IDA signatures question

[The Old Pirate]

I have a DLL and the source code of the old version of this DLL. How do I utilize this in IDA? I read about FLIRT technology but it states this is for static libraries (?)
Could someone point me in right direction?

It's just a byte signatures, IDA has plenty of them for most popular programming languages and their libraries.

[The Old Pirate]

I looking to make IDA match functions in the disassembly of the new DLL with their names utilizing the old source code. There has to be a way.

[sendersu]

Quote:

Originally Posted by The Old Pirate

I looking to make IDA match functions in the disassembly of the new DLL with their names utilizing the old source code. There has to be a way.

well, you could start from here -
http://www.woodmann.com/collaborative/tools/index.php/Category:IDA_Signature_Creation_Tools

a lot of handy tools are there....


Create your own signature file simply following 2 easy steps:

../flair/bin/pcf lmgr.lib lmgr.pat
or
../flair/bin/plb lmgr.lib lmgr.pat

../flair/bin/sigmake lmgr.pat lmgr.sig


another case
sigmake.exe -n"SSL 0.98e" -a0004 -o0002 -p0 -t10 *.pat SSL98e.sig
copy *.sig "C:\IDAPro6.1\sig"

[Conquest]

Quote:

Originally Posted by The Old Pirate

I looking to make IDA match functions in the disassembly of the new DLL with their names utilizing the old source code. There has to be a way.

Flirt signatures work on the basis of binary search pattern . Since you have the source , you have already progressed 25% but there is a major issue .
the binary pattern searching only works if the over the versions compiler stays same or similar . Why? as compilers update/upgrade the code generation scheme keeps changing thus changing the byte patterns .
You will need to generate a static library out of the source maintaining same compiler options and version . What i am saying is based on my experience and i am in no way in a position to claim to know the internal sig generation methods .
The signature generation itself is rather easy and you can find lots of small tutorial about them . If its a small program , you can try to name the functions manually and create small python scripts to use as flirt signatures for naming .

good luck

If flirt doesn't detect some symbols you can try use bindiff
it could show you some points you missed with flirt because maybe they changed compiler and etc...
Reminder: when you use flirt check if you using the release version and not the debug version.
In bindiff compile release with symbols and compare