IDAPro 8.3 Green is@Hmily、@Smile a knifeand@Clouds in the skyBased on the leaked IDA Pro 8.3 Windows version,After decompression, run "IDA_Pro_8.3_Greening Tools" to green with one buttonThe green version has three main functions: first, it prohibits unnecessary networking; second, it defaults to Chinese GBK string recognition; and third, it supports the use of green python.
Modification description: 1、According to the diff information provided by UniSoft [EXETOOLS], try to restore the content of the modified IDA file in the leaked version, and then perform the Floating authorization functionCrackingPatch (The leaked version only includes the x86 and x64 Hex Rays Decompiler plug-ins, and we did not package the plug-ins of the old versions of other platforms, so there may be compatibility problems. If necessary, we can use Github.com/x0rloser/ida_dll_shim to solve them). 2. The local area network (LAN) authorization quantity detection (not sending or receiving) and the idb blacklist detection limit are patched, and STORE_USER_INFO is turned off by default. 3. In order to reduce the pressure on the Hex Rays SA server, the IDA will automatically send an upgrade request and a manual upgrade request in more than a week by default, and the patch is disabled (the user's MAC address, IP, KEY, etc. will be uploaded by default when requesting upgrade verification). The function transmission on the IDA BugReport and Send database is disabled. 4. In order to reduce the pressure on the Hex Rays SA server, the IDA Lumina function is disabled by default, including the automatic Lumina analysis option (the user's hostname, IDB path, binary file path, binary MD5, IP, KEY, mailbox, etc. will be uploaded by default for the verification of Lumina related functions). Since the new version of Lumina private service is more cumbersome to set, this article will not repeat it. If you need to use it,Set the corresponding proxy through the IDA Options Lunina Servers function. Please refer to the data for the rest. Please note that using private servers poses privacy risks. 5. The new version of StrongCC v0.3, patching and findcrypt plug-ins have been added to enhance the function of Chinese string recognition, make it easier to modify program code and decompile results, and find encryption algorithms and constants in code. 6. Added the necessary VC green runtime. 7. Made a green version of python 3.11.7 (IDA8.3 does not support version 3.12 very well, and IDA's own code needs to be modified to support it. We use version 3.11 for insurance consideration) 8. The greening tool is made by the cloud in the sky. Its functions include: a. Use green python 3.11.7; b. Set the association between. idb and. i64 database files; c. Set IDA desktop shortcuts; d. Set IDA context menu; e、Custom IDA authorized user name (based on KEYGEN code provided by CZC [EXETLOOLS] God); f. Support uninstalling and clearing the relevant registry keys set by green IDA; g、GPT generates beautiful iconsAnd some detailed inspection reminders.
Note: 1. The green release path should not contain Chinese paths or Chinese symbols. The reason is that IDA did not use QT to correctly transcode Chinese paths in the LoadLibrary. We tried to patch files, but there were many code changes, the hijacking method was not elegant enough, and might cause problems in other languages. Therefore, no special treatment was carried out. 2. UsingGreen Python installation plug-inWhen entering the python311 directory, be sure to use”-M "parameterTo specify running pip as an import module, for example: a、python.exe -m pip list b. Python.exe - m pip install+package name or path 3. If you want to switch to another version of python, you can use the idapyswitch.exe program in the root directory to specify(To use custom python, you need to install the library corresponding to the plug-in, otherwise the plug-in cannot be used, the current green version no longer supports Win7, and you can install version 3.9.3 if necessary). 4. Since IDA 7.7, the acquisition and processing of Chinese system codes have changed, resulting in the default use of UTF-8 codes (rather than the 7.6 version of gb2312 codes), which makes the strings of many Chinese programs unable to be correctly recognized.To solve this problem,@Smile a knifeThe new version of StrongCC v3 has been updated. It can modify the default code used by IDA according to the system language. The Chinese system uses CP936 by default, thus reducing most operations requiring manual code modification. This function can be enabled or disabled through the configuration file (/cfg/StrongCC.cfg, CPACP=true or false). If you use the Chinese system, but the string in the program is not GBK code, or you cannot determine the language and code of the string, you can set it according to the following steps: a. Select Options - General - Strings in the IDA menu, and then set the "Default 8-bit" to UTF-8 (or the corresponding language code). b. Select Options - General - Analysis - Reanalyze program in the IDA menu to let IDA reanalyze the program. c. If you have analyzed the string before, you need to right click Rebuild in the Strings window to let IDA rebuild the string. 5. The IDA83_SDK_TOOLS.7z file in the root directory is related to the IDA 8.3 SDK. It can be deleted if it is not needed and will not affect the use.
Thanks to the sharing provided by UniSoft [EXETOOLS], so that we can restore the original files according to the corresponding information. Most importantly, we should thank Hex Rays SA for bringing us such a good tool, and strongly encourage users to support the genuine version, so that the software can be continuously improved and updated.Without the permission of the software author, the above contents shall not be used for commercial purposes or copyright infringement.All consequences arising from the use of this tool shall be borne by the user, and has nothing to do with the provider. This content is only for learning and research.
File HASH (2024.2.26, repair the problem of opening some old IDBs and reporting errors): Size: 484004240 bytes MD5: E7845017EAD39FE3BAB870B55A685189 SHA1: BECFA776C57A2E1DB3AF759AF8EE74472E9EA2EF CRC32: E086F3C9
Make good use of it before posting【Forum Search】Function. There may be the answer you are looking for or someone has already published the same content. Please do not repeat posting.
Because the previous key permission settings were read-only, repackaging and deletion did not consider the default of not writing. You can download the newly repackaged key again, or select custom settings and then customize the key information.
Building owner|HmilyPublished on2024-1-30 15:13|Building owner
Lzllzl Published on 2024-1-30 14:41 I downloaded ida.dll shim for IDA v8.3 and replaced two ddl files, but this error still appears. My file's arm64 So text of
The ida_dll_shim is only used to manage {past} {filter} functions. You can find a translator to see how others need to operate, and then find the corresponding old version of f5 to put it in.
