Kali Linux

IDA2Obj : Static Binary Instrumentation

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

The working flow is simple:

  • Dump object files (COFF) directly from one executable binary.
  • Link the object files into a new binary, almost the same as the old one.
  • During the dumping process, you can insert any data/code at any location.
    • SBI is just one of the using scenarios, especially useful for black-box fuzzing.

How To Use

  • Prepare the enviroment:
    • Set AUTOIMPORT_COMPAT_IDA695 = YES in the idapython.cfg to support the API with old IDA 6.x style.
    • Install dependency: pip install cough
  • Create a folder as the workspace.
  • Copy the target binary which you want to fuzz into the workspace.
  • Load the binary into IDA Pro, choose Load resources and manually load to load all the segments from the binary.
  • Wait for the auto-analysis done.
  • Dump object files by running the script MagicIDA/main.py.
    • The output object files will be inside ${workspace}/${module}/objs/afl.
    • If you create an empty file named TRACE_MODE inside the workspace, then the output object files will be inside ${workspace}/${module}/objs/trace.
    • By the way, it will also generate 3 files inside ${workspace}/${module} :
      • exports_afl.def (used for linking)
      • exports_trace.def (used for linking)
      • hint.txt (used for patching)
  • Generate lib files by running the script utils/LibImports.py.
    • The output lib files will be inside ${workspace}/${module}/libs, used for linking later.
  • Open a terminal and change the directory to the workspace.
  • Link all the object files and lib files by using utils/link.bat.
    • e.g. utils/link.bat GdiPlus dll afl /RELEASE
    • It will generate the new binary with the pdb file inside ${workspace}/${module}.
  • Patch the new built binary by using utils/PatchPEHeader.py.
    • e.g. utils/PatchPEHeader.py GdiPlus/GdiPlus.afl.dll
    • For the first time, you may need to run utils/register_msdia_run_as_administrator.bat as administrator.
  • Run & Fuzz.
R K

Recent Posts

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

8 hours ago

Modern Network Fingerprinting : HASSH And JA4+SSH Tools

Network fingerprinting is a critical technique for identifying and analyzing network traffic patterns, particularly in…

8 hours ago

HowToHunt : Unleashing The Power Of Advanced Hunting Tools

"HowToHunt" is a platform designed to assist hunters in improving their skills, planning their expeditions,…

8 hours ago

SkyFall-Pack : Infrastructure Automation For C2 Operations

SkyFall-Pack is an advanced infrastructure automation toolkit designed for Command and Control (C2) operations. It…

8 hours ago

LummaC2 Stealer : Unpacking The Threats Of A Marketed ‘Premium’ Malware

LummaC2 is a commodity malware designed as an information stealer, targeting browsers, cryptocurrency wallets, and…

8 hours ago

RustOwl : A Visualization Tool For Ownership And Lifetime

RustOwl is an innovative tool designed to enhance the Rust programming experience by visualizing ownership…

8 hours ago