Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/giantbranch/mipsaudit
IDA MIPS静态扫描脚本,汇编审计辅助脚本
https://github.com/giantbranch/mipsaudit
ida-mips ida-plugin idapython mipsaudit
Last synced: about 1 month ago
JSON representation
IDA MIPS静态扫描脚本,汇编审计辅助脚本
- Host: GitHub
- URL: https://github.com/giantbranch/mipsaudit
- Owner: giantbranch
- Created: 2019-06-05T02:18:28.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-11-25T06:13:18.000Z (almost 3 years ago)
- Last Synced: 2024-05-27T12:13:21.795Z (4 months ago)
- Topics: ida-mips, ida-plugin, idapython, mipsaudit
- Language: Python
- Homepage: http://www.giantbranch.cn/
- Size: 233 KB
- Stars: 169
- Watchers: 6
- Forks: 39
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
# IDAPython mipsAudit
## 简介
这是一个简单的IDAPython脚本。
进一步来说是MIPS静态汇编审计辅助脚本。
可能会有bug,欢迎大家完善。
## 功能
辅助脚本功能如下:
1. 找到危险函数的调用处,并且高亮该行(也可以下断点,这个需要自己去源码看吧)
2. 给参数赋值处加上注释
3. 最后以表格的形式输出函数名,调用地址,参数,还有当前函数的缓冲区大小
**大家双击addr那一列的地址,即可跳到对应的地址处**
![17cc62c98820974f8c759dc086dd5acb](17cc62c98820974f8c759dc086dd5acb.png)
![28069d48cf3f357dd83e42406e10d980](28069d48cf3f357dd83e42406e10d980.png)
## 审计的危险函数如下
```
dangerous_functions = [
"strcpy",
"strcat",
"sprintf",
"read",
"getenv"
]attention_function = [
"memcpy",
"strncpy",
"sscanf",
"strncat",
"snprintf",
"vprintf",
"printf"
]command_execution_function = [
"system",
"execve",
"popen",
"unlink"
]
```## 使用
File - Script file
![1561006651468](./1561006651468.png)
选择mipsAudit.py
![1561006737134](./1561006737134.png)
即可看到效果
![mipsAudit](./mipsAudit.png)
双击地址即可跳到对应的代码处
![1561006887117](./1561006887117.png)