Exetools - How to port function names from one exe to another?

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - How to port function names from one exe to another? (https://forum.exetools.com/showthread.php?t=16946)

schrodinger

07-19-2015 04:38

How to port function names from one exe to another?

Hello,
I have two executable elf files for one program but with 2 different version.
IDA can resolve the function names in one of them while not for the other.
Bindiff is the tool of choice I think but it is not working for 64 bit.What can be done to solve this issue?

Apuromafo

07-19-2015 06:18

Use a vm example oracle vm virtualbox, put a windows xps3 or windows 7 /8 x86 and you must will done ...

Naides

07-19-2015 07:55

If you are analyzing 32 bit elf files you can use IDA 32 bit even in a 64 OS environment. And Bindiff should work. If the elf files are 64 bit, then trying the analysis on a x86 system will not help. Try a earlier version 3.x of Bindiff. Not all the bells and whistles, but I remember IDA x64 module did not crash.

schrodinger

07-19-2015 08:32

Quote:

Originally Posted by Naides (Post 100658)

can you please upload older bindiff (I want to try 4.01 or 3x)
Do you know if 4.0 works for 64 bit ?

Naides

07-19-2015 09:43

Alternative solution found in a chinese Hacking place.

http://www.h4ck.org.cn/2014/08/ida64-fatal-error-before-kernel-init/

Rename the file: Zynamics_binexport_8.p64, found in IDA\plugins to something else. IDA will now work. I have not tested the functionality though.

Naides

07-19-2015 09:53

Files too big to upload. I have Ver 4.0

Naides

07-19-2015 22:47

ver 4.01 works. PM if you need a link.

All times are GMT +8. The time now is 19:52.