IDA Pro是玩逆向工程必不可少的工具,但是很遺憾IDA Pro好像不支援直接匯入map檔案(如果有誰知道可以,請告訴我)。前幾天分析一個程式,很奇怪提供了MAP卻沒提供PDB。不悅,順手寫了一段把map檔案轉換成IDA Pro的idc指令碼的Python小程式:
# -*- coding:utf-8 -*-def map2idc(in_file, out_file):
with open(out_file, 'w') as fout:
fout.write('#include <idc.idc>\n')
fout.write('static main()\n{\n')
with open(in_file) as fin:
for line in fin:
list = line.split()
if len(list) >= 3 and len(str(list[2])) == 8 and str(list[2]).isalnum():
fout.write('\tMakeName(0x%s, "%s");\n' % (list[2], list[1]))
fout.write('}\n')
def main():
from optparse import OptionParser
parser = OptionParser(usage='usage: %prog <map filename>')
(options, args) = parser.parse_args()
if len(args) < 1:
parser.error('incorrect number of arguments')
return map2idc(args[0], os.path.splitext(args[0])[0]+'.idc')
if __name__=="__main__":
sys.exit(main())
使用方法:
python map2idc.py /path/to/mapfile在IDA Pro中,載入待剖析器後,File-->IDC file...,選產生的IDC檔案。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
