IDA – Interactive Disassembler Macros Page

Posted on August 21, 2008, 1:40 pm, by Alexander Sandler, under Resources.

This page presents IDA macros I’ve written.

Load PE/COFF symbols
Introduction
Download
Installation and use
Same script but in a standalone version

Load PE/COFF symbolsBACK TO TOC

IntroductionBACK TO TOC

It appears that when IDA parses symbols of Windows applications compiled with gcc (cygwin), it does not load symbol names properly. I.e. instead of real function names, you see things like sub_401064.

The problem is that gcc uses stores symbol information in slightly different manner, which IDA does not understand. The macro below fixes this.

DownloadBACK TO TOC

Grab it here.

Installation and useBACK TO TOC

To install it, do the following:

  1. Close all instances of IDA.
  2. Put it in idc directory, in IDA’s installation directory.
  3. Start IDA

After installing the script, the script will automatically process every binary file you open and fix the symbols if it sees gcc‘s symbol table format.

You can see it works if you see following line in the log window.

-------- PE/COFF Symbol Name Parser ------------------

Same script but in a standalone versionBACK TO TOC

This is a standalone version of the same script. Grab it here. To run it, save it somewhere on your computer and run it via File->IDC File menu.

Bookmark: digg, del.icio.us, reddit, stumbleupon, technorati, twitter, google, yahoo, facebook
Tags: , , , ,
Comment (RSS)  |  Trackback

Did you know that you can receive periodical updates with the latest articles that I write right into your email box? Alternatively, you subscribe to the RSS feed!

Want to know how? Check out
Subscribe page

Leave a Reply

Prove you are not a computer or die *

«
»