IDA2Obj : Static Binary Instrumentation

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

The working flow is simple:

• Dump object files (COFF) directly from one executable binary.
• Link the object files into a new binary, almost the same as the old one.
• During the dumping process, you can insert any data/code at any location.
  • SBI is just one of the using scenarios, especially useful for black-box fuzzing.

How To Use

• Prepare the enviroment:
  • Set AUTOIMPORT_COMPAT_IDA695 = YES in the idapython.cfg to support the API with old IDA 6.x style.
  • Install dependency: pip install cough
• Create a folder as the workspace.
• Copy the target binary which you want to fuzz into the workspace.
• Load the binary into IDA Pro, choose Load resources and manually load to load all the segments from the binary.
• Wait for the auto-analysis done.
• Dump object files by running the script MagicIDA/main.py.
  • The output object files will be inside ${workspace}/${module}/objs/afl.
  • If you create an empty file named TRACE_MODE inside the workspace, then the output object files will be inside ${workspace}/${module}/objs/trace.
  • By the way, it will also generate 3 files inside ${workspace}/${module} :
    • exports_afl.def (used for linking)
    • exports_trace.def (used for linking)
    • hint.txt (used for patching)
• Generate lib files by running the script utils/LibImports.py.
  • The output lib files will be inside ${workspace}/${module}/libs, used for linking later.
• Open a terminal and change the directory to the workspace.
• Link all the object files and lib files by using utils/link.bat.
  • e.g. utils/link.bat GdiPlus dll afl /RELEASE
  • It will generate the new binary with the pdb file inside ${workspace}/${module}.
• Patch the new built binary by using utils/PatchPEHeader.py.
  • e.g. utils/PatchPEHeader.py GdiPlus/GdiPlus.afl.dll
  • For the first time, you may need to run utils/register_msdia_run_as_administrator.bat as administrator.
• Run & Fuzz.