Awesome
lst2x64dbg
This command extracts all the labels found in the LST file that is given as the single argument. An x64dbg database is created in the current directory based on the extracted labels.
The LST file can be generated in IDA from the File menu: Produce file -> Create LST file...
Example
$ lst2x64dbg sample.lst
ghidra2x64dbg
This command extracts all the labels found in the CSV file that is given as the single argument. An x64dbg database is created in the current directory based on the extracted labels. The imagebase value must be supplied.
The CSV file can be generated in Ghidra from the Window menu by selecting Symbol Table
In the symbol table window that opens, sort the data by the Location column. Then select all symbols that are not external locations. With the desired symbols selected, right click and select: Export -> Export to CSV...
NOTE: If you happen to select external locations, they will be ignored.
Name this file <module_name>.csv
Example
$ ghidra2x64dbg -i 400000 sample.csv
The imagebase value can be found at the very top of the disassembly panel in the CodeBrowser window. It's part of the DOS header.
Configuration for More Labels
Ghidra has one analysis option that is off by default that can provide more labels for code in a sample in certain situations. This option, WindowsPE x86 Propagate External Parameters
is found in the Analysis Options window when a sample is first opened in the CodeBrowser tool.
binja2x64dbg
This command extracts all the labels found in a Binary Ninja bnida JSON file given as a single argument. An x64dbg database is created in the current directory based on the extracted labels. The imagebase value must be supplied.
To generate a bnida file from Binary Ninja, one must first install the plugin according to the instructions:
https://zznop.github.io/bnida/
Once the executable is loaded in Binary Ninja, navigate to the Tools menu and select bnida: Export analysis data.
Name this file <module_name>.json
Example
$ binja2x64dbg -i 400000 sample.json
relyze2x64dbg
This command extracts all the labels found in a x64dbg database generated by Relyze given as a single argument. An x64dbg database is created in the current directory based on the extracted labels.
To generate a x64dbg database in Relyze, simply open the executable and in the Code view, right click, and export.
Name this file <module_name>_relyze.dd32
or <module_name>_relyze.dd64
Example
$ relyze2x64dbg sample_relyze.dd32
Support for radare2
Both commands now support inclusion of the location for main() as detected by
radare2. Just add -r
or -main
to either command like this:
$ lst2x64dbg -r 0x0040a53a sample.lst
Just cut and paste the virtual address for main from Cutter's UI or from radare2 command line.
Workflow Notes
Each of these tools will check the current directory for an x64dbg database that was created by a previous run of one of the tools. Any offset from that database that already has a label will not be changed by a subsequent run of any of the tools. In other words, each tool expands the list of labels, but does not overwrite any labels that already exist.
If you have manually created labels, it is recommended to only create them in one disassembler. Also, make that disassembler's output the very first to be processed by one of the above tools. This way all your custom labels are guaranteed to exist in the new x64dbg database.
In a future iteration of this software there will be a way to deconflict at the merge step of the processing.