Kali Linux

IDA2Obj : Static Binary Instrumentation

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

The working flow is simple:

  • Dump object files (COFF) directly from one executable binary.
  • Link the object files into a new binary, almost the same as the old one.
  • During the dumping process, you can insert any data/code at any location.
    • SBI is just one of the using scenarios, especially useful for black-box fuzzing.

How To Use

  • Prepare the enviroment:
    • Set AUTOIMPORT_COMPAT_IDA695 = YES in the idapython.cfg to support the API with old IDA 6.x style.
    • Install dependency: pip install cough
  • Create a folder as the workspace.
  • Copy the target binary which you want to fuzz into the workspace.
  • Load the binary into IDA Pro, choose Load resources and manually load to load all the segments from the binary.
  • Wait for the auto-analysis done.
  • Dump object files by running the script MagicIDA/main.py.
    • The output object files will be inside ${workspace}/${module}/objs/afl.
    • If you create an empty file named TRACE_MODE inside the workspace, then the output object files will be inside ${workspace}/${module}/objs/trace.
    • By the way, it will also generate 3 files inside ${workspace}/${module} :
      • exports_afl.def (used for linking)
      • exports_trace.def (used for linking)
      • hint.txt (used for patching)
  • Generate lib files by running the script utils/LibImports.py.
    • The output lib files will be inside ${workspace}/${module}/libs, used for linking later.
  • Open a terminal and change the directory to the workspace.
  • Link all the object files and lib files by using utils/link.bat.
    • e.g. utils/link.bat GdiPlus dll afl /RELEASE
    • It will generate the new binary with the pdb file inside ${workspace}/${module}.
  • Patch the new built binary by using utils/PatchPEHeader.py.
    • e.g. utils/PatchPEHeader.py GdiPlus/GdiPlus.afl.dll
    • For the first time, you may need to run utils/register_msdia_run_as_administrator.bat as administrator.
  • Run & Fuzz.
R K

Recent Posts

WID_LoadLibrary : The Intricacies Of DLL Management In Windows

WID_LoadLibrary is a custom implementation inspired by the Windows API function LoadLibrary, which is used…

14 hours ago

Locksmith : A Tool For Securing Active Directory Certificate Services

Locksmith is a specialized tool designed to identify and remediate vulnerabilities in Active Directory Certificate…

14 hours ago

Uscrapper Vanta : A Cutting-Edge OSINT Tool For Advanced Data Extraction

Uscrapper Vanta is a powerful open-source intelligence (OSINT) tool designed to revolutionize web scraping and…

14 hours ago

Pake : Transforming Webpages Into Desktop Applications

Pake is an innovative tool designed to convert any webpage into a desktop application with…

19 hours ago

Bevy : Exploring The Frontier Of Game Development With Rust

Bevy is an open-source, data-driven game engine built in Rust, designed to simplify game development…

19 hours ago

AppFlowy Cloud : Enhancing Collaboration With Secure Cloud Infrastructure

AppFlowy Cloud is a robust component of the AppFlowy ecosystem, designed to provide secure user…

2 days ago