COMFinder 用于查找标记COM组件中函数的IDA插件
原理在IDAPython中通过pywin32的pythoncom获取COM组件中的原型使用独立的程序获取COM组件中原型对应的虚表
特别注意:由于需要加载dll之后获取虚表,所以千万不要用于恶意程序分析
安装安装IDA的时候,要勾选IDAPython
用IDAPython的pip,安装pywin32
默认情况下,使用命令:C:\python27-x64\Scripts\pip.exe install pywin32
将bin目录三个文件复制到插件目录
默认情况下,在这个目录:C:\Program Files\IDA 7.0\plugins
(principleGet the prototype in the COM component through pywin32's pythoncom in IDAPython
Use a separate program to obtain the virtual table corresponding to the prototype in the COM component
Special attention: Since you need to get the virtual table after loading the dll, don't use it for malicious program analysis
InstallWhen installing IDA, check IDAPython
Use IDAPython's pip to install pywin32
By default, use the command: C:\python27-x64\Scripts\pip.exe install pywin32
Copy the three files in the bin directory to the plugin directory
By default, it is in this directory: C:\Program Files\IDA 7.0\plugins)
页:
[1]