-
Notifications
You must be signed in to change notification settings - Fork 3
/
vtable_to_struct.idc
112 lines (88 loc) · 2.21 KB
/
vtable_to_struct.idc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
// vtable_to_struct.idc
// Converts a VTable to a struct
// Based on VTableRec.idc by Sirmabus and modified by BAILOPAN
#include <idc.idc>
static CleanupName(name)
{
auto i;
auto current;
for(i = 0; i < strlen(name); i++)
{
current = name[i];
if(current == ":" || current == "~")
{
name[i] = "_";
}
}
return name;
}
static main()
{
auto pAddress, iIndex;
auto skipAmt;
auto structName;
auto structID;
SetStatus(IDA_STATUS_WORK);
// User selected vtable block
pAddress = ScreenEA();
if (pAddress == BADADDR)
{
Message("** No vtable selected! Aborted **");
Warning("No vtable selected!\nSelect vtable block first.");
SetStatus(IDA_STATUS_READY);
return;
}
SetStatus(IDA_STATUS_WAITING);
// Ask for settings
skipAmt = AskLong(0, "Number of vtable entries to ignore for indexing:");
structName = AskStr("CClass_vtable", "Enter the name of the vtable struct:");
SetStatus(IDA_STATUS_WORK);
// If the vtable struct already exists, delete it
structID = GetStrucIdByName(structName);
if (structID != -1)
{
Message("Deleted old vtable struct\n");
DelStruc(structID);
}
// Create the struct to import vtable names into
structID = AddStruc(-1, structName);
auto szFuncName, szFullName, szCleanName;
// For linux, skip the first entry
if (Dword(pAddress) == 0)
{
pAddress = pAddress + 8;
}
pAddress = pAddress + (skipAmt * 4);
// Loop through the vtable block
while (pAddress != BADADDR)
{
auto real_addr;
real_addr = Dword(pAddress);
szFuncName = GetFunctionName(real_addr);
if (strlen(szFuncName) == 0)
{
break;
}
szFullName = Demangle(szFuncName, INF_SHORT_DN);
if (szFullName == "")
{
szFullName = szFuncName;
}
if (strstr(szFullName, "_ZN") != -1)
{
Warning("You must toggle GCC v3.x demangled names!\n");
DelStruc(structID);
break;
}
szCleanName = CleanupName(szFullName);
while (AddStrucMember(structID, szCleanName, iIndex * 4, 0x20000400, -1, 4) == STRUC_ERROR_MEMBER_NAME)
{
szCleanName = szCleanName + "_";
};
pAddress = pAddress + 4;
iIndex++;
};
Message("Successfully added %d vtable entries to struct %s.\n", iIndex, structName);
Message("\nDone.\n\n");
SetStatus(IDA_STATUS_READY);
}