Giters

a1ext / labeless

Labeless is a multipurpose IDA Pro plugin system for labels/comments synchronization with a debugger backend, with complex memory dumping and interactive Python scripting capabilities.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Wrong dumped segment selector set

a1ext opened this issue · comments

commented

Environment

IDA-side information

Question Answer
IDA-side OS version Win 7 x64
IDA PRO bitness (not IDB/I64) 64
IDA plugin bitness 32
IDA plugin version 1.1.2.97

Debugger-side information

Doesn't matter

Problem Description

After dumping part of dynamically resolved API table, code references get broken:

image

Steps to Reproduce

  1. Open Trickbot sample
  2. trace it in debugger until APIs are resolved
  3. Perform Keep and import dumping of resolved APIs memory region (416CAC - 416F8C):
    image

Possible Solutions

The following script fixes the problem:

seg = idaapi.getseg(0x416CAC)
seg.sel = idaapi.setup_selector(2)
seg.update()

image

commented

Labeless 1.1.2.97 Where to download?