Tool for PDB generation from IDA Pro database
Supports:
- IDA >= 7.4
- IDA
- copy content of
binaries.zip/idato<IDA_directory>/plugins
- copy content of
There are several features in this plugin:
- Open target executable in IDA
Edit->FakePDB->Generate .PDB file(orCtrl+Shift+4)- get PDB file from the IDA database directory
The PDB can optionally include symbols for function labels: use Generate .PDB file (with function labels) (or Ctrl+Shift+5).
- Open target executable in IDA
Edit->FakePDB->Generate .LIB file- get LIB file from the IDA database directory
- Open target executable in IDA >= 7.0
Edit->FakePDB->Dump info to .json(orCtrl+Shift+1)- it will generate
filename.jsonnear the.idbfile
- Open target executable in IDA >= 7.0
- Set cursor on start of the target function
Edit->FakePDB->Find signature(orCtrl+Shift+2)- signature will be displayed in IDA console
- Open target executable in IDA >= 7.0
Edit->FakePDB->Import offset from .json(orCtrl+Shift+3)
required file format:
{
"function_name_1": "0001:123456",
"function_name_2": "0001:254646",
"function_name_X": "XXXX:YYYYYY",
"function_name_Y": "0x0124567AF",
}where:
XXXX: number of the PE sectionYYYY: offset from the begining of the section in decimal numbers- 0x0124567AF: IDA effective address
- Linux support
- GHIDRA support
- Function arguments support
- IDA 9.0: structures export
- Disable PDB validation in WinDbg http://ntcoder.com/bab/2012/03/06/how-to-force-symbol-loading-in-windbg/
- Disable PDB validation in MSVS https://stackoverflow.com/questions/38147487/forcing-to-load-unmatched-symbols-in-visual-studio-2015-debugger
- 2019, Google Project Zero: The story of Adobe Reader symbols
- 2021, Gerhart X.: Hyper-V debugging for beginners. 2nd edition.
- 2022, Google Cloud: Fuzzing Image Parsing in Windows, Part Four: More HEIF
Inspired by:
Based on:
- LLVM project https://llvm.org/
- LLD project https://lld.llvm.org/
Also take look at: