Mardok
May 4th, 2012, 03:50
Hi guys,
I'm trying to wrap my head around a large project for which I have no source. I know that the executable was statically linked against Lua, zlib, libpng, and a large host of other software. I have no real experience with IDA, but I can see how using the FLAIR/FLIRT tools could be useful here. I started my attempt at generating sigs by compiling a static zlib library and extracting a pattern using the pcf executable packaged with the 6.1 FLAIR release. This fails with the following error:
Please forgive my if this question has been answered before, or it's common knowledge, but how can I get this to work? I've searched all over the internet, and I have either been unable to find the answer or possibly unable to understand it.
Thanks in advance from a long-time lurker and first-time poster!
I'm trying to wrap my head around a large project for which I have no source. I know that the executable was statically linked against Lua, zlib, libpng, and a large host of other software. I have no real experience with IDA, but I can see how using the FLAIR/FLIRT tools could be useful here. I started my attempt at generating sigs by compiling a static zlib library and extracting a pattern using the pcf executable packaged with the 6.1 FLAIR release. This fails with the following error:
Code:
C:\>pcf -d zlib.lib
COFF parser. Copyright (c) 1997-2011 Hex-Rays. Version 1.21
Pattern length: 32
Minimal pattern defined bytes: 4
Warning [zlib.lib] (Release Library\zutil.obj): please note, not a coff module at 0x9fa
MODULE Release Library\zutil.obj
Fatal [zlib.lib] (Release Library\zutil.obj): not a coff module
press enter to exit.
Please forgive my if this question has been answered before, or it's common knowledge, but how can I get this to work? I've searched all over the internet, and I have either been unable to find the answer or possibly unable to understand it.
Thanks in advance from a long-time lurker and first-time poster!
