Reverse Engineering Asked on January 1, 2021
I have an old DOS program compiled using Borland C++ (1991 version)
The end of the executable contains many strings preceded by an underscore which looks like debug/symbol information :
eg: _HandleMemory
, _AddKey
, _SetPalette
, …
Most of these strings seems to be functions or variables names.
However once the exe is opened in IDA, that information is not used, most functions are simply named this way (except some known C functions like _qsort
) :
sub_XXXXX
Is there a way to import that info back to IDA ?
In case anyone has same question, here is how I solved it :
1) I exported all debug symbol information to a text file, using TDUMP.
TDUMP somefile.exe > 1.txt
2) I cleaned the txt file to keep only useful information :
[Function name] + [Address]
3) I imported the file back to IDA using a python script : see here
Answered by tigrou on January 1, 2021
I've written an IDAPython script which parses the debug information and then performs the corresponding renamings, all from within IDA.
The script, along with simple usage instructions, are available on GitHub.
Answered by ramikg on January 1, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP