An IDAPython script which parses Turbo/Borland symbolic debug information (aka TDInfo) and imports it into your IDA database.
Inspired by the pwnable.kr challenge dos4fun.
Written with DOS in mind.
- IDA 7.0+ & Python 2/3
pip install -Ur requirements.txt
- tdinfo_structs.py: construct definitions of the different TDInfo structs.
This file is independent of IDA, and may be utilized to import the symbols into other programs which support Python. - tdinfo_parser.py: An IDAPython script which parses the executable (using said definitions) and imports its symbols into the IDA database.
- Consider applying FLIRT signatures (see below).
- Press Alt+F7 to load tdinfo_parser.py into IDA.
- Call
TdinfoParser().apply().
I'm usually not one for documentations going out of scope, but hey, if you're reading this then you're probably already plucking forgotten pieces of information from arcane niches of the Internet; why shouldn't I chip in?
The following pointers may help get you near your goal:
-
IDA's entry point analysis may fail to recognize that an executable was compiled with a Turbo/Borland compiler.
You can still import IDA's TCC/BCC symbols manually by loading the compiler's signature file (File -> Load file -> FLIRT signature file...). -
TD (Turbo Debugger for DOS) – apart from being a decent debugger – automatically parses TDInfo symbols.
-
TDump (Turbo Dump) may be used for a more complete parsing of the debug information.