astr0 Posted April 25, 2021 Share Posted April 25, 2021 I Am Reversing A Malware Called Raccoon Stealer Its Written In C++ My Problem Is They Use Some Libraries That IDA Marks As unknown_libname This is Because It Doesn't Have Signatures For Them I Downloaded Class Informer and It Pointed Me That They Uses A Library Called nlohmann Its A Json Parsing Library For C++ But I can't figure out how can I add signatures for these libraries though I saw this repo (FLIRTDB) contains some signatures but the library is not included is there is sort of generator for these signatures I can use ? or how can I approach this situation. Thanks In Advance . Link to comment Share on other sites More sharing options...
astr0 Posted April 25, 2021 Author Share Posted April 25, 2021 (edited) okay looks like I found the solution in these blogs Creating library signatures for IDA idenLib https://www.hex-rays.com/products/ida/tech/flirt/in_depth/ FLARE IDA Pro Script Series: Generating FLAIR function patterns using IDAPython Edited April 25, 2021 by astr0 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now