dcu2pat--for Delphi IDA signature generation
本帖最后由 红绡枫叶 于 2014-6-28 13:57 编辑dcu2pat,make Delphi .dcu to .pat!!http://bbs.pediy.com/images/smilies/cool.gif
http://redplait.blogspot.com/2013/05/dcu2pat.html
I wrote today some simple hack tool for creating signatures from delphi .dcu files for IDA flair
The main idea is very simple - flair expects .pat file to produce .sig file with signatures. So I just add some logic to my .dcu files loader to generate .pat files in right format
Supported Delphi versions:
Delphi 2007 (v12)
Delphi 2009 (v14)
Delphi 2010 (v15)
Delphi XE (v16)
Delphi XE2 (v17)
Download mirror
Sample of using:
Lets make signatures for delphi 2007 release run-time:
dcu2pat.exe I:\delphi.trash\2007\lib\*.dcu
wc -l .pat
26959 .pat
\ida\flair\bin\sigmake.exe .pat d2007.sig
: modules/leaves: 11149849/26655, COLLISIONS: 19389
After resolving of collisions (see flair\sigmake.txt for detail description):
wc -l d2007.exc
786 d2007.exc
\ida\flair\bin\sigmake.exe .pat d2007.sig
ls -l d2007.sig
-rw-rw-rw- 1 1250330 May 04 15:30 d2007.sig
外国来的 支持,学习1
页:
[1]