ida for mac 插件配置 tips

yara:

sudo pip install yara-python,不行下载安装

vim /usr/local/lib/python2.7/site-packages/yara/libyara_wrapper.py

修改308行左右

else:
    #dllpath = os.path.join(sys.prefix, 'lib')
    dllpath = os.path.join("/usr/local/Frameworks/Python.framework/Versions/2.7/", 'lib')
    library = os.path.join(dllpath, 'libyara.so')

默认从系统目录找,系统Frameworks目录不可写,自然找不到so文件

keystone:

A2. MacOS

The macOS python is universal binary, so does not need to discuss the situation(x86, x64).

Compiling dynamic library(libkeystone.dylib) depends on cmake and compiler(llvm clang, gcc).

Quick start steps:

Install the core & Python module of Keystone with the following command:

  • install brew
    /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
  • install cmake
    brew install cmake
  • install keystone-engine
    sudo pip install keystone-engine
    • Check Method ( Whether the installation is successful? ):
      • You enter this in the console of idaNormal result:
        Python>print keystone 
        <module 'keystone.keystone' from '/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/python/keystone/keystone.py'> Python>print keystone.arm_const <module 'keystone.arm_const' from '/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/python/keystone/arm_const.py'>

         

      • enter this in the python standard consoleNormal result:
        Python 2.7.13 (default, Jul 18 2017, 09:17:00) 
        [GCC 4.2.1 Compatible Apple LLVM 8.1.0 (clang-802.0.42)] on darwin Type "help", "copyright", "credits" or "license" for more information. 
        >>> import keystone 
        >>> print keystone 
        <module 'keystone' from '/usr/local/lib/python2.7/site-packages/keystone/__init__.pyc'> >>> print keystone.arm_const <module 'keystone.arm_const' from '/usr/local/lib/python2.7/site-packages/keystone/arm_const.pyc'> >>>

         

If there are cmake and compiler, then install only the core & Python module of Keystone with the following command:

$ sudo pip install keystone-engine

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注