg.com/blog/2016/07/30/x64dbg-plugin-sdk.html)\n- 2016.07 [adelmas] [Introducing x64dbg and Pizzacrypts Ransomware Unpacking](http://adelmas.com/blog/x64dbg_pizzacrypts.php)\n- 2015.12 [pediy] [[原创]源码编译x64dbg](https://bbs.pediy.com/thread-206431.htm)\n- 2015.10 [pediy] [[原创]win7X64DBGPORT移位数据](https://bbs.pediy.com/thread-205123.htm)\n\n\n# \u003ca id=\"37e37e665eac00de3f55a13dcfd47320\"\u003e\u003c/a\u003eOllyDbg\n\n\n***\n\n\n## \u003ca id=\"7834e399e48e6c64255a1a0fdb6b88f5\"\u003e\u003c/a\u003e插件\u0026\u0026脚本\n\n\n### \u003ca id=\"92c44f98ff5ad8f8b0f5e10367262f9b\"\u003e\u003c/a\u003e新添加的\n\n\n\n\n\n\n***\n\n\n## \u003ca id=\"8dd3e63c4e1811973288ea8f1581dfdb\"\u003e\u003c/a\u003e文章\u0026\u0026视频\n\n\n- 2019.04 [freebuf] [缓冲区溢出实战教程系列(三):利用OllyDbg了解程序运行机制](https://www.freebuf.com/articles/system/198149.html)\n- 2018.10 [pediy] [[原创]使用“PE文件加区段工具”、“LordPE”、“WinHex”、“OllyDbg”为PE文件添加section、dll(API)](https://bbs.pediy.com/thread-247370.htm)\n- 2018.10 [pediy] [[原创]Ollydbg插件的编写流程](https://bbs.pediy.com/thread-247331.htm)\n- 2018.03 [pediy] [[原创]业余时间开发的类IDA静态反汇编工具(仿Ollydbg界面)(内有传送门)](https://bbs.pediy.com/thread-225396.htm)\n- 2018.01 [kienbigmummy] [OllyDbg_tut32](https://medium.com/p/345972799c44)\n- 2018.01 [pediy] [如何实现自己的ollydbg调试器 (1) 界面的实现](https://bbs.pediy.com/thread-224157.htm)\n- 2017.12 [hackers] [Reverse Engineering Malware, Part 5: OllyDbg Basics](https://www.hackers-arise.com/single-post/2017/10/03/Reverse-Engineering-Malware-Part-5-OllyDbg-Basics)\n- 2017.10 [4hou] [工具推荐:逆向破解利器OllyDbg](http://www.4hou.com/tools/7890.html)\n- 2017.07 [ColinHardy] [Three and a half ways to unpack malware using Ollydbg](https://www.youtube.com/watch?v=n_gxtaFX8Ao)\n- 2016.12 [360] [利用OllyDbg跟踪分析Process Hollowing](https://www.anquanke.com/post/id/85124/)\n- 2016.12 [airbuscybersecurity] [Following Process Hollowing in OllyDbg](http://blog.airbuscybersecurity.com/post/2016/06/Following-Process-Hollowing-in-OllyDbg)\n- 2015.11 [pediy] [[原创][开源]OllyDbg 2.x插件编写教程](https://bbs.pediy.com/thread-206175.htm)\n- 2015.11 [pediy] [[原创]科普文之如何编写ollydbg插件](https://bbs.pediy.com/thread-206064.htm)\n- 2015.11 [pediy] [[翻译]Ollydbg2.0X版本帮助手册中文翻译](https://bbs.pediy.com/thread-205870.htm)\n- 2015.08 [pediy] [[原创]《使用OllyDbg从零开始Cracking》第14课练习完整解答](https://bbs.pediy.com/thread-203152.htm)\n- 2015.01 [pediy] [[翻译]使用OllyDbg从零开始Cracking 第五十八章-EXECryptor v2.2.50.h脱壳](https://bbs.pediy.com/thread-196797.htm)\n- 2014.11 [reversec0de] [OllyDbg Plugin Converter v0.1b](https://reversec0de.wordpress.com/2014/11/09/ollydbg-plugin-converter-v0-1b/)\n- 2014.10 [pediy] [[翻译]使用OllyDbg从零开始Cracking 第四十四章-ACProtect V1.09脱壳(修复AntiDump)](https://bbs.pediy.com/thread-193537.htm)\n- 2014.10 [pediy] [[翻译]使用OllyDbg从零开始Cracking 第四十三章-ACProtect V1.09脱壳(编写脚本修复IAT)](https://bbs.pediy.com/thread-193467.htm)\n- 2014.10 [pediy] [使用OllyDbg从零开始Cracking 第四十二章-ACProtect V1.09脱壳(寻找OEP,绕过硬件断点的检测,修复Stolen code)](https://bbs.pediy.com/thread-193405.htm)\n\n\n# \u003ca id=\"0a506e6fb2252626add375f884c9095e\"\u003e\u003c/a\u003eWinDBG\n\n\n***\n\n\n## \u003ca id=\"37eea2c2e8885eb435987ccf3f467122\"\u003e\u003c/a\u003e插件\u0026\u0026脚本\n\n\n### \u003ca id=\"2ef75ae7852daa9862b2217dca252cc3\"\u003e\u003c/a\u003e新添加的\n\n\n- [**564**星][6m] [C#] [fremag/memoscope.net](https://github.com/fremag/memoscope.net) Dump and analyze .Net applications memory ( a gui for WinDbg and ClrMd )\n- [**279**星][1m] [Py] [hugsy/defcon_27_windbg_workshop](https://github.com/hugsy/defcon_27_windbg_workshop) DEFCON 27 workshop - Modern Debugging with WinDbg Preview\n- [**230**星][9m] [C++] [microsoft/windbg-samples](https://github.com/microsoft/windbg-samples) Sample extensions, scripts, and API uses for WinDbg.