vtable tuto

1. // *****************************************************************************
2. // - IDA Pro script -
3. // Name: ida_vtables.idc
4. // Desc: Recreates the methods of a class from a vtable
5. //
6. // Ver: 1.0b - July 20, 2006 - By Sirmabus
7. // Ver: 2.0 - July 7, 2006 by BAILOPAN
8. // �������������������������������������������������������������������������-��-
9. //
10. // -----------------------------------------------------------------------------
11.  
12. #include <idc.idc>
13.  
14. static main()
15. {
16. auto pAddress, iIndex;
17. auto szFilePath, hFile;
18. auto skipAmt;
19.  
20. SetStatus(IDA_STATUS_WORK);
21.  
22. // User selected vtable block
23. pAddress = ScreenEA();
24.  
25. if (pAddress == BADADDR)
26. {
27. Message("** No vtable selected! Aborted **");
28. Warning("No vtable selected!\nSelect vtable block first.");
29. SetStatus(IDA_STATUS_READY);
30. return;
31. }
32.  
33. skipAmt = AskLong(1, "Number of vtable entries to ignore for indexing:");
34.  
35. // Request output header file
36. SetStatus(IDA_STATUS_WAITING);
37. if ((szFilePath = AskFile(1, "*.txt", "Select output dump file:")) == 0)
38. {
39. Message("Aborted.");
40. SetStatus(IDA_STATUS_READY);
41. return;
42. }
43.  
44. // And create it..
45. if ((hFile = fopen(szFilePath, "wb")) != 0)
46. {
47. auto szFuncName, szFullName, BadHits;
48.  
49. BadHits = 0;
50.  
51. // Create the header
52. fprintf(hFile, "// Auto reconstructed from vtable block @ 0x%08X\n// from \"%s\", by ida_vtables.idc\n", pAddress, GetInputFile());
53.  
54. /* For linux, skip the first entry */
55. if (Dword(pAddress) == 0)
56. {
57. pAddress = pAddress + 8;
58. }
59.  
60. pAddress = pAddress + (skipAmt * 4);
61.  
62. // Loop through the vtable block
63. while (pAddress != BADADDR)
64. {
65. auto real_addr;
66. real_addr = Dword(pAddress);
67.  
68. szFuncName = Name(real_addr);
69. if (strlen(szFuncName) == 0)
70. {
71. break;
72. }
73. szFullName = Demangle(szFuncName, INF_LONG_DN);
74. if (szFullName == "")
75. {
76. szFullName = szFuncName;
77. }
78. if (strstr(szFullName, "_ZN") != -1)
79. {
80. fclose(hFile);
81. Warning("You must toggle GCC v3.x demangled names!\n");
82. break;
83. }
84. fprintf(hFile, "%d\t%s\n", iIndex, szFullName);
85.  
86. pAddress = pAddress + 4;
87. iIndex++;
88. };
89.  
90. fclose(hFile);
91. Message("Successfully wrote %d vtable entries.\n", iIndex);
92. }
93. else
94. {
95. Message("** Error opening \"%s\"! Aborted **\n", szFilePath);
96. Warning("Error creating \"%s\"!\n", szFilePath);
97. }
98.  
99. Message("\nDone.\n\n");
100. SetStatus(IDA_STATUS_READY);
101. }