-
-
[转帖]Mapimp 1.0 by takerZ
-
发表于: 2014-9-15 00:35
-
Mapimp 1.0 by takerZ
This is an open source OllyDbg plugin which will help you to import map files exported by IDA or Dede. There are many plugins using which you can perform similar actions, but mapimp:
- Recognizes debugged file segments and applies names correctly
- Has an option to overwrite or skip names that intersect already defined
- Has a filter option which gives you great name demangling potential
• Filter
The main idea is to apply series of masks to every single name loaded. Mask syntax goes.
as follows:
/key[/]regex
Key "c" cuts the matched substring selected by regular expression.
[SAMPLE]
name: System::__linkproc__ GetMem(int)
mask: /c__linkproc__
applied: System::GetMem(int)
[/SAMPLE]
Key "s" skips the name if regular expression succeeds. It may be useful if you want to skip some dummy or incorrect names.
[SAMPLE]
name: unknown_libname_2519
mask: /sunknown_libname_
applied:
[/SAMPLE]
Key "r" replaces the substring selected by regular expression with your own.
/rsubstring/regex
As you can see slash character delims your substring from the regular expression. Use double slash to define slash as a character of your substring.
[SAMPLE]
name: System@Function(System@AnsiString;System@AnsiString)
mask: /rsys::/System@
applied: sys::Function(sys::AnsiString;sys::AnsiString)
name: System@Function(System@AnsiString;System@AnsiString)
mask: /r//_/@
applied: System/_Function(System/_AnsiString;System/_AnsiString)
[/SAMPLE]
Remember that if the name met the mask condition it will be changed, then the second mask is applied to the changed name and so on. The order of mask applying is undefined so be careful, because some masks may intersect.
As about regular expressions, the plugin uses pcre library which syntax is compatible with perl regular expression. Check www.pcre.org for docs and sources.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