\n\n\n\n\n***\n\n\n## \u003ca id=\"6d8bac8bfb5cda00c7e3bd38d64cbce3\"\u003e\u003c/a\u003e文章\u0026\u0026视频\n\n\n- 2019.10 [freebuf] [Iris:一款可执行常见Windows漏洞利用检测的WinDbg扩展](https://www.freebuf.com/sectool/214276.html)\n- 2019.08 [lowleveldesign] [Synthetic types and tracing syscalls in WinDbg](https://lowleveldesign.org/2019/08/27/synthetic-types-and-tracing-syscalls-in-windbg/)\n- 2019.08 [benoit] [Portable WinDbg](https://medium.com/p/c0087e320ddc)\n- 2019.07 [osr] [How L1 Terminal Fault (L1TF) Mitigation and WinDbg Wasted My Morning (a.k.a. Yak Shaving: WinDbg Edition)](https://www.osr.com/blog/2019/07/02/how-l1-terminal-fault-l1tf-mitigation-and-windbg-wasted-my-morning-a-k-a-yak-shaving-windbg-edition/)\n- 2019.06 [360] [《Dive into Windbg系列》Explorer无法启动排查](https://www.anquanke.com/post/id/179748/)\n- 2019.05 [nul] [一个Windbg/cdb极其缓慢的例子](http://www.nul.pw/2019/05/21/281.html)\n- 2019.04 [360] [《Dive into Windbg系列》AudioSrv音频服务故障](https://www.anquanke.com/post/id/176343/)\n- 2019.04 [freebuf] [如何为WinDbg编写ClrMD插件](https://www.freebuf.com/articles/network/198951.html)\n- 2019.03 [aliyun] [为WinDbg和LLDB编写ClrMD扩展](https://xz.aliyun.com/t/4459)\n- 2019.03 [offensive] [Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)](https://www.offensive-security.com/vulndev/development-of-a-new-windows-10-kaslr-bypass-in-one-windbg-command/)\n- 2019.02 [OALabs] [WinDbg Basics for Malware Analysis](https://www.youtube.com/watch?v=QuFJpH3My7A)\n- 2019.01 [TheSourceLens] [Windows Internals - Processes Part 6 of 20 - Process related windbg commands.](https://www.youtube.com/watch?v=Hg0xcpBc6R4)\n- 2019.01 [TheSourceLens] [Introduction to Windbg Series 1 Part 23 - Time travellers tracing ( IDNA )](https://www.youtube.com/watch?v=Is8mZ5kklfw)\n- 2018.09 [pediy] [[原创] 《软件调试》分页机制windbg例子分析(各种填坑)](https://bbs.pediy.com/thread-246768.htm)\n- 2018.08 [pediy] [[翻译]WinDbg内核调试配置方法介绍](https://bbs.pediy.com/thread-246228.htm)\n- 2018.06 [pediy] [[原创]让Windbg在驱动入口前断下来](https://bbs.pediy.com/thread-228575.htm)\n- 2018.05 [criteo] [Extending the new WinDbg, Part 3 – Embedding a C# interpreter](http://labs.criteo.com/2018/05/extending-new-windbg-part-3-embedding-c-interpreter/)\n- 2018.04 [whereisk0shl] [Windbg logviewer.exe缓冲区溢出漏洞](http://whereisk0shl.top/post/2018-04-26)\n- 2018.04 [nettitude] [WinDbg: using pykd to dump private symbols](https://labs.nettitude.com/blog/windbg-using-pykd-to-dump-private-symbols/)\n- 2018.02 [comae] [YARA scans in WinDbg](https://medium.com/p/b98851bf599b)\n\n\n# \u003ca id=\"11a59671b467a8cdbdd4ea9d5e5d9b51\"\u003e\u003c/a\u003eAndroid\n\n\n***\n\n\n## \u003ca id=\"2110ded2aa5637fa933cc674bc33bf21\"\u003e\u003c/a\u003e工具\n\n\n### \u003ca id=\"63fd2c592145914e99f837cecdc5a67c\"\u003e\u003c/a\u003e新添加的1\n\n\n- [**6101**星][3m] [Java] [google/android-classyshark](https://github.com/google/android-classyshark) 分析基于Android/Java的App或游戏\n- [**6094**星][5m] [Java] [qihoo360/replugin](https://github.com/qihoo360/replugin) RePlugin - A flexible, stable, easy-to-use Android Plug-in Framework\n- [**5195**星][19d] [Py] [mobsf/mobile-security-framework-mobsf](https://github.com/MobSF/Mobile-Security-Framework-MobSF) Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.