[参考]2022 IDA插件大赛结果

2022 IDA插件大赛结果

Hexray原文地址：2022 Plug-In Contest (hex-rays.com)，本文主要对插件进行转载。

We received 9 interesting submissions this year! As usual, many thanks to all the participants for their hard work, and interesting ideas. After having analyzed and deliberated about all the submitted plugins, our panel of judges selected the following winners:

今年我们收到了9个有趣的参赛提交。一如既往，感谢各位参赛者的艰苦努力和奇思妙想。分析和评判所有提交的插件，选出下述三个优胜者：

First prize: ttddbg

Second prize: ida_kcpp

Third prize: FindFunc

获奖作品

ttddbg

Simon Garrelou, Sylvain Peyrefitte of the Airbus CERT Team

ttddbg-1.0.1.zip

ttddbg-ida77-1.0.1-win64.msi

ttd-bindings-dc1ee10e9e7a33ee2f39b388e85f5183a2b17c84.zip

https://github.com/airbus-cert/ttddbg

ttddbg主要允许用户载入Windbg和VisualStudio创建的时间穿越（Time Travel）文件。

关于Time travel：Time Travel Debugging - Overview - Windows drivers | Microsoft Learn

Windbg preview 时间旅行调试（TTD）介绍 - FreeBuf网络安全行业门户

Time Travel Debugging is a tool that allows you to capture a trace of your process as it executes and then replay it later both forwards and backwards. Time Travel Debugging (TTD) can help you debug issues easier by letting you "rewind" your debugger session, instead of having to reproduce the issue until you find the bug.

Time Travel Debugging(TTD)是一种工具，它允许您在进程执行时捕获进程的跟踪，然后在以后向前和向后重放它。 TTD可以帮助您更轻松地调试问题，让您“回溯”调试器会话，而不是在找到错误之前重现问题。

ida_kcpp

Uriel Malin and Ievgen Solodovnykov of Cellebrite Labs

ida_kcpp-main.zip

https://github.com/cellebrite-labs/ida_kcpp

用于对iOS内核缓存进行逆向工程。此插件基于ida_kernalcache插件并在之上构建了便捷的应用程序。该插件使C++ IOKit类更加IOKit-aware. 例如，当重命名 IOKit 类的 vtable 结构中的虚函数时，ida_kcpp 将自动重命名类层次结构中所有 vtable 结构中的成员，以及重命名函数本身。这在构建复杂 IOKit 类的分析时非常方便，这些类可能有几十个超类/子类，每个都有自己的相同虚函数实现。