-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathvtable_to_struct.idc
More file actions
194 lines (170 loc) · 5.96 KB
/
vtable_to_struct.idc
File metadata and controls
194 lines (170 loc) · 5.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
// vtable_to_struct.idc
// Converts a VTable to a struct
// Based on VTableRec.idc by Sirmabus and modified by BAILOPAN
// Modified again by tomsons26 to strip class name, name dtors/sdtors and index functions with same name
// Possibly Todo
// Verify some possible fringe cases
// Script gets stuck on unusable symbols such as MSVC SDTOR `(fixed)
// watch out for other cases like these
#include <idc.idc>
static CleanupName(name)
{
auto i;
auto current;
auto StrLoc, length;
auto substr1, substr2;
length = strlen(name);
// Remove class name if any
StrLoc = strstr(name, "::");
if (StrLoc != -1) {
substr1 = substr(name, 0, StrLoc);
substr2 = substr(name, StrLoc + 2, -1);
// Message("substring 1 %s substring 2 %s\n", substr1, substr2);
// check for CTOR
if (substr1 != -1 && substr2 != -1 && substr1 == substr2) {
// Message("Got a CTOR\n");
return "CTOR";
}
name = substr2;
}
for (i = 0; i < strlen(name); i++) {
current = name[i];
if (current == ":") {
name[i] = "_";
}
// If we got a DTOR just return DTOR
if (current == "~") {
return "DTOR";
}
// If we got a SDTOR just return SDTOR
if (current == "`") {
return "SDTOR";
}
}
return name;
}
static main()
{
auto pAddress, iIndex;
auto skipAmt;
auto structName;
auto structID;
auto Write_Struct, Print_Struct;
Write_Struct = 1;
Print_Struct = 1;
SetStatus(IDA_STATUS_WORK);
// User selected vtable block
pAddress = ScreenEA();
if (pAddress == BADADDR) {
Message("** No vtable selected! Aborted **");
Warning("No vtable selected!\nSelect vtable block first.");
SetStatus(IDA_STATUS_READY);
return;
}
SetStatus(IDA_STATUS_WAITING);
// Ask for settings
skipAmt = AskLong(0, "Number of vtable entries to ignore for indexing:");
//try Getting Name from Vtable itself, else set a preset
structName = GetTrueNameEx(pAddress, pAddress);
// make sure we have a name and it has a char typical to mangled names
if (structName != "" && strstr(structName, "off_") == -1) {
//MSVC/GCC Old
if(strstr(structName, "??") != -1 || strstr(structName, "__vt") != -1){
structName = Demangle(structName, INF_SHORT_DN);
structName = substr(structName, 0, strstr(structName, "::")) + "_vtable";
}
//GCC New
if(strstr(structName, "_Z") != -1 ){
structName = Demangle(structName, INF_SHORT_DN);
structName = substr(structName, strstr(structName, "'") + 1, strstr(structName, "::")) + "_vtable";
}
//Watcom
if(strstr(structName, "W?") != -1 ){
Message("substring - %s\n", substr(structName, strstr(structName, ":") + 1, strstr(structName, "$$")));
structName = substr(structName, strstr(structName, ":") + 1, strstr(structName, "$$")) + "_vtable";
}
} else {
structName = "class_vtable";
}
structName = AskStr(structName, "Set the name of the vtable struct:");
SetStatus(IDA_STATUS_WORK);
if (Write_Struct) {
// If the vtable struct already exists, delete it
structID = GetStrucIdByName(structName);
if (structID != -1) {
Message("Deleted old vtable struct\n");
DelStruc(structID);
}
// Create the struct to import vtable names into
structID = AddStruc(-1, structName);
}
if (Print_Struct) {
Message("struct %s {\n", structName);
}
auto szFuncName, szFullName, szCleanName;
// For linux, skip the first entry
if (Dword(pAddress) == 0) {
pAddress = pAddress + 8;
}
pAddress = pAddress + (skipAmt * 4);
auto docheck = 0;
// Loop through the vtable block
while (pAddress != BADADDR) {
// check for a name, this is for such cases
// when there's no padding after the vtable
// else it will keep exporting it
if (docheck) {
if (strstr(NameEx(pAddress, pAddress), "?") != -1) {
break;
}
}
szFuncName = NameEx(Dword(pAddress), Dword(pAddress));
if (strlen(szFuncName) == 0) {
break;
}
szFullName = Demangle(szFuncName, INF_SHORT_DN);
if (szFullName == "") {
szFullName = szFuncName;
}
if (strstr(szFullName, "_ZN") != -1) {
Warning("You must toggle GCC v3.x demangled names!\n");
if (Write_Struct) {
DelStruc(structID);
}
break;
}
szCleanName = CleanupName(szFullName);
auto funindex = 0;
auto NameToTry = szCleanName;
if (Write_Struct) {
while (AddStrucMember(structID, NameToTry, iIndex * 4, 0x20000400, -1, 4) == STRUC_ERROR_MEMBER_NAME) {
funindex++;
NameToTry = szCleanName + "_" + ltoa(funindex, 10);
if ( funindex == 20 )
{
Message("Can't use name %s\n", szCleanName);
Message("Possibly there are invalid characters in it!\nAdded A dummy entry in its place!\n");
AddStrucMember(structID, form("DUMMY_%x", iIndex * 4), iIndex * 4, 0x20000400, -1, 4);
Message("Fix this in the IDC code or manually add the entry in the vtable struct!\n");
break;
}
};
funindex = 0;
}
if (Print_Struct) {
Message(" int %s;\n", NameToTry);
}
pAddress = pAddress + 4;
iIndex++;
docheck = 1;
};
if (Print_Struct) {
Message("}\n");
Message("Printed %d vtable entries\n", iIndex);
}
if (Write_Struct) {
Message("Added %d vtable entries to struct %s.\n", iIndex, structName);
}
Message("\nDone.\n\n");
SetStatus(IDA_STATUS_READY);
}