labeless v1.1.6 releases: Remote memory dumping tool

Labeless is a plugin system for dynamic, seamless and real-time synchronization between IDA Database and debugs backend. It consists of two parts: IDA plugin and debugs backend’s plugin.

Labeless significantly reduces the time that the researcher spends on transferring already reversed/documented code information from IDA (static) to the debugger (dynamic). It saves time, preventing from doing the same job twice. Also, you can document and add data to the IDB on the fly and your changes will be automatically propagated to debug backend, even if you will restart the virtual machine or instance of debugging backend will crash. So, you will never lose your research.

This solution is highly upgradable. You can implement any helper scripts in Python on debug backend’s side and then just call them from IDA with one line of code, parsing the results and automatically propagating changes to IDB.

We can take that memory region and put it in the IDB, fixing imports ‘on-the-fly’, using debug backend’s functionality. No more need in ImpRec or BinScylla, searching for the regions in memory that contain the real IAT, because we get that information dynamically from the debugged process itself.

As a result, we have a lot of memory regions that may represent even different modules (if the unpacking process if multistage) with valid references between them, which gives us a possibility to build a full control flow graph of the executable. Basically, we will end up with one big IDB, containing all the info on the specific case.