Quote:
Originally Posted by The Old Pirate
I looking to make IDA match functions in the disassembly of the new DLL with their names utilizing the old source code. There has to be a way.
|
Flirt signatures work on the basis of binary search pattern . Since you have the source , you have already progressed 25% but there is a major issue .
the binary pattern searching only works if the over the versions compiler stays same or similar . Why? as compilers update/upgrade the code generation scheme keeps changing thus changing the byte patterns .
You will need to generate a static library out of the source maintaining same compiler options and version . What i am saying is based on my experience and i am in no way in a position to claim to know the internal sig generation methods .
The signature generation itself is rather easy and you can find lots of small tutorial about them . If its a small program , you can try to name the functions manually and create small python scripts to use as flirt signatures for naming .
good luck