Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
py
 
 
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

IDA Splode

A tool that I wrote to help reversing on Windows. Also proof that I am bad at coming up with catchy names.

Presentation

See the presentation in slides/ for some examples on the sample application. I've also included an .idb that shows some of the features. All comments are auto-generated by the tool. The only input I provided was to give the structures a name, and to select various interesting instructions.

Requirements

  • %PIN_HOME% points to an installation of Intel's Pin.
  • MongoDB
  • IDA Pro
  • VS 2010

Usage

  • Run build.bat from a MSVC 2010 console
  • Optionally, enable page heap for test.exe (gflags /i test.exe +hpa)
  • Run release.bat to trace the test.exe program in release mode
  • Start MongoDB
  • Run demo.exe.py to import the traces
  • Start IDA Pro, open demo.exe
  • Run py\idapython_script.py from within IDA
  • If everything worked, ida-splode should automatically recognize all traces for the open binary from the database, and present a list of options.
  • Press any of the hotkeys presented to do ${things}.
    • The slides should give you a good idea what is avaiable.
    • Ctrl+Shift+H reprints the help message

Tips

  • If PageHeap isn't enabled (+hpa), it will waste a lot of time looking for heap metadata at instrumentation-time.
  • For whatever reason, if _NT_SYMBOL_PATH includes any SYM* paths versus just local paths, it won't find PDBs and you'll only get exports. Use _NT_SYMBOL_PATH=C:\symbols or similar.
  • There are lots of twiddly bits to turn on and off. See knobs.cpp.
  • This is generally intended to be run off-line. Pin alone will make execution slow; my instrumentation has not been profiled or optimized for speed.

Caveats

This is pulled from a working copy, so some things may not work properly. If you run into any issues, feel free to contact me at @ebeip90 or ebeip90 on Freenode.net.

About

Augmenting Static Reverse Engineering with Dynamic Analysis and Instrumentation

Resources

License

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.