OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: May 7, 2012 18:49 CDT by KernelNinja .

I am loading a Windows process memory dump in IDAPro 6.1. IDA is able to pull down symbols from MS public symbol server, so symbols work fine. How do I get IDA to display the module header as a IMAGE_DOS_HEADER structure i.e. equivalent to the WinDBG command "dt <ModuleBase> ntdll!_IAMGE_DOS_HEAER"

NirIzr		May 8, 2012 04:51.58 CDT
sorry, repost accident :-)

NirIzr		May 8, 2012 04:53.40 CDT
you can us the IDA ctrl + q shortcut to apply defined structures to memory areas. but you will have to add the structure first. go to the structures window hit insert and than hit the add standard structure button to the structure you need.

KernelNinja		May 9, 2012 14:25.17 CDT
Thanks Nirlzr, another followup question : I understand that IDA can parse C header files and you can manually specify structures. But how do I get IDA to import structures from Microsoft PDB files like ntdll.dll, which does contain structure type information.

KernelNinja		May 10, 2012 01:48.03 CDT
For the benefit of the community I have written up a small tutorial on how to perform structure typecasting in IDA. http://sites.google.com/site/ninjakernel. Hope this helps :-)

NirIzr		May 10, 2012 02:38.33 CDT
most of these structures are already defined for you, when you open the create structure dialog you can see a create standard structure button. hit that button and select the structure you need.

Note: Registration is required to post to the forums.

There are 29,956 total registered users.

Recently Created Topics
pydbg load vs attach	Jun/19
pydbg bp_set_mem	Jun/18
Disassembling Motoro...	Jun/13
ida plugin writing f...	Jun/02
New version of RE-Go...	May/29
Decompiling raw bina...	May/22
Incorrect bitness wh...	May/20
PaiMei stalker modul...	May/19
Attach to program us...	May/13
IDA PRO how to make ...	May/12

Recent Forum Posts
pydbg load vs attach	kitochou
pydbg bp_set_mem	kitochou
pydbg, memory breakp...	kitochou
Good Binary Code Pro...	alton
Int 3 anti debug?	SteveIRQL
Attach to program us...	SteveIRQL
Ollydbg 2.0 - Plugin...	openrce...
IDA PRO how to make ...	codeinject
FACT: OpenRCE is dead.	codeinject
IDA Resource Viewer ...	r2x64

Recent Blog Entries
	26yyg1kf	Jun/19
your muscles get larger Men...
	26yyg1kf	Jun/19
Mens 2011 Vibram Classic fo...
	26yyg1kf	Jun/19
Vivo Barefoots up to Discou...
	kitochou	Jun/18
pydbg
	lowpriority	Apr/13
OllyMigrate Plugin for Olly...
More ...

Recent Blog Comments
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
	newlulu on:	Jun/10
Branch tracing and LBR acce...
	newlulu on:	Jun/10
Advanced debugging techniques
	newlulu on:	Jun/10
2 anti-trace mechanisms spe...
	newlulu on:	Jun/10
OllyMigrate Plugin for Olly...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit