The plugin export the symbols (for the moment only functions) recognized by IDA Pro and radare2 to the ELF symbol table. This allows us to use the power of IDA/r2 in recognizing functions (analysis, FLIRT signatures, manual creation, renaming, etc), but not be limited to the exclusive use of this tools.
Supports 32 and 64-bits file format.
- IDA Pro: Simply, copy
syms2elf.pyto the IDA's plugins folder.
- radare2: You can install via r2pm:
r2pm -i syms2elf
Based on a full-stripped ELF:
$ file test1_x86_stripped test1_x86_stripped: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, stripped
Rename some functions in IDA or r2, run
syms2elf and select the output file.
$ file test1_x86_unstripped test1_x86_unstripped: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, not stripped
Now, you can open it with others tools and analyzing in a more comfortable way.
- Daniel García (@danigargu)
- Jesús Olmos (@sha0coder)
Any comment or request will be highly appreciated :-)