From Collaborative RCE Tool Library

Jump to: navigation, search

Function String Associate

Tool name: Function String Associate
Rating: 0.0 (0 votes)
Author: Sirmabus                        
Website: http://www.woodmann.com/forum/showthread.php?t=11748
Current version:
Last updated: May 13, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: I thought of this idea the other day based on the observation of "assert()", development, debug text strings, etc., that software developers often leave in programs I want to reverse.
As I'm sure others do, I look at these comments to help me determine what a particular function is for (x86 binary targets that is).
I thought, wouldn't be nice to somehow data mine this stuff and automatically put some of it as a function comment?

Based on this, what this plug-in does is iterate through every function in IDA and auto-comments every function that has these strings (unless it already has a comment). It applies a little logic to it, to try to put the most relevant strings first.

Sort of a proof of concept thing. It's hard to say how useful it is yet.
So far it does seem to help as I browse around a DB. I'm putting together things a bit faster because of it.

Of course it's only works as well as your target uses such messages mixed in it's code.
So far on programs I've used it it on, the plug-in finds such strings on about 15% of all functions.

With source. If you expand on the idea, add helpful modifications, etc., share them please.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)