IDA7.0 install keypatch and findcrypt-yara plugin
Source https://www.cnblogs.com/zhaijiahui/p/7978897.html
Thank goodness finally installed, and quickly write the method. After looking for the installation method on the Internet for a long time, it is cumbersome and pitiful, but this plug-in uses keystone to have high version requirements.
Keypatch can directly modify the plugin of binary code
Link: https://github.com/keystone-engine/keypatch
Install:
1. Download Keypatch.py and copy it to the plugin directory
IDA 7.0\plugins\Keypatch.py
2. Download and install the keystone python module, 64-bit systems only need to install this one
https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win64.msi
Then you can find Edit->Keypatch in IDA
findcrypt-yara finds a plugin for encryption
Link: https://github.com/polymorf/findcrypt-yara
简介:IDA pro plugin to find crypto constants (and more)
Install:
1. To install yara-python, the easiest way is to use: pip install yara-python
yara-python site: https://github.com/VirusTotal/yara-python
2. Download findcrypt.py and copy it to the plugin directory
IDA 7.0\plugins\findcrypt3.rules
IDA 7.0\plugins\findcrypt3.py
Then you can find Edit->plugins->findcrypt in IDA