About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
RolfRolles
's Blog
Created: Thursday, June 7 2007 19:58.37 CDT
Printer Friendly ...
IDA's .IDS Files Part I
Author:
RolfRolles
# Views:
5132
This topic comes up occasionally, so it's worth a quick investigation. Your IDA directory has a subdirectory called 'ids' that contains more directories, which in turn contain .IDS files. .IDS files do two things: they define a mapping between ordinal numbers and symbol names (which may be mangled, and may contain the number of function arguments and their types), and secondly they allow (optional) comments for those functions.
The
IDSUTIL package
from DataRescue's website (only available to customers) provides tools to create .IDT files from statically-linked libraries and then to convert those into .IDS files. .IDT files are flat text files whose syntax is described in the readme.txt inside of the IDSUTIL package.
The 'ar2idt' tool produces an .IDT file from a .LIB. Its command-line syntax is "ar2idt [filename].[lib/obj/o/etc.]" to produce [filename].IDT. This tool supports several different object-file formats, as different compiler vendors use different ones.
Here's a sample from an .IDT file:
0 Name=MSGS.DLL
1 Name=??0CBaseMtm@@IAE@AAVCRegisteredMtmDll@@AAVCMsvSession@@@Z
2 Name=??0CBaseServerMtm@@IAE@AAVCRegisteredMtmDll@@PAVCMsvServerEntry@@@Z
3 Name=??0CMsgActive@@IAE@H@Z
4 Name=??0CMsvDefaultServices@@QAE@XZ
5 Name=??0CMsvEntrySelection@@QAE@XZ
313 Name=??0CMsvFindOperation@@IAE@AAVCMsvSession@@ABVTDesC16@@IAAVTRequestStatus@@@Z
314 Name=??0CMsvFindResultSelection@@QAE@XZ
6 Name=??0CMsvOperation@@QAE@AAVCMsvSession@@HAAVTRequestStatus@@@Z
After you have an .IDT file, the zipids.exe tool is used to turn an .IDT file into an .IDS file. Its command-line is simply "zipids [filename].IDT" to create [filename].IDS.
Blog Comments
SuperIrishDonkey
Posted: Wednesday, July 18 2007 01:41.09 CDT
Why i cannot find the created idt file when i use ar2idt?
Add New Comment
Comment:
There are
28,229
total registered users.
Recently Created Topics
Reverse Engineering ...
Jan/23
Career: DoD Agency I...
Jan/22
"Disappearing&q...
Jan/17
Career: Software Sec...
Jan/11
Where is the call st...
Jan/07
IDA Pro 6.1 Breakpoi...
Jan/01
How to create data s...
Dec/30
can i search all mod...
Dec/23
IDA symbol table exp...
Dec/20
An anti-attach trick
Dec/17
Recent Forum Posts
Reverse Engineering ...
NirIzr
"Disappearing&q...
NirIzr
Reverse Engineering ...
charlie
"Disappearing&q...
charlie
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
Looking for value in...
NirIzr
Recent Blog Entries
cmathieu
Feb/07
Hacker Carnival
waleedassar
Feb/06
OllyDbg v1.10 And Hardware ...
waleedassar
Jan/31
Yet Another Anti-Debug Trick
RolfRolles
Jan/22
Finding Bugs in VMs with a ...
waleedassar
Jan/13
An OllyDbg Bug Disables Sof...
More ...
Recent Blog Comments
waleedassar
on:
Feb/07
OllyDbg v1.10 And Hardware ...
NirIzr
on:
Feb/07
OllyDbg v1.10 And Hardware ...
NirIzr
on:
Feb/05
Yet Another Anti-Debug Trick
trolotou
on:
Feb/05
Doudoune Moncler -Pennies F...
waleedassar
on:
Feb/01
Yet Another Anti-Debug Trick
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}