Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jhftss/IDA2Obj

Static Binary Instrumentation
https://github.com/jhftss/IDA2Obj

Last synced: 22 days ago
JSON representation

Static Binary Instrumentation

Host: GitHub
URL: https://github.com/jhftss/IDA2Obj
Owner: jhftss
License: gpl-3.0
Created: 2021-08-08T08:32:37.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-09-24T02:39:54.000Z (about 3 years ago)
Last Synced: 2024-06-06T20:05:02.258Z (6 months ago)
Language: Python
Size: 4.28 MB
Stars: 117
Watchers: 8
Forks: 15
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - jhftss/IDA2Obj - Static Binary Instrumentation (Python)

README

# IDA2Obj

__IDA2Obj__ is a tool to implement __SBI (Static Binary Instrumentation)__.

The working flow is simple:

- Dump __object files (COFF)__ directly from one executable __binary__.
- __Link__ the __object files__ into a new binary, almost the same as the old one.
- During the dumping process, you can __insert any data/code at any location__.
- __SBI__ is just one of the using scenarios, especially useful for black-box fuzzing.

## How to use

0. Prepare the enviroment:
- Set `AUTOIMPORT_COMPAT_IDA695 = YES` in the `idapython.cfg` to support the API with old IDA 6.x style.
- Install dependency: `pip install cough`

1. Create a folder as the workspace.

2. Copy the target binary which you want to fuzz into the workspace.

3. Load the binary into IDA Pro, choose __Load resources__ and __manually load__ to load __all__ the segments from the binary.

4. Wait for the auto-analysis done.

5. Dump object files by running the script `MagicIDA/main.py`.

- The output object files will be inside `${workspace}/${module}/objs/afl`.
- If you create an empty file named `TRACE_MODE` inside the workspace, then the output object files will be inside `${workspace}/${module}/objs/trace`.
- By the way, it will also generate 3 files inside `${workspace}/${module}` :
- exports_afl.def (used for linking)
- exports_trace.def (used for linking)
- hint.txt (used for patching)

6. Generate lib files by running the script `utils/LibImports.py`.

- The output lib files will be inside `${workspace}/${module}/libs`, used for linking later.

7. Open a terminal and change the directory to the workspace.

8. Link all the object files and lib files by using `utils/link.bat`.

- e.g. `utils/link.bat GdiPlus dll afl /RELEASE`
- It will generate the new binary with the pdb file inside `${workspace}/${module}`.

9. Patch the new built binary by using `utils/PatchPEHeader.py`.

- e.g. `utils/PatchPEHeader.py GdiPlus/GdiPlus.afl.dll`
- For the first time, you may need to run `utils/register_msdia_run_as_administrator.bat` as administrator.

10. Run & Fuzz.

## More details

__HITB Slides__ : https://github.com/jhftss/jhftss.github.io/blob/main/res/slides/HITB2021SIN%20-%20IDA2Obj%20-%20Mickey%20Jin.pdf

__Demo__ : https://drive.google.com/file/d/1N3DXJCts5jG0Y5B92CrJOTIHedWyEQKr/view?usp=sharing