About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> RolfRolles's Blog

Created: Thursday, June 7 2007 19:58.37 CDT  
Printer Friendly ...
IDA's .IDS Files Part I
Author: RolfRolles # Views: 6001

This topic comes up occasionally, so it's worth a quick investigation.  Your IDA directory has a subdirectory called 'ids' that contains more directories, which in turn contain .IDS files.  .IDS files do two things:  they define a mapping between ordinal numbers and symbol names (which may be mangled, and may contain the number of function arguments and their types), and secondly they allow (optional) comments for those functions.

The IDSUTIL package from DataRescue's website (only available to customers) provides tools to create .IDT files from statically-linked libraries and then to convert those into .IDS files.  .IDT files are flat text files whose syntax is described in the readme.txt inside of the IDSUTIL package.  

The 'ar2idt' tool produces an .IDT file from a .LIB.  Its command-line syntax is "ar2idt [filename].[lib/obj/o/etc.]" to produce [filename].IDT.  This tool supports several different object-file formats, as different compiler vendors use different ones.

Here's a sample from an .IDT file:

0 Name=MSGS.DLL
1 Name=??0CBaseMtm@@IAE@AAVCRegisteredMtmDll@@AAVCMsvSession@@@Z
2 Name=??0CBaseServerMtm@@IAE@AAVCRegisteredMtmDll@@PAVCMsvServerEntry@@@Z
3 Name=??0CMsgActive@@IAE@H@Z
4 Name=??0CMsvDefaultServices@@QAE@XZ
5 Name=??0CMsvEntrySelection@@QAE@XZ
313 Name=??0CMsvFindOperation@@IAE@AAVCMsvSession@@ABVTDesC16@@IAAVTRequestStatus@@@Z
314 Name=??0CMsvFindResultSelection@@QAE@XZ
6 Name=??0CMsvOperation@@QAE@AAVCMsvSession@@HAAVTRequestStatus@@@Z

After you have an .IDT file, the zipids.exe tool is used to turn an .IDT file into an .IDS file.  Its command-line is simply "zipids [filename].IDT" to create [filename].IDS.


Blog Comments
SuperIrishDonkey Posted: Wednesday, July 18 2007 01:41.09 CDT
Why i cannot find the created idt file when i use ar2idt?



Add New Comment
Comment:









There are 29,892 total registered users.


Recently Created Topics
Decompiling raw bina...
May/22
Incorrect bitness wh...
May/20
PaiMei stalker modul...
May/19
Attach to program us...
May/13
IDA PRO how to make ...
May/12
FACT: OpenRCE is dead.
May/08
Int 3 anti debug?
May/05
help needed - Beginn...
May/03
Attaching IDA Pro to...
Apr/27
File type
Apr/21


Recent Forum Posts
Ollydbg 2.0 - Plugin...
openrce...
IDA PRO how to make ...
codeinject
FACT: OpenRCE is dead.
codeinject
IDA Resource Viewer ...
r2x64
FACT: OpenRCE is dead.
djnemo
FACT: OpenRCE is dead.
codeinject
FACT: OpenRCE is dead.
pedram
help needed - Beginn...
araujo
Attaching IDA Pro to...
codeinject
Int 3 anti debug?
codeinject


Recent Blog Entries
lowpriority
Apr/13
OllyMigrate Plugin for Olly...
everdox
Mar/08
2 anti-trace mechanisms spe...
everdox
Mar/07
Advanced debugging techniques
everdox
Mar/06
Branch tracing and LBR acce...
everdox
Mar/05
Using pre-paged in virtual ...
More ...


Recent Blog Comments
clarisonic on:
Apr/03
New version of Ollydbg!
clarisonic on:
Apr/03
New version of Ollydbg!
trackerx90 on:
Mar/04
SuppressDebugMsg As Anti-De...
coachfactory on:
Feb/25
Portable Executable Format ...
coachfactory on:
Feb/25
A new Anti-Olly trick.
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit