红绡枫叶 发表于 2014-6-28 13:32

dcu2pat--for Delphi IDA signature generation

本帖最后由 红绡枫叶 于 2014-6-28 13:57 编辑

dcu2pat,make Delphi .dcu to .pat!!http://bbs.pediy.com/images/smilies/cool.gif
http://redplait.blogspot.com/2013/05/dcu2pat.html
I wrote today some simple hack tool for creating signatures from delphi .dcu files for IDA flair
The main idea is very simple - flair expects .pat file to produce .sig file with signatures. So I just add some logic to my .dcu files loader to generate .pat files in right format
Supported Delphi versions:
Delphi 2007 (v12)
Delphi 2009 (v14)
Delphi 2010 (v15)
Delphi XE (v16)
Delphi XE2 (v17)
Download mirror
Sample of using:
Lets make signatures for delphi 2007 release run-time:

dcu2pat.exe I:\delphi.trash\2007\lib\*.dcu
wc -l .pat
26959 .pat
\ida\flair\bin\sigmake.exe .pat d2007.sig
: modules/leaves: 11149849/26655, COLLISIONS: 19389

After resolving of collisions (see flair\sigmake.txt for detail description):
wc -l d2007.exc
786 d2007.exc
\ida\flair\bin\sigmake.exe .pat d2007.sig
ls -l d2007.sig
-rw-rw-rw-   1                  1250330 May 04 15:30 d2007.sig

纵横、叼蛮意 发表于 2014-6-28 13:36

lg0668 发表于 2014-6-28 13:41

外国来的

nmgame 发表于 2014-7-1 09:58

sony197901 发表于 2016-5-10 19:51

支持,学习1
页: [1]
查看完整版本: dcu2pat--for Delphi IDA signature generation