用IDA逆向时,有时会碰到外文或者Unicode中文甚至UTF-8编码的中文,但IDA无法显示这2种中文,更不用说碰到比如韩语、日语等他国语言,想要弄懂字符串的意思,要复制出来->转码->翻译,相当之麻烦。
是否碰到过这种情况
[/url]
真想能这样
[url=http://bbs.pediy.com/attachment.php?attachmentid=93706&d=1416314679]
事实是这样的
[/url]
好了,有了Google Translate后一切都结束了,本脚本支持世界上一切语言(ANSI Code Page和Unicode)的自动识别和翻译(如果太短或者多语言混合识别率低要手动指定语言),支持Unicode中文(UTF-16/UTF-8)自动转GBK,IDA里从此再没有编码困扰。
使用需知:
本机需要装有python,安装[url=https://pip.pypa.io/en/latest/installing.html]pip,并使用pip安装下面两个库
pip install goslate
pip install chardet
另外,由于Google服务经常被墙,建议开梯子使用本脚本,不然失败概率很高。
就算开了梯子,由于网络原因有时也会失败,可以多来几次。
跑起脚本后,会自动注册快捷键,默认支持以下几种模式,由于Fx和Shift+Fx都是自动识别编码,之所以分开是暂时无法自动识别ANSI/UTF-8类无'\0'编码和UTF-16LE编码的,这里需要人肉确认。Ctrl+Fx是翻译指定语言用的,可以任意修改。当字符串过短时语言识别会概率低,默认低于60%的可能性就要求人工指定源语言。
Use F3 translate ANSI/UTF-8 to Chinese
Use F4 translate ANSI/UTF-8 to English
Use Ctrl-F3 translate Korea to Chinese
Use Ctrl-F4 translate Korea to English
Use Shift-F3 translate Unicode to Chinese
Use Shift-F4 translate Unicode to English
-----------------放python---------------
# -*- coding: utf-8 -*-
# Translate current string in IDA Pro
# author : fuyzen@gmail.com
# install:
# easy_install goslate
# easy_install chardet
import struct
import re
def read_string(ea, coding=''):
bytes = []
if coding == 'utf-16':
# Read UCS-2LE in Windows
while Word(ea) != 0:
bytes.Append(struct.pack('H', Word(ea)))
ea += 2
else:
# Read ANSI or UTF-8
while Byte(ea) != 0:
bytes.append(struct.pack('B', Byte(ea)))
ea += 1
s = ''.join(bytes)
print 'processing:',
# if codepage is not given manually, anto detect
if coding == '':
# detect codepage
import chardet
codepage = chardet.detect(s)
print 'codepage may', codepage['encoding'], \
'confidence', codepage['confidence']
if codepage['confidence'] < 0.6:
print 'Auto detect may not precise enough. Please give manually.'
return
coding = codepage['encoding']
return s.decode(coding)
# call Google Translate
# sometime it would fail, try again
def google_trans(u, dstLan, dstCoding):
s = ''
if u:
try:
#call Google Translate
import goslate
gs = goslate.Goslate()
s = gs.translate(u, dstLan).encode(dstCoding)
except:
print 'translate error, try again!'
return s
def is_utf16_has_chinese(u):
# have chinese?
return re.match(u'[\u4e00-\u9fa5]+', u)
# arg0: current address in IDA
# arg1: soutce coding, can be auto detected. If detect result is wrong, can be set manually.
# it can be utf-8/utf-16/gb2312/big5/euc-kr etc...
# arg2: dest language,default 'zh-cn'
# arg3: dest coding,default 'gbk'
def translate(ea, srcCoding='', dstLan='zh-cn', dstCoding='gbk'):
u = read_string(ea, srcCoding)
s = None
if u:
if is_utf16_has_chinese(u) and dstLan.lower() == 'zh-cn':
# if the string contain Chinese, direct encode to gbk
s = u.encode('gbk')
else:
s = google_trans(u, dstLan, dstCoding)
if s:
Message(dstLan + ' result: ' + s + '\n')
return s
# ------------translate funcitons------------
# ANSI、UTF-8 to Chinese
def trans2cn():
s = translate(ScreenEA())
if s : MakeRptCmt(ScreenEA(), s)
# ANSI、UTF-8 to English
def trans2en():
s = translate(ScreenEA(), dstLan='en', dstCoding='ascii')
if s : MakeRptCmt(ScreenEA(), s)
# euc-kr to Chinese
def trans_kr2cn():
s = translate(ScreenEA(), 'euc-kr')
if s : MakeRptCmt(ScreenEA(), s)
# euc-kr to English
def trans_kr2en():
s = translate(ScreenEA(), 'euc-kr', 'en', 'ascii')
if s : MakeRptCmt(ScreenEA(), s)
# Windows Unicode(UTF-16LE) to Chinese
def trans2cn_u():
s = translate(ScreenEA(), 'utf-16')
if s : MakeRptCmt(ScreenEA(), s)
# Windows Unicode(UTF-16LE) to English
def trans2en_u():
s = translate(ScreenEA(), 'utf-16', 'en', 'ascii')
if s : MakeRptCmt(ScreenEA(), s)
#-------------------------------------
def add_hot_key(key, str_func):
idaapi.CompileLine('static %s() { RunPythonStatement("%s()"); }'%(str_func, str_func))
AddHotkey(key, str_func)
if __name__ == '__main__':
# set hotkeys
add_hot_key('F3', 'trans2cn');
add_hot_key('F4', 'trans2en');
add_hot_key('Ctrl-F3', 'trans_kr2cn');
add_hot_key('Ctrl-F4', 'trans_kr2en');
add_hot_key('Shift-F3', 'trans2cn_u');
add_hot_key('Shift-F4', 'trans2en_u');
print '-----------------------------------------'
print 'Use F3 translate ANSI/UTF-8 to Chinese'
print 'Use F4 translate ANSI/UTF-8 to English'
print 'Use Ctrl-F3 translate Korea to Chinese'
print 'Use Ctrl-F4 translate Korea to English'
print 'Use Shift-F3 translate Unicode to Chinese'
print 'Use Shift-F4 translate Unicode to English'
print '-----------------------------------------'
# if auto detect is wrong, temporary manually given here
# s = translate(ScreenEA(), 'euc-kr')
# if s : MakeRptCmt(ScreenEA(), s)
直接下载链接:
idaStrTrans.zip.
|
/5 
已绑定手机
已实名认证
变色卡