mr-tz
commented
4 months ago Good idea. Alternatively, we'd have to add special logic to translate names to ordinals and vice versa.
Closed williballenthin closed 4 months ago
mr-tz
commented
4 months ago Good idea. Alternatively, we'd have to add special logic to translate names to ordinals and vice versa.
Programs can import networking routines from ws2_32 by ordinal, and this is occasionally seen in the wild, such as in PMA 01-01.dll.
This file shows an example of mapping ordinals to names for ws2_32: https://github.com/phracker/HopperScripts/blob/9468cdadb2c139d474662ae82716a5098e7350e4/WS2_32.dll%20Ordinals%20to%20Names.py#L8
Today, we rely on vivisect (or the binary analysis backend) to resolve ordinal numbers to human-readable names; however, not all analysis backends may have this mapping. So, we can extend our rules to also match these ordinals.
For example, with these changes using a backend that doesn't support ordinal mapping: