Skip to content

4.37 Portable IDA+IDAPython

https://scz.617.cn/python/202011182246.txt

Q:

IDA已经绿色化,现在不想让IDA去找安装过的Python,事实上也没安装Python,但又 需要用IDAPython。启动IDA时提示:

LoadLibrary(X:\Green\IDA\plugins\idapython3.dll) error: 找不到指定的模块。 X:\Green\IDA\plugins\idapython3.dll: can't load file

启动后底部没有Python命令栏。

A: zyh 2020-11-18

下载便携版Python

https://www.python.org/downloads/ https://www.python.org/downloads/release/python-390/ https://www.python.org/ftp/python/3.9.0/python-3.9.0-embed-amd64.zip

从python-3.9.0-embed-amd64.zip中析取如下文件:

python3.dll python39.dll python39.zip python39._pth _ctypes.pyd libffi-7.dll

复制到IDA根目录,比如:

X:\Green\IDA\

一般情况下已经可以使用IDAPython。如果再有问题,用Process Monitor监控 ida64.exe,补齐缺失的组件。从此随意移动IDA根目录到别处使用。

D: scz 2020-11-19

按前述办法简单处理后,在IDA的Python命令栏已经可以执行很多Python代码,但毕 竟Python环境不完善,有可能在后续使用中碰上问题,见招拆招。

比如,在IDA的Python命令栏输入"import socket",提示:

Traceback (most recent call last): File "", line 1, in File "", line 259, in load_module File "socket.py", line 51, in ModuleNotFoundError: No module named '_socket'

此时需要复制如下文件到IDA根目录:

_socket.pyd select.pyd

我是怎么知道的呢?愣试是一种办法,我则是用Process Monitor监控便携版 python.exe,在后者中"import socket",看它加载了哪些文件。

偷懒的话,把python-3.9.0-embed-amd64.zip中所有文件复制到IDA根目录好了,一 堆pyd、dll文件。不过IDAPython编程比较特殊,很可能不需要那些库。

D: scz 2020-11-20

IDAPython可能会去找这些注册表项:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Python\PythonCore\3.9\InstallPath] @="C:\Python39\" "ExecutablePath"="C:\Python39\python.exe" "WindowedExecutablePath"="C:\Python39\pythonw.exe"

[HKEY_CURRENT_USER\SOFTWARE\Python\PythonCore\3.9\PythonPath] @="C:\Python39\Lib\;C:\Python39\DLLs\"

找不着时有其他尝试。便携版Python肯定没有这些注册表项,安装版Python有。

Q:

IDA 7.6 SP1已经绿色化。按前述办法将Python相关文件置于IDA相关目录,启动时告 警:

WARNING: Python 3 is not configured (Python3TargetDLL value is not set). Please run idapyswitch to select a Python 3 install.

IDA 7.5系列无此问题。

A: scz 2021-05-01

IDA 7.6相比IDA 7.5在寻找Python解释引擎的套路上有变,后者会尝试当前目录,前 者不会。7.6有个idapyswitch.exe用于处理此事,如欲使用当前目录下的Python引擎, 可以这样:

$ idapyswitch.exe --force-path .\python3.dll

它实际设置注册表项

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Hex-Rays\IDA] "Python3TargetDLL"=".\python39.dll"

reg.exe delete "HKCU\SOFTWARE\Hex-Rays\IDA" /v "Python3TargetDLL" /f reg.exe add "HKCU\SOFTWARE\Hex-Rays\IDA" /v "Python3TargetDLL" /t REG_SZ /d ".\python39.dll" /f reg.exe query "HKCU\SOFTWARE\Hex-Rays\IDA" /v "Python3TargetDLL"

若不想固定在3.9版,可以这样:

reg.exe add "HKCU\SOFTWARE\Hex-Rays\IDA" /v "Python3TargetDLL" /t REG_SZ /d ".\python3.dll" /f

让python3.dll去找具体的python3x.dll