\n- [**5084**星][15d] [HTML] [owasp/owasp-mstg](https://github.com/owasp/owasp-mstg) 关于移动App安全开发、测试和逆向的相近手册\n- [**4882**星][24d] [Java] [guardianproject/haven](https://github.com/guardianproject/haven) 通过Android应用和设备上的传感器保护自己的个人空间和财产而又不损害\n- [**4776**星][12d] [C++] [facebook/redex](https://github.com/facebook/redex) Android App字节码优化器\n- [**4306**星][15d] [Shell] [ashishb/android-security-awesome](https://github.com/ashishb/android-security-awesome) A collection of android security related resources\n- [**3649**星][2m] [C++] [anbox/anbox](https://github.com/anbox/anbox) 在常规GNU / Linux系统上引导完整的Android系统,基于容器\n- [**2314**星][1y] [Java] [csploit/android](https://github.com/csploit/android) cSploit - The most complete and advanced IT security professional toolkit on Android.\n- [**2120**星][9m] [Py] [linkedin/qark](https://github.com/linkedin/qark) 查找Android App的漏洞, 支持源码或APK文件\n- [**2095**星][10m] [jermic/android-crack-tool](https://github.com/jermic/android-crack-tool) \n- [**2051**星][21d] [Py] [sensepost/objection](https://github.com/sensepost/objection) runtimemobile exploration\n- [**2011**星][8m] [Py] [fsecurelabs/drozer](https://github.com/FSecureLABS/drozer) The Leading Security Assessment Framework for Android.\n- [**1976**星][9d] [Java] [kyson/androidgodeye](https://github.com/kyson/androidgodeye) AndroidGodEye:A performance monitor tool , like \"Android Studio profiler\" for Android , you can easily monitor the performance of your app real time in pc browser\n- [**1925**星][7m] [Java] [fuzion24/justtrustme](https://github.com/fuzion24/justtrustme) An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning\n- [**1430**星][11m] [Java] [aslody/legend](https://github.com/aslody/legend) (Android)无需Root即可Hook Java方法的框架, 支持Dalvik和Art环境\n- [**1417**星][1m] [Java] [chrisk44/hijacker](https://github.com/chrisk44/hijacker) Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android\n- [**1241**星][3m] [Java] [whataa/pandora](https://github.com/whataa/pandora) an android library for debugging what we care about directly in app.\n- [**1235**星][2m] [Java] [find-sec-bugs/find-sec-bugs](https://github.com/find-sec-bugs/find-sec-bugs) The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)\n- [**1213**星][2m] [JS] [megatronking/httpcanary](https://github.com/megatronking/httpcanary) A powerful capture and injection tool for the Android platform\n- [**1208**星][4m] [Java] [javiersantos/piracychecker](https://github.com/javiersantos/piracychecker) An Android library that prevents your app from being pirated / cracked using Google Play Licensing (LVL), APK signature protection and more. API 14+ required.\n- [**1134**星][1m] [Java] [huangyz0918/androidwm](https://github.com/huangyz0918/androidwm) 一个支持不可见数字水印(隐写术)的android图像水印库。\n- [**885**星][2m] [C] [504ensicslabs/lime](https://github.com/504ensicslabs/lime) LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures f…\n- [**820**星][11d] [proxymanapp/proxyman](https://github.com/proxymanapp/proxyman) Modern and Delightful HTTP Debugging Proxy for macOS, iOS and Android\n- [**810**星][4m] ","projects_url":"https://awesome.ecosyste.ms/api/v1/lists/alphaseclab%2Fawesome-reverse-engineering/projects"}