逆向调试好帮手:神算子偏移计算工具
做逆向调试的小伙伴应该都遇到过这种问题:在同时使用两大神器OD(或Windbg)和IDA逆向某程序时,调试中模块基址经常变化,而在IDA中默认为0x400000(或0x10000000),所以在调试到某个点想到IDA整体对比分析一下的时候,发现计算地址真的好麻烦,特别时在经常需要计算的时候,这个问题尤为明显。(Small partners doing reverse debugging should have encountered this problem: when using two artifacts OD (or Windbg) and IDA to reverse a program at the same time, the module base address often changes during debugging, and the default is 0x400000 in IDA (or 0x10000000), so when I thought about the overall comparison and analysis of IDA at a certain point of debugging, I found that calculating the address is really troublesome. This problem is especially obvious when calculations are often needed.)
页:
[1]