Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page In IDA, how to know the lib function belongs to which lib file?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-02-2013, 22:47
cnbragon cnbragon is offline
Friend
  
Join Date: Nov 2010
Posts: 26
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 1 Time in 1 Post
cnbragon Reputation: 1
maybe it can not, cause the library functions have been linked in the PE file during the build phase, and the PE file doesn't contain any information about the library itself.
Reply With Quote
  #2  
Old 04-02-2013, 23:09
bridgeic bridgeic is offline
Friend
  
Join Date: Jun 2012
Posts: 91
Rept. Given: 7
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 7 Times in 6 Posts
bridgeic Reputation: 3
Quote:
Originally Posted by cnbragon View Post
maybe it can not, cause the library functions have been linked in the PE file during the build phase, and the PE file doesn't contain any information about the library itself.
But IDA can identify the function as library function, how IDA know this then?

push ebp
mov ebp, esp
mov eax, 10D0h
call __alloca_probe
Reply With Quote
  #3  
Old 04-02-2013, 23:38
mcp mcp is offline
Friend
  
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
I don't think you can retrieve this info from IDA. However, you might want to look into typeinf.hpp (specifically the til_t struct) in the IDA SDK.
You can however, get access to the currently used type library (global variable idati) as well as the list of applied signatures. But it seems to me that it doesn't give you a mapping from function names to the respective flirt library.
Reply With Quote
  #4  
Old 04-03-2013, 00:00
bridgeic bridgeic is offline
Friend
  
Join Date: Jun 2012
Posts: 91
Rept. Given: 7
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 7 Times in 6 Posts
bridgeic Reputation: 3
Quote:
Originally Posted by mcp View Post
I don't think you can retrieve this info from IDA. However, you might want to look into typeinf.hpp (specifically the til_t struct) in the IDA SDK.
You can however, get access to the currently used type library (global variable idati) as well as the list of applied signatures. But it seems to me that it doesn't give you a mapping from function names to the respective flirt library.
I still don't fully understand, I'll have a study first, thanks a lot. :-)
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IDA script function. Git General Discussion 6 09-24-2014 01:58
GMP function Git General Discussion 4 06-16-2011 21:33
Adding a function to Export-Table of a PE file omidgl General Discussion 3 04-17-2005 09:27
C++ Help (Hooking a function) Peter[Pan] General Discussion 8 08-31-2004 20:37


All times are GMT +8. The time now is 04:00.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )