Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/utkonos/lst2x64dbg

Extract labels from IDA, Ghidra, Binary Ninja, and Relyze files and export x64dbg database. Including radare2 main address.
https://github.com/utkonos/lst2x64dbg

binary-ninja extract-labels ghidra ida labels radare2 relyze symbol-table

Last synced: 3 months ago
JSON representation

Extract labels from IDA, Ghidra, Binary Ninja, and Relyze files and export x64dbg database. Including radare2 main address.

Host: GitHub
URL: https://github.com/utkonos/lst2x64dbg
Owner: utkonos
License: gpl-3.0
Created: 2019-06-15T23:27:35.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-11-14T01:18:19.000Z (about 1 year ago)
Last Synced: 2024-08-03T10:01:54.518Z (6 months ago)
Topics: binary-ninja, extract-labels, ghidra, ida, labels, radare2, relyze, symbol-table
Language: Python
Homepage:
Size: 2.11 MB
Stars: 107
Watchers: 11
Forks: 13
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# lst2x64dbg
This command extracts all the labels found in the LST file that is given as
the single argument. An x64dbg database is created in the current directory
based on the extracted labels.

The LST file can be generated in IDA from the **File** menu: **Produce file -> Create LST file...**

## Example

$ lst2x64dbg sample.lst

# ghidra2x64dbg
This command extracts all the labels found in the CSV file that is given as
the single argument. An x64dbg database is created in the current directory
based on the extracted labels. The imagebase value must be supplied.

The CSV file can be generated in Ghidra from the **Window** menu by selecting **Symbol Table**

In the symbol table window that opens, sort the data by the **Location** column. Then select all
symbols that are *not* external locations. With the desired symbols selected, right click and select:
**Export -> Export to CSV...**

**NOTE: If you happen to select external locations, they will be ignored.**

![Symbol Table](/images/symbol_table.png)

Name this file `.csv`

## Example

$ ghidra2x64dbg -i 400000 sample.csv

The imagebase value can be found at the very top of the disassembly panel in the CodeBrowser window.
It's part of the DOS header.

![Image Base](/images/imagebase.png)

## Configuration for More Labels

Ghidra has one analysis option that is off by default that can provide more labels for code in a sample in certain situations. This option, `WindowsPE x86 Propagate External Parameters` is found in the Analysis Options window when a sample is first opened in the CodeBrowser tool.

![Analysis Options](/images/ghidra_more_labels.png)

# binja2x64dbg
This command extracts all the labels found in a Binary Ninja bnida JSON file given as a single argument.
An x64dbg database is created in the current directory based on the extracted labels. The imagebase value
must be supplied.

To generate a bnida file from Binary Ninja, one must first install the plugin according to the instructions:

https://zznop.github.io/bnida/

Once the executable is loaded in Binary Ninja, navigate to the **Tools** menu and select **bnida: Export analysis data**.

![BinaryNinja](/images/binja.png)

Name this file `.json`

## Example

$ binja2x64dbg -i 400000 sample.json

# relyze2x64dbg
This command extracts all the labels found in a x64dbg database generated by Relyze given as a single argument.
An x64dbg database is created in the current directory based on the extracted labels.

To generate a x64dbg database in Relyze, simply open the executable and in the **Code** view, right click, and export.

![Relyze](/images/relyze.png)

Name this file `_relyze.dd32` or `_relyze.dd64`

## Example

$ relyze2x64dbg sample_relyze.dd32

# Support for radare2
Both commands now support inclusion of the location for main() as detected by
radare2. Just add `-r` or `-main` to either command like this:

$ lst2x64dbg -r 0x0040a53a sample.lst

Just cut and paste the virtual address for main from Cutter's UI or from radare2 command line.

![Main](/images/radare2_main.png)

# Workflow Notes
Each of these tools will check the current directory for an x64dbg database that was created by a previous run of one of
the tools. Any offset from that database that already has a label will not be changed by a subsequent run of any of the
tools. In other words, each tool expands the list of labels, but does not overwrite any labels that already exist.

If you have manually created labels, it is recommended to only create them in one disassembler. Also, make that disassembler's
output the very first to be processed by one of the above tools. This way all your custom labels are guaranteed to exist
in the new x64dbg database.

In a future iteration of this software there will be a way to deconflict at the merge step of the processing.