mixaill / fakepdb Goto Github PK
View Code? Open in Web Editor NEWTool for PDB generation from IDA Pro database
License: Apache License 2.0
Tool for PDB generation from IDA Pro database
License: Apache License 2.0
Some humble suggestions:
Why structure your code this way with so many levels and redundancy? Unless you really do want three sperate executables?
Why not then just make one "main.cpp" that just parses all possible options (again using a more robust command line argument parser)? You just need to architect it such that you break each command down.
P.S. Like the Fallout game reference. I'm one of the original developers of the game.
I'm using IDA 7.6, to generate pdb of an executable but it is just creating the json only.
I have tried to create using fakepdb.exe also but that also doesn't works
please help with this issue
thanks
Describe the bug
FakePDB -> Generate .PDB file does not works for .DLL files
To Reproduce
Steps to reproduce the behavior:
Additional context
https://www.youtube.com/watch?v=5JYv7ynSxsM
The .pdbs I generated had addresses shifted by 0x1000. It looked like they should be relative to the image base instead of the section offset.
Requested in: https://twitter.com/j00ru/status/1176238722150555649
referencing the newly created pdb.
Add support for 64-bit executable files.
Requested in: https://twitter.com/j00ru/status/1176238005746634754
Is your feature request related to a problem? Please describe.
I want to filter the JSON to extract the function names/addresses of the functions that I have explicitly manually named with the N button.
The problem is that Lumina functions (green label) and library functions (blue label) get in the way, there's lots of them and they're impossible to tell apart from the manual names. In current implementation of the JSON export, they both have is_public:false and is_autonamed:false, despite arguably being autonamed (especially the detected library functions).
Describe the solution you'd like
I think it would make sense to include library functions as autonamed and to add an additional field that indicates whether the name comes from Lumina, so it's possible to easily filter those out if needed.
Describe alternatives you've considered
Filtering the JSON like this:
data.functions.filter(f => !f.is_autonamed && !f.name.startsWith('sub_') && !f.name.startsWith('?') && !f.name.startsWith('j_'))
still yields 800+ results that include functions from Lumina.
The ability to export all manual names would be useful to merge names from multiple databases.
Hi every one,
I tried fakepdb to produce pdb file for a driver in Ida Pro, I says pdb is generated but nothing happens only jason file is there, even I tried fixed version v 0.31, but still same, any Idea, Please?
My Ida Pro version is: 7.7 SP1
my file:
Requested in: https://twitter.com/j00ru/status/1176238722150555649
Hey, thank you for this amazing plugin.
Use case: In Visual Studio, if a PDB is loaded for a DLL or EXE, you can in the debugger watch window cast any piece of memory to a struct/class from that DLL. For example, say we have a DLL loaded nvse_1_4.dll
you can do:
(nvse_1_4!Script**) (epb - 0x8)
and see all the members of that struct in the debugger window.
It would be amazing if it could do that for types exported from IDA into a FakePDB as well since our IDBs are loaded with types not included in our compiled C++ projects.
I.e. if we generate a FakePDB for FalloutNV.exe, you could do (FalloutNV!TileManager**) ecx
in the watch window if we had that defined in IDA in local types.
When i trying to get pdb for dll module it failing with throwing no error
Think bug here :
https://github.com/Mixaill/FakePDB/blob/master/src_ida/fakepdb/generation.py#L85
File extension getted from IDA filepath but no from analyzing file
Played around with different versions of fakepdb and could finally make an .pdb file. I'm using IDA PRO 7.7
Steps:
worked like a charm, got pdb,VS recognized functions
The issue at hand is that, stack arguments and return value are messed up, the mangled name is used, and calling convention is "unknown (or incorrect, eg.: __fastcall
instead of __thiscall
).
