(Ida Pro)找出哪些函数使用导入符号
[英](Ida Pro) Find out which functions use the import symbol
问题描述
I am new to Ida and I need to use it to identify which functions within the executable call one of these. 
我是Ida的新手,我需要用它来识别可执行文件中的哪些函数调用其中一个。 I am trying to find a way a packet is encrypted as a security exercise. 我试图找到一种方法将数据包加密为安全练习。 Lets say I want to look at the imports window and see these, does that mean that those are the only functions referenced in the executable? 让我们说我想查看导入窗口并看到这些,这是否意味着那些是可执行文件中引用的唯一函数? How can I find where sendto is referenced? 如何找到引用sendto的位置? I tried to search it by name but the search takes forever and does not seem to find anything. 我试图按名称搜索它,但搜索需要永远,似乎没有找到任何东西。
Address Ordinal Name Library 地址序号库
------- ------- ---- ------- ------- ------- ---- -------
0109150C 111 imp_WSAGetLastError WS2_32 0109150C 111 imp_WSAGetLastError WS2_32
01091524 101 __imp_WSAAsyncSelect WS2_32 01091524 101 __imp_WSAAsyncSelect WS2_32
0109157C freeaddrinfo WS2_32 0109157C freeaddrinfo WS2_32
01091578 getaddrinfo WS2_32 01091578 getaddrinfo WS2_32
01091548 57 __imp_gethostname WS2_32 01091548 57 __imp_gethostname WS2_32
01091518 52 __imp_gethostbyname WS2_32 01091518 52 __imp_gethostbyname WS2_32
01091530 23 __imp_socket WS2_32 01091530 23 __imp_socket WS2_32
01091528 21 __imp_setsockopt WS2_32 01091528 21 __imp_setsockopt WS2_32
01091554 20 sendto WS2_32 01091554 20发送到WS2_32
0109154C 19 __imp_send WS2_32 0109154C 19 __imp_send WS2_32
01091574 18 __imp_select WS2_32 01091574 18 __imp_select WS2_32
01091558 17 recvfrom WS2_32 01091558 17来自WS2_32
01091550 16 __imp_recv WS2_32 01091550 16 __imp_recv WS2_32
01091508 15 __imp_ntohs WS2_32 01091508 15 __imp_ntohs WS2_32
01091514 14 ntohl WS2_32 01091514 14 ntohl WS2_32
01091540 13 __imp_listen WS2_32 01091540 13 __imp_listen WS2_32
0109151C 12 __imp_inet_ntoa WS2_32 0109151C 12 __imp_inet_ntoa WS2_32
01091520 11 __imp_inet_addr WS2_32 01091520 11 __imp_inet_addr WS2_32
01091580 10 __imp_ioctlsocket WS2_32 01091580 10 __imp_ioctlsocket WS2_32
01091568 115 __imp_WSAStartup WS2_32 01091568 115 __imp_WSAStartup WS2_32
01091538 9 __imp_htons WS2_32 01091538 9 __imp_htons WS2_32
01091534 3 __imp_closesocket WS2_32 01091534 3 __imp_closesocket WS2_32
0109152C WSAIoctl WS2_32 0109152C WSAIoctl WS2_32
01091510 8 htonl WS2_32 01091510 8 htonl WS2_32
01091570 151 __imp _WSAFDIsSet WS2_32 01091570 151 __imp _WSAFDIsSet WS2_32
0109155C 7 getsockopt WS2_32 0109155C 7 getsockopt WS2_32
0109153C 2 __imp_bind WS2_32 0109153C 2 __imp_bind WS2_32
01091564 6 getsockname WS2_32 01091564 6 getsockname WS2_32
01091560 5 getpeername WS2_32 01091560 5 getpeername WS2_32
01091544 1 __imp_accept WS2_32 01091544 1 __imp_accept WS2_32
01091584 4 __imp_connect WS2_32 01091584 4 __imp_connect WS2_32
0109156C 116 __imp_WSACleanup WS2_32 0109156C 116 __imp_WSACleanup WS2_32
1 个解决方案
解决方案1
10 已采纳
If you want to find where the imported function is used, I have in the Import view this MessageBoxA function: 如果你想找到导入函数的使用位置,我在Import视图中有这个MessageBoxA函数:
00406160 MessageBoxA USER32
double click on it, it will gets you to the IDA View and you will see something like: 双击它,它会让你进入IDA视图,你会看到类似的东西:
.idata:00406160 ; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
.idata:00406160 extrn __imp_MessageBoxA:dword ; DATA XREF: MessageBoxA^r
click on the function name, MessageBoxA , it will becomes yellow, then click X on the keyboard or right click on the function and then choose Jump to xref to operand ... . 单击函数名称MessageBoxA ,它将变为黄色,然后单击键盘上的X或右键单击该函数,然后选择Jump to xref to operand .... You will go to where the function is used or you will see dialog box if it's called from more than one place. 您将转到使用该函数的位置,或者如果从多个位置调用它,您将看到对话框。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.