IDA2Obj: tool to implement Static Binary Instrumentation

IDA2Obj

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

The working flow is simple:

• Dump object files (COFF) directly from one executable binary.
• Link the object files into a new binary, almost the same as the old one.
• During the dumping process, you can insert any data/code at any location.
  • SBI is just one of the using scenarios, especially useful for black-box fuzzing.

Download

git clone https://github.com/jhftss/IDA2Obj.git

Use

0. Prepare the environment:
   • Set AUTOIMPORT_COMPAT_IDA695 = YES in the idapython.cfg to support the API with old IDA 6.x style.
   • Install dependency: pip install cough
1. Create a folder as the workspace.
2. Copy the target binary which you want to fuzz into the workspace.
3. Load the binary into IDA Pro, choose Load resources, and manually load to load all the segments from the binary.
4. Wait for the auto-analysis done.
5. Dump object files by running the script MagicIDA/main.py.
   • The output object files will be inside ${workspace}/${module}/objs/afl.
   • If you create an empty file named TRACE_MODE inside the workspace, then the output object files will be inside ${workspace}/${module}/objs/trace.
   • By the way, it will also generate 3 files inside ${workspace}/${module} :
     • exports_afl.def (used for linking)
     • exports_trace.def (used for linking)
     • hint.txt (used for patching)
6. Generate lib files by running the script utils/LibImports.py.
   • The output-lib files will be inside ${workspace}/${module}/libs, used for linking later.
7. Open a terminal and change the directory to the workspace.
8. Link all the object files and lib files by using utils/link.bat.
   • e.g. utils/link.bat GdiPlus dll afl /RELEASE
   • It will generate the new binary with the pdb file inside ${workspace}/${module}.
9. Patch the newly built binary by using utils/PatchPEHeader.py.
   • e.g. utils/PatchPEHeader.py GdiPlus/GdiPlus.afl.dll
   • For the first time, you may need to run utils/register_msdia_run_as_administrator.bat as administrator.
10. Run & Fuzz.

Tutorial

Copyright (C) 2021 jhftss