Last active
February 19, 2020 17:06
-
-
Save ikonst/ebae548dac7934dc0bdf to your computer and use it in GitHub Desktop.
Adds IDA symbols as WinDbg synthetic symbols
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Adds IDA symbols as WinDbg synthetic symbols | |
| // | |
| // Original code by 'blabb'. | |
| // | |
| // See: | |
| // http://www.woodmann.com/forum/entry.php?262-addsym-windbg-extension-%28extension-to-load-names-from-ida-to-windbg%29 | |
| // http://reverseengineering.stackexchange.com/questions/3850/importing-list-of-functions-and-addresses-into-windbg | |
| #include <engextcpp.hpp> | |
| #include <iostream> | |
| #include <fstream> | |
| #include <string> | |
| #include <tchar.h> | |
| using namespace std; | |
| class EXT_CLASS : public ExtExtension | |
| { | |
| public: | |
| EXT_COMMAND_METHOD(addsym); | |
| }; | |
| EXT_DECLARE_GLOBALS(); | |
| // takes two arguments first is an exprssion second is a string (path of idasymbol file) | |
| // !addsym modulename viz nt / address viz 0x804d7200 etc c:\idasym\xxx.idasym | |
| EXT_COMMAND( | |
| addsym, | |
| "windbg extension to use names that are generated by ida \n do .reload /f MODULE.ext=base,size prior to using this extension", | |
| "{;e;MODULE;An expression or address like nt / 0x804d7000 }{;x;path;path to idasym file \nviz c:\\idasym\\MODULE.EXT.idasym}" | |
| ) | |
| { | |
| ULONG offset, size; | |
| ifstream ifs ,fs; | |
| char *symoff; | |
| string inbuff,buff; | |
| int i = 0; | |
| int j = 1; | |
| ULONG64 imagebase = GetUnnamedArgU64(0); | |
| ifs.open(GetUnnamedArgStr(1)); | |
| if ( (ifs.rdstate() & ifstream::failbit ) != 0) | |
| { | |
| Out("failed to open idasym file\n"); | |
| goto exit; | |
| } | |
| do | |
| { | |
| i++; | |
| }while ( getline(ifs,inbuff) != NULL); | |
| Out("total symbols in idasym file is %d press ctrl+break to interrupt symbol resolving \n",i-1); | |
| ifs.close(); | |
| fs.open(GetUnnamedArgStr(1)); | |
| if ( (fs.rdstate() & ifstream::failbit ) != 0) | |
| { | |
| Out("failed to open idasym file\n"); | |
| goto exit; | |
| } | |
| i = 0; | |
| while ( getline(fs,buff) != NULL) | |
| { | |
| i++; | |
| if (m_Control3->GetInterrupt() == S_OK) | |
| { | |
| break; | |
| } | |
| offset = strtoul(buff.c_str(),&symoff,16); | |
| if (*symoff == '-') | |
| { | |
| ++symoff; | |
| size = strtoul(symoff,&symoff,16) - offset; | |
| } | |
| else | |
| size = 4; | |
| ++symoff; | |
| m_Symbols3->AddSyntheticSymbol((imagebase + offset),size,symoff,DEBUG_ADDSYNTHSYM_DEFAULT,NULL); | |
| if (i == 500) | |
| { | |
| Out("%d symbols resolved\n",i*j); | |
| i = 0; | |
| j++; | |
| } | |
| } | |
| Out("total %d symbols resolved \n",((500*(j-1))+i) ); | |
| fs.close(); | |
| exit: | |
| Out("done\n"); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <idc.idc> | |
| static main(void) | |
| { | |
| auto temp,elfaw_new ,baseofcode,tosubtract,symfile,segstart,segend,i,outfile,symname; | |
| // idafree doesnt seem to know anything about pe header HACK to get stuff | |
| temp = fopen(GetInputFilePath(),"rb"); | |
| fseek(temp,0x3c,0); //to Read IMAGE_DOS_HEADER->elfaw_new | |
| elfaw_new = readlong(temp,0); | |
| fseek(temp,(elfaw_new+0x2c),0); //to read _IMAGE_NT_HEADERS->OptionalHeader->BaseofCode | |
| baseofcode = readlong(temp,0); | |
| // The following didn't work for kernel drivers: | |
| // tosubtract = FirstSeg()-baseofcode; | |
| tosubtract = FirstSeg(); | |
| fclose(temp); | |
| symfile = "c:\\IDASYM\\" + GetInputFile() + ".idasym"; | |
| outfile = fopen( symfile,"w"); | |
| if (!outfile) | |
| { | |
| Message("failed to create file %s\n check if c:\\idasym folder exists",symfile); | |
| } | |
| else | |
| { | |
| Message("creating idasym file %s\n",symfile); | |
| segstart = 0; | |
| do | |
| { | |
| segstart = NextSeg(segstart); | |
| segend = SegEnd(segstart); | |
| for ( i = 0 ; i < segend-segstart ; i++) | |
| { | |
| symname = Name( segstart+i ) ; | |
| // discarding DOC AND UNDOC dummy names (does pro ida have convinience funcs ? must be tedious without them :( ) | |
| if ( | |
| (symname != "" ) && | |
| (substr(symname,0,4) != "sub_") && | |
| (substr(symname,0,7) != "locret_") && | |
| (substr(symname,0,4) != "loc_" ) && | |
| (substr(symname,0,4) != "off_" ) && | |
| (substr(symname,0,4) != "seg_" ) && | |
| (substr(symname,0,4) != "asc_" ) && | |
| (substr(symname,0,5) != "byte_" ) && | |
| (substr(symname,0,5) != "word_" ) && | |
| (substr(symname,0,6) != "dword_" ) && | |
| (substr(symname,0,5) != "qword_" ) && | |
| (substr(symname,0,4) != "flt_" ) && | |
| (substr(symname,0,4) != "dbl_" ) && | |
| (substr(symname,0,6) != "tbyte__" ) && | |
| (substr(symname,0,5) != "stru_" ) && | |
| (substr(symname,0,5) != "algn_" ) && | |
| (substr(symname,0,6) != "oword_" ) && | |
| (substr(symname,0,4) != "unk_" ) | |
| ) | |
| { | |
| auto end = GetFunctionAttr(segstart+i, FUNCATTR_END); | |
| fprintf(outfile,"%08x", ((segstart+i)-tosubtract)); | |
| // If we have the end offset (e.g. a function), add it. | |
| if (end != -1) | |
| fprintf(outfile, "-%08x", end - tosubtract); | |
| fprintf(outfile,",%s\n", Name( segstart+i ) ); | |
| } | |
| } | |
| }while (segend != BADADDR); | |
| fclose(outfile); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment