Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mixaill/fakepdb

Tool for PDB generation from IDA Pro database
https://github.com/mixaill/fakepdb

cpp debugging ida idapython llvm pdb

Last synced: 4 days ago
JSON representation

Tool for PDB generation from IDA Pro database

Host: GitHub
URL: https://github.com/mixaill/fakepdb
Owner: Mixaill
License: apache-2.0
Created: 2019-03-31T01:25:33.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-05-02T12:30:08.000Z (over 1 year ago)
Last Synced: 2024-02-12T15:16:35.282Z (8 months ago)
Topics: cpp, debugging, ida, idapython, llvm, pdb
Language: C++
Size: 542 KB
Stars: 487
Watchers: 23
Forks: 55
Open Issues: 14
Metadata Files:
- Readme: Readme.md
- License: LICENSE

Awesome Lists containing this project

README

        # FakePDB

Tool for PDB generation from IDA Pro database

Supports:

* IDA >= 7.4

## TODO

* Linux support

* GHIDRA support

* Function arguments support

## How to get

* Download latest release from release page: https://github.com/Mixaill/FakePDB/releases

* Or compile it from sources:

   * run `/build.ps1`

   * grab `fakepdb.zip` from `/~build/deploy`

## How to install

* IDA

  * copy content of `fakepdb.zip/ida` to `/plugins`

## How to use

There are several features in this plugin:

### PDB file generation

  * Open target executable in IDA

  * `Edit` -> `FakePDB` -> `Generate .PDB file` (or `Ctrl`+`Shift`+`4`)

  * get PDB file from the IDA database directory

  The PDB can optionally include symbols for function labels: use `Generate .PDB file (with function labels)` (or `Ctrl`+`Shift`+`5`).

### LIB file generation

  * Open target executable in IDA

  * `Edit` -> `FakePDB` -> `Generate .LIB file`

  * get LIB file from the IDA database directory

### IDA database export to .json

  * Open target executable in IDA >= 7.0

  * `Edit` -> `FakePDB` -> `Dump info to .json` (or `Ctrl`+`Shift`+`1`)

  * it will generate `filename.json` near the `.idb` file

### Binary signature search

  * Open target executable in IDA >= 7.0

  * Set cursor on start of the target function

  * `Edit` -> `FakePDB` -> `Find signature` (or `Ctrl`+`Shift`+`2`)

  * signature will be displayed in IDA console

### Function names import from `.json` file

  * Open target executable in IDA >= 7.0

  * `Edit` -> `FakePDB` -> `Import offset from .json` (or `Ctrl`+`Shift`+`3`)

required file format:

```json

{

   "function_name_1": "0001:123456",

   "function_name_2": "0001:254646",

   "function_name_X": "XXXX:YYYYYY",

   "function_name_Y": "0x0124567AF",

}

```

where:

 * `XXXX`: number of the PE section

 * `YYYY`: offset from the begining of the section in decimal numbers

 * 0x0124567AF: IDA effective address

## Useful links

* Disable PDB validation in WinDbg http://ntcoder.com/bab/2012/03/06/how-to-force-symbol-loading-in-windbg/

## Thanks

Inspired by:

  * pe_debug http://pefrm-units.osdn.jp/pe_debug.html

Based on:

  * LLVM project https://llvm.org/

  * LLD project https://lld.llvm.org/

  

Also take look at:

  * bao https://github.com/not-wlan/bao