Transitioning between tools, whether it’s preserving the work you’ve already done or adapting to a different workflow, can be challenging at first. Here at Hex-Rays we want to make that transition easier by introducing a new plugin to our toolset: DBImporter.
DBImporter will help you import databases from other reverse engineering tools. It does so by first translating the foreign format into its own intermediate-representation format, and then importing data from that. With its initial release it supports importing data from the Ghidra XML format, though ultimately we hope to have a large range of use-cases covered.
With that intention in mind, the DBImporter format aims to define a portable way of importing data into IDA, which we hope will aid in adding support for other tools.
Aside from being a plugin usable from within IDA, it also can be used programmatically as a Python module or a CLI tool, making headless operation and automated conversions possible. For example, here’s a snippet to programmatically open a database and load a file exported from Ghidra using our Domain API, with selective importing:
|
Python import ida_domain import ida_dbimporter.ghidra with ida_domain.Database.open(path="./sample.elf") as db: sample_data = ida_dbimporter.ghidra.parse_file("./sample.xml") settings = ida_dbimporter.ImportSettings() settings.import_fns = False settings.import_segs = False
ida_dbimporter.import_data_into_ida(sample_data, settings) ... |
And one to mass-convert exe/Ghidra XML files with a shell script:
|
Shell #/bin/bash for filename in *.exe; do filename_without_suffix=${filename%.exe} xml_file="${filename_without_suffix}.xml" dbimporter --make-idb -idbb "${filename}" "${xml_file}" done |
We designed the schema with accessibility in mind. Since we use JSON as the base format, it can be interacted with a variety of tools and programming languages. It primarily contains information about a program’s types, segments, labels, comments, and functions; the types can be defined either via strings or programmatically for developer convenience.
We will keep expanding/adapting the schema to be more powerful yet easier to use (your feedback matters a lot here!). In the future you can expect to see more data points in the schema, i.e. cross-references or other valuable artifacts. If you want to make your own tool based on the DBImporter schema (which we encourage you to do), you can get familiar with it at the GitHub repository. We were aiming for making it easy to inspect/play around with; for example, this is how a function typedef might look like:
|
JSON "pthread_h::functions::__destr_function": { "type": "function", "rettype": "void", "args": [ { "name": "", "type": "void *" } ] } |
If it’s more convenient for you to work with string declarations, it may very well look like this too:
|
JSON "pthread_h::functions::__destr_function": { "type": "function", "decl": "void pthread_h::functions::__destr_function(void*)" } |
How about defining a function’s local variables? Take a look:
|
JSON "0xe588": { "lvars": [ { "name": "unk_stkvar_30", "stack_offset": "-0x30", "size": "0x8", "type": "_QWORD" }, { "name": "bytes_written", "stack_offset": "-0x20", "size": "0x8", "type": "_QWORD" }, { "name": "status", "stack_offset": "-0x10", "size": "0x8", "type": "_QWORD" } ] } |
Little to no nesting, no crazy cross-indexing - every entry stands on its own.
The plugin can be downloaded through hcli; for instructions/more info check out its page at our plugin repository as well as the GitHub repository.
We hope that this project will open up a great potential for interoperability with other tools; we especially encourage the community to create and share tools that export data from other reverse-engineering software to our format.
As mentioned, your feedback is what makes us better. You can send an email directly to product@hex-rays.com, or drop us a line on our Discourse forum.