sincos,use flair tools to build sig files under ida v6.6
Creating library signatures for IDA
Posted by dani under Reverse Engineering, Uncategorized
I’ll briefly explain how to generate the signature file for a given library in order
to import it from IDA Pro and get the library functions identified by the disassembler
(which can save you hours from digging into ‘well-known’ functions).
Requirements: FLAIR tools installed.
Execute the COFF parser
> pcf ms32.lib miracl
ms32.lib: skipped 0, total 432
>sigmake miracl miracl
You might get collision errors here:
See the documentation to learn how to resolve collisitions.
: modules/leaves: 9021136/432, COLLISIONS: 382
At this point, just edit the .exc file, remove the comments in the first
lines and re-execute the sigmake command.
Now you’ll see a miracl.sig ready to be imported from the FLIRT signatures window in IDA Pro.
