Reputation: 468
IDA Pro: How to reduce memory snapshot size by removing everything but code?
I'm analyzing an application which loads several DLL files which are highly interconnected and obfuscate function calls by writing these functions somewhere in the memory AFTER the application has started.
Easy solution -> I took a complete memory snapshot (including .debug segments). Now the ida database is full of loaded data and has a size of ~3GB which slows down the analyzation process alot. I'm afraid of removing the .debug segements as I can't tell for sure that the application didn't write any functions into this memory.
Is there a way to strip all non-code data?
Upvotes: 2
Views: 984
Answers (1)
Reputation: 980
You can delete segments, but it doesn't seem to subtract from the database size. A workaround I know would be to export the database and type info, and then import them into a fresh project, but it might not be suitable for you
Upvotes: 1
Related Questions
- Extracting IDA view-A data or Assembly from IDApython
- IDA pro understanding disassembly specifics
- Can't understand disassembled code, any ideas?
- How to disassemble a 32-bit ELF stripped c-program using IDA pro?
- Reverse-Engineering Memory Load Techniques?
- IDA Pro: Reverse-Engineering Temp Storage
- IDA Assembly change jump destination
- Convert large amount of code to data in IDA
- What's debug section in IDA Pro?
- Reverse Engineer Simple Application with IDA Pro 5