Example:
"start_rva": 1689872,
"name": "_ZN7CVector9NormaliseEv",
"is_public": false,
"is_autonamed": false,
"calling_convention": "unknown",
"return_type": "int",
"arguments": [],
"labels": [
{
"offset": 52,
"name": "loc_59C944",
"is_public": false,
"is_autonamed": true
}
]
I'd expect the above to be:
"start_rva": 1689872,
"name": "CVetor::Normalise",
"is_public": false,
"is_autonamed": false,
"calling_convention": "__fastcall",
"return_type": "void",
"arguments": [],
"labels": [
{
"offset": 52,
"name": "loc_59C944",
"is_public": false,
"is_autonamed": true
}
]
I presume this is the offending line:
FakePDB/src_plugins/ida/fakepdb/dumpinfo.py
Lines 165 to 168 in 85a0351
Because DebugInfo is null. With this hack it runs but does not generate any pdb:
src_pdbgen/pefile.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src_pdbgen/pefile.cpp b/src_pdbgen/pefile.cpp
index 80b1443..caedd2d 100644
--- a/src_pdbgen/pefile.cpp
+++ b/src_pdbgen/pefile.cpp
@@ -32,6 +32,10 @@ std::vector<uint8_t> PeFile::GetPdbGuid()
llvm::StringRef PDBFileName;
_obj->getDebugPDBInfo(DebugInfo, PDBFileName);
+ if (DebugInfo == nullptr)
+ return {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
return std::vector<uint8_t>(&DebugInfo->PDB70.Signature[0], &DebugInfo->PDB70.Signature[16]);
}
diff --git a/src_pdbgen/guidhelper.h b/src_pdbgen/guidhelper.h
index 8faffb1..cdb9327 100644
--- a/src_pdbgen/guidhelper.h
+++ b/src_pdbgen/guidhelper.h
@@ -6,19 +6,19 @@
#include <sstream>
#include <vector>
-static struct GUID {
+struct GUID {
unsigned long Data1;
unsigned short Data2;
unsigned short Data3;
unsigned char Data4[8];
};
-std::string guidToHex(std::vector<uint8_t>& vec)
+std::string guidToHex(const std::vector<uint8_t>& vec)
{
std::ostringstream oss;
oss << std::hex << std::uppercase;
- auto* guid = reinterpret_cast<GUID*>(vec.data());
+ auto* guid = reinterpret_cast<const GUID*>(vec.data());
oss << std::setw(2) << std::setfill('0') << guid->Data1;
oss << std::setw(2) << std::setfill('0') << guid->Data2;
oss << std::setw(2) << std::setfill('0') << guid->Data3;
diff --git a/src_pdbgen/pdbcreator.cpp b/src_pdbgen/pdbcreator.cpp
index 84807ab..b81b3af 100644
--- a/src_pdbgen/pdbcreator.cpp
+++ b/src_pdbgen/pdbcreator.cpp
@@ -104,7 +104,8 @@ void PdbCreator::ImportIDA(IdaDb& ida_db)
bool PdbCreator::Commit(std::filesystem::path& path)
{
std::filesystem::create_directories(path.parent_path());
- if (_pdbBuilder.commit(path.string(), &_pdbBuilder.getInfoBuilder().getGuid())) {
+ auto guid = _pdbBuilder.getInfoBuilder().getGuid();
+ if (_pdbBuilder.commit(path.string(), &guid)) {
return false;
}
I think it would be useful to link/mention/incorporate these methods (especially the latter one imo) somewhere in the readme, for people looking to make some use out of these PDBs:
http://ntcoder.com/bab/2012/03/06/how-to-force-symbol-loading-in-windbg/
FakePDB_CN_v3.zip
Offical 'Edit' not support, just use for IDA_ChineseEdition
Is your feature request related to a problem? Please describe.
I would love to use the generated pdb files while debugging with Visual Studio 2022, but it does not recognize the pdb file
Additional context
I am using IDA 7.6 and tested the v0.3 release
LLVM太大了,光下载都半天,更不用说编译了。
有点遗憾:还没支持PE2+。
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Hello.
I've followed what the instruction says: what the instruction says: copy content of fakepdb.zip/ida to <IDA_directory>/plugins
BUT unfortunately when i open the IDA the plugin seems NOT to installed - there is no FakePDB
option under the Edit
.
What I'm doing wrong?
Thx for help in advance!
P.S.
I'm using the IDA Pro 7.5 SP3
I'm trying to export pdb from PE with the .dll extension. Also i think only .exe is supported because .exe.json is generated...
Version: FakePDB 0.2 (on a compatible version of ida)
*i see that in 0.3 it is fixed
but version 0.3 does not work, and the declared support is "IDA> = 7.4"
Easier compilation on both Windows and Linux, perhaps some specific instructions what packages are needed etc.
