Skip to content

Latest commit

 

History

History
56 lines (39 loc) · 2.58 KB

README.md

File metadata and controls

56 lines (39 loc) · 2.58 KB

SymExPorter

This is an upgraded fork of syms2elf with new features. The plugin exports symbols recognized by IDA, radare2, rizin & cutter to the ELF symbol table. This allows us to use IDA/r2/rizin/cutter capabilities in recognition functions (analysis, FLIRT signatures, manual creation, renaming, etc), but not be limited to the exclusive use of this tools.

Supports both 32 and 64-bit file format.

What's new?

  • Added support for exporting global variable names, static variable names and constant names (the original syms2elf plugin supported exporting only function names).
  • Plugin with new features was ported to rizin and cutter.

INSTALLATION

  • IDA: Copy SymExPorter.py to the IDA's plugins folder. The plugin will appear in Edit-->Plugins menu.

  • radare2: Copy SymExPorter.py to the radare2's bin folder. Then, in radare2 environment, pass this command: #!pipe python ./SymExPorter.py <output_file>.

  • rizin: Copy SymExPorter.py to the rizin's bin folder. Then, in rizin environment, pass this command: #!pipe python ./SymExPorter.py <output_file>.

  • cutter: Copy SymExPorter.py to the Cutter's plugins/python folder. The plugin will appear in Windows-->Plugins menu.

    Requirements:

    • r2pipe
    • rzpipe
    • Pyside2

EXAMPLE

Based on a full-stripped ELF:

$ file testelf 
testelf: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, for GNU/Linux 3.2.0, stripped

Rename some functions and global variables in IDA, r2, rizin (cutter) run SymExPorter and select the output file.

IDA_example

radare2_example

rizin_example

cutter_example

After that:

$ file testelf_repaired 
testelf_repaired: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, for GNU/Linux 3.2.0, not stripped

Now you can open this file with other tools and continue analyzing it.

AUTHORS

  • Daniel García (@danigargu)
  • Jesús Olmos (@sha0coder)
  • Kirill Magaskin (@K1RPI7CH)

CONTACT

Any comment, issue or pull request will be highly appreciated!

This modification was started as a part of Digital Security's Research Centre internship "Summ3r of h4ck 2022".