Experimenting with IDA 5.2s scriptable debugger
 Paolo Palumbo (Paolo) <Ppalumbo1979 gmail com> |
Saturday, December 1 2007 20:27.00 CST |
Recently, IDA 5.2 has been released, bearing as usual a lot of cool features and bugfixes. One of the most interesting additions was the so-called scriptable debugger. Today, I had a bit of free time, and decided to experiment with that.
In a very limited time, I coded a simple API monitor to spy over file-write operations on executable files (for example done by some malware). For the curious ones, I have uploaded the script to my repository: the code is just an experiment and is not all that useful - but it shows anyway how easy it is to use the new IDC commands.
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |