The dialog box is populated based on the contents of IDA??™s sig subdirectory. Selecting
one of the available signature sets causes IDA to scan the current binary for possible
matches. For each match that is found, IDA renames the matching code in accordance
with the signature. When the signature files are correct for the current binary, this operation
has the effect of unstripping the binary. It is important to understand that IDA does
not come complete with signatures for every static library in existence. Consider the
number of different libraries shipped with any Linux distribution and you can appreciate
the magnitude of this problem. To address this limitation, DataRescue ships a tool
set called Fast Library Acquisition for Identification and Recognition (FLAIR). FLAIR consists
of several command-line utilities used to parse static libraries and generate IDA-compatible
signature files.
Generating IDA Sig Files
Installation of the FLAIR tools is as simple as unzipping the FLAIR distribution (currently
flair51.zip) into aworking directory. Beware that FLAIR distributions are generally
not backward compatible with older versions of IDA, so be sure to obtain the appropriate
version of FLAIR for your version of IDA.
Pages:
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567