The plugin exports all the symbols recognized by IDA Pro (only functions in radare2) to the ELF symbol table. This allows us to use the power of IDA/r2 in recognizing functions (analysis, FLIRT signatures, manual creation, renaming, etc), but not be limited to the exclusive use of this tools.
Supports 32 and 64-bits file format.
- IDA Pro: Simply, copy
syms2elf.py
to the IDA's plugins folder. - radare2: You can install via r2pm:
r2pm -i syms2elf
Based on a full-stripped ELF:
$ file test1_x86_stripped
test1_x86_stripped: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, stripped
Rename some functions and global variables in IDA or funcitons in r2, run syms2elf
and select the output file.
After that:
$ file test1_x86_unstripped
test1_x86_unstripped: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, not stripped
Now, you can open it with others tools and analyzing in a more comfortable way.
- Daniel García (@danigargu)
- Jesús Olmos (@sha0coder)
- Kirill Magaskin (@K1RPI7CH)
Any comment or request will be highly appreciated :-)
This modification (global variable symbol names support) was started as a part of Digital Security's Research Centre internship "Summ3r of h4ck 2022".