stong
commented
1 week ago Hi there,
It's been several years since I worked on this (and I am no longer an employee of Vector35, and I am no longer a professional reverse engineer) but from my memory, I believe this may be helpful to you:
Essentially, since you are working with an entire msvcrt sdk, you also need to do some form of linking. This is because the various functions in the static libraries (obj files) are going to get linked with each other at compile time when the actual program binary that uses the library objects is produced. For example, if CompilationUnit1.obj references function in CompilationUnit2.obj, this will be like a relocation or something in the .obj, but in an actual .exe, the reference will get turned into a real function call. To account for this difference between .obj and what we see in actual binaries, we need to do linking when we're working with .lib and .obj .a and .o respectively on Linux) like this for signature generation.
The script linked above is basically this but for .a and .o on Linux for ubuntu binaries, so the overall principle is the same for Windows .lib and .obj.
Let me know how it goes!
Luca1991
I'm writing a script that, given a directory with .LIB files, will extract all the .obj files and automatically create a .sig file for each of them. The idea is to be able to easily produce signatures for various SDKs (like the old MSVC++6.0 and so on), automatically.
Now the question is: how can I merge all the individual .sig files obtained from each .obj into a single file (e.g. msvcpp6.sig)? I see that there is a script called merge_multiple_versions.py in the example directory, but it looks like its puropose is to "merge the signature libraries generated for different versions of the same library".
Once I figure this out, I'll release the script :)