-
-
[推荐]dcu2pat--for Delphi IDA signature generation
-
发表于: 2014-6-28 12:44
-
dcu2pat,make Delphi .dcu to .pat!!
http://redplait.blogspot.com/2013/05/dcu2pat.html
I wrote today some simple hack tool for creating signatures from delphi .dcu files for IDA flair
The main idea is very simple - flair expects .pat file to produce .sig file with signatures. So I just add some logic to my .dcu files loader to generate .pat files in right format
Supported Delphi versions:
Delphi 2007 (v12)
Delphi 2009 (v14)
Delphi 2010 (v15)
Delphi XE (v16)
Delphi XE2 (v17)
Download mirror
Sample of using:
Lets make signatures for delphi 2007 release run-time:
dcu2pat.exe I:\delphi.trash\2007\lib\*.dcu
wc -l .pat
26959 .pat
\ida\flair\bin\sigmake.exe .pat d2007.sig
: modules/leaves: 11149849/26655, COLLISIONS: 19389
After resolving of collisions (see flair\sigmake.txt for detail description):
wc -l d2007.exc
786 d2007.exc
\ida\flair\bin\sigmake.exe .pat d2007.sig
ls -l d2007.sig
-rw-rw-rw- 1 1250330 May 04 15:30 d2007.sig
http://redplait.blogspot.com/2013/05/dcu2pat.html
I wrote today some simple hack tool for creating signatures from delphi .dcu files for IDA flair
The main idea is very simple - flair expects .pat file to produce .sig file with signatures. So I just add some logic to my .dcu files loader to generate .pat files in right format
Supported Delphi versions:
Delphi 2007 (v12)
Delphi 2009 (v14)
Delphi 2010 (v15)
Delphi XE (v16)
Delphi XE2 (v17)
Download mirror
Sample of using:
Lets make signatures for delphi 2007 release run-time:
dcu2pat.exe I:\delphi.trash\2007\lib\*.dcu
wc -l .pat
26959 .pat
\ida\flair\bin\sigmake.exe .pat d2007.sig
: modules/leaves: 11149849/26655, COLLISIONS: 19389
After resolving of collisions (see flair\sigmake.txt for detail description):
wc -l d2007.exc
786 d2007.exc
\ida\flair\bin\sigmake.exe .pat d2007.sig
ls -l d2007.sig
-rw-rw-rw- 1 1250330 May 04 15:30 d2007.sig
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
