Archive for the ‘Make IDA Sig’ Category

How to make vc a static link library IDA SIG files?

Posted: January 26, 2010 in Make IDA Sig, Other Tutorials
Tags:
0

Title: [Original] how to make vc a static link library IDA SIG files?
Author: tnttools
Time: 2008-04-17,18:52
Link: http://bbs.pediy.com/showthread.php?t=63292

Many days ago, someone raised this question. It did not occur with lib.exe, that they have to re-invent a wheel ar2.exe, it could parse out the MS LIB file in the OBJ file. Today also saw someone post thoughts, again, dig about, much better than this …

The following is the command line on the production process, the environment is WinXP + NTFS + VS2003, on my machine to run correctly. References between the dash are the command line.

SIG attachment is to produce a good document, can accurately parse out the printf () function, of course, there are other many, many library functions.

Step 1:
Will be libc.lib, libcd.lib, libcmt.lib, libcmtd.lib from the original folder copied.
For:
To avoid the command line, enter the path too long

Step 2:

-----------------
set path =% path%; C: \ Program Files \ Microsoft Visual Studio. NET 2003 \ Vc7 \ bin
set path =% path%; C: \ Program Files \ IDA \ addons \ Flair.v5.20 \ bin
-----------------

To invoke the procedure to set the path on your machine is not necessarily the case

Step 3:

-----------------------------
for% i in (*. lib) do md% i.fdr
-----------------------------

For: New folder store object files

Step 4:

-----------------------------
cd v: \ libc.lib.fdr
for / F "skip = 3"% i in ( 'link.exe-lib / list .. \ libc.lib') do link.exe-lib / extract:% i .. \ libc.lib

cd v: \ libcd.lib.fdr
for / F "skip = 3"% i in ( 'link.exe-lib / list .. \ libcd.lib') do link.exe-lib / extract:% i .. \ libcd.lib

cd v: \ libcmt.lib.fdr
for / F "skip = 3"% i in ( 'link.exe-lib / list .. \ libcmt.lib') do link.exe-lib / extract:% i .. \ libcmt.lib

cd v: \ libcmtd.lib.fdr
for / F "skip = 3"% i in ( 'link.exe-lib / list .. \ libcmtd.lib') do link.exe-lib / extract:% i .. \ libcmtd.lib

-----------------------------

For: turn extraction libc.lib, libcd.lib, libcmt.lib, libcmtd.lib all the object file.

Step 5:

--------------------------
for% i in (. \ libc.lib.fdr \ *. obj) do pcf.exe-g0% i
for% i in (. \ libcd.lib.fdr \ *. obj) do pcf.exe-g0% i
for% i in (. \ libcmt.lib.fdr \ *. obj) do pcf.exe-g0% i
for% i in (. \ libcmtd.lib.fdr \ *. obj) do pcf.exe-g0% i
-------------------------
pcf.exe-g0. \ libc.lib.fdr \ *. obj
pcf.exe-g0. \ libcd.lib.fdr \ *. obj
pcf.exe-g0. \ libcmt.lib.fdr \ *. obj
pcf.exe-g0. \ libcmtd.lib.fdr \ *. obj
-------------------------

For: from. Obj file generation. Pat file. In order to avoid pcf.exe in the implementation of the process of dealing with non-COFF file interrupted, see a message “is not ar / coff file \ npress enter to exit”, with parameter “-g0”.

Step 6:

-------------------------
sigmake-n "VC7 Static Lib (ST / MT & Rel / Dbg) By TnTTools" libc.lib.fdr \ *. pat + libcd.lib.fdr \ *. pat + libcmt.lib.fdr \ *. pat + libcmtd . lib.fdr \ *. pat vc7libc
See the documentation to learn how to resolve collisitions.
: Modules / leaves: 9021136/3610, COLLISIONS: 2690
-------------------------
sigmake-n "VC7 Static Lib (ST / MT & Rel / Dbg) By TnTTools" libc.lib.fdr \ *. pat + libcd.lib.fdr \ *. pat + libcmt.lib.fdr \ *. pat + libcmtd . lib.fdr \ *. pat vc7libc
--------------------------

For: into SIG file vc7libc.sig, where I put together four static library file, of course, you can be divided into open. The first time by running sigmake, aware of the existence of conflict. Manual editing. EXE files to run again after sigmake, generating vc7libc.sig. In the annex.

[For example]

Before use
. text: 00402A03 push offset aUsage; "Usage: \ n"
. text: 00402A08 call sub_403772
. text: 00402A0D add esp, 4
. text: 00402A10 push offset aHashH; "hash-h \ n"
. text: 00402A15 call sub_403772
. text: 00402A1A add esp, 4

After use
. text: 00402A03 push offset aUsage; "Usage: \ n"
. text: 00402A08 call _printf
. text: 00402A0D add esp, 4
. text: 00402A10 push offset aHashH; "hash-h \ n"
. text: 00402A15 call _printf
. text: 00402A1A add esp, 4

TnTTools
The Art Of Reverse Engineering
Enjoy it.

Note that I have discussed here is only a very special case: VC static library files libc.lib, libcmt.lib. Originated in the forum because netizens a question. If the direct call pcf.exe these two documents will have problems.
No need to write what procedure is to wrap it, First, it is not a panacea SIG production process, in practice, various situations are likely to be encountered; Second, we need to understand the CONSOLE under a variety of STDOUT output (most of them was not interested); 3 is automatically handled after EXC manual editing necessary (at least in my opinion the case)