Requested in: https://twitter.com/j00ru/status/1176238005746634754
Which version of LLVM need for building? With LLVM 9 it fail:
make[1]: Entering directory '/home/sr_team/Projects/FakePDB/src_pdbgen/build'
make[2]: Entering directory '/home/sr_team/Projects/FakePDB/src_pdbgen/build'
Scanning dependencies of target pdbgen_common
make[2]: Leaving directory '/home/sr_team/Projects/FakePDB/src_pdbgen/build'
make[2]: Entering directory '/home/sr_team/Projects/FakePDB/src_pdbgen/build'
[ 12%] Building CXX object CMakeFiles/pdbgen_common.dir/pefile.cpp.o
[ 25%] Building CXX object CMakeFiles/pdbgen_common.dir/pdbcreator.cpp.o
/home/sr_team/Projects/FakePDB/src_pdbgen/pefile.cpp: In member function 'uint32_t PeFile::GetImageSize()':
/home/sr_team/Projects/FakePDB/src_pdbgen/pefile.cpp:118:38: error: no matching function for call to 'llvm::object::COFFObjectFile::getPE32Header()'
118 | auto* pe32 = _obj->getPE32Header();
| ^
In file included from /home/sr_team/Projects/FakePDB/src_pdbgen/pefile.h:26,
from /home/sr_team/Projects/FakePDB/src_pdbgen/pefile.cpp:17:
/usr/include/llvm/Object/COFF.h:975:19: note: candidate: 'std::error_code llvm::object::COFFObjectFile::getPE32Header(const llvm::object::pe32_header*&) const'
975 | std::error_code getPE32Header(const pe32_header *&Res) const;
| ^~~~~~~~~~~~~
/usr/include/llvm/Object/COFF.h:975:19: note: candidate expects 1 argument, 0 provided
/home/sr_team/Projects/FakePDB/src_pdbgen/pefile.cpp:123:46: error: no matching function for call to 'llvm::object::COFFObjectFile::getPE32PlusHeader()'
123 | auto* pe32plus = _obj->getPE32PlusHeader();
| ^
In file included from /home/sr_team/Projects/FakePDB/src_pdbgen/pefile.h:26,
from /home/sr_team/Projects/FakePDB/src_pdbgen/pefile.cpp:17:
/usr/include/llvm/Object/COFF.h:976:19: note: candidate: 'std::error_code llvm::object::COFFObjectFile::getPE32PlusHeader(const llvm::object::pe32plus_header*&) const'
976 | std::error_code getPE32PlusHeader(const pe32plus_header *&Res) const;
| ^~~~~~~~~~~~~~~~~
/usr/include/llvm/Object/COFF.h:976:19: note: candidate expects 1 argument, 0 provided
make[2]: *** [CMakeFiles/pdbgen_common.dir/build.make:63: CMakeFiles/pdbgen_common.dir/pefile.cpp.o] Error 1
make[2]: *** Waiting for unfinished jobs....
/home/sr_team/Projects/FakePDB/src_pdbgen/pdbcreator.cpp: In member function 'bool PdbCreator::Commit(std::filesystem::__cxx11::path&)':
/home/sr_team/Projects/FakePDB/src_pdbgen/pdbcreator.cpp:108:81: error: taking address of rvalue [-fpermissive]
108 | if (_pdbBuilder.commit(path.string(), &_pdbBuilder.getInfoBuilder().getGuid())) {
| ^
make[2]: *** [CMakeFiles/pdbgen_common.dir/build.make:89: CMakeFiles/pdbgen_common.dir/pdbcreator.cpp.o] Error 1
make[2]: Leaving directory '/home/sr_team/Projects/FakePDB/src_pdbgen/build'
make[1]: *** [CMakeFiles/Makefile2:81: CMakeFiles/pdbgen_common.dir/all] Error 2
make[1]: Leaving directory '/home/sr_team/Projects/FakePDB/src_pdbgen/build'
make: *** [Makefile:84: all] Error 2
I can't seem to figure out how to get this plugin to work, it doesn't show up in IDA at all for me. I've tried in other exe's with processors and still no dice.
Example: https://i.imgur.com/ghAUg7Q.png
fail to generate user32.dll pdb , but user32.dll.json was generated successfully
I saw that the code was updated 8 months ago. Do I need to Releasecompile it again? , emmmm How can I compile it? I see a src for the plugin and a src for cpp。Should I compile the exe file from src_cpp and put it in the src_plugins/ida/fakepdb folder?
Is your feature request related to a problem? Please describe.
Export local types (enums, structs) with dumpinfo
Describe the solution you'd like
I'm willing to write the code for it. I'd like to add a new section to the json
, like so:
"local_types": {
"structs": [
{
"name": "CPed",
"name_demangled": "CPed",
"size": 128,
"members": [
{
"type": "ePedType",
"name": "m_nPedType",
"offset": 4,
}
]
}
],
"enums": [
{
"name": "ePedType",
"name_demangled": "ePedType",
"values": [
["PED_TYPE_PLAYER", 1]
]
}
]
}
Describe alternatives you've considered
I do have another tool to do this job, but I'd rather have it here.
I compile it from sources, and fakepdb crashed when I generate .PDB file, Since there are no fakepdb symbol file, I can't easily analyze dump files. Could you please tell me how to generate symbol files when compiling fakepdb .
IDA .idb and crash dump file have been uplaod to Google Drive
https://drive.google.com/file/d/1yfHaLg0KIJkB7JeYDKdyPvhOlL0fl4z3/view
Thanks in advance
Is your feature request related to a problem? Please describe.
AppVeyor is killing the build task as it exceeds 60 minutes of runtime.
Describe the solution you'd like
We should switch to Github Actions as it allows 6 hours of runtime. https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration
Describe alternatives you've considered
N/A
Additional context
N/A
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.