OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Store Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Article Abstract Microsoft Visual C++ is the most widely used compiler for Win32 so it is important for the Win32 reverser to be familiar with its inner working. Being able to recognize the compiler-generated glue code helps to quickly concentrate on the actual code written by the programmer. It also helps in recovering the high-level structure of the program.

In part II of this 2-part article (see also: Part I: Exception Handling), I will cover how C++ machinery is implemented in MSVC, including classes layout, virtual functions, RTTI. Familiarity with basic C++ and assembly language is assumed.

Full Article ...

Printer Friendly ...

Article Comments

linestyle	Posted: Thursday, September 21 2006 20:02.11 CDT
great work!!:)

MohammadHosein	Posted: Friday, September 22 2006 15:23.54 CDT
actually didnt read the whole article yet , but seems very informative . the undocumented VC's switch was very interesting , would you like to share how did you find it and are there any other undocumented switches ? :)

igorsk	Posted: Friday, September 22 2006 16:30.48 CDT
Well, I was disassembling c1xx to check how it does certain things and sort of stumbled upon it. There are a lot of hidden options, but I didn't really investigate them that much. Here's a page that has a huge list with some described: http://members.ozemail.com.au/~geoffch@ozemail.com.au/samples/programming/msvc/cl/

dnix	Posted: Tuesday, August 19 2008 03:32.23 CDT
wonder whether these structures found by these scripts could be added to the IDA structures so one choose them from add struct var

Sirmabus

Posted: Wednesday, December 24 2008 00:45.52 CST

Thanks the vtable finder/namer script functionality is great help. In particular over a very large target with over a 1000 vtables.

I read the article some time ago, but finally got around to experimenting.
It's probably way over looked, people probably don't know how usefull it is on such targets with lots of vtables. You have to try it to understand..

I think I may expand the idea into a plug-in and add some more features like a list/log window, etc.

Phenomenal work!

Sirmabus	Posted: Thursday, January 22 2009 04:26.19 CST
<Here's my plug-in>

Externalist	Posted: Thursday, January 29 2009 20:58.09 CST
I've also read this some time ago but never really got a chance to recognize the full power until recently when I got involved in a C++ reversing project. This is truely awesome along with Part I of this article. I could say I gained tons from this. Thanks alot for the contribution!! And also, thanks for the plugin with extended features Sirmabus. :)

Active in Last 5 Minutes
	excavationfondations

There are 21,678 total registered users.

Recently Created Topics
PyEmu error when cal...	Sep/02
Restore Themida/Winl...	Sep/02
Anti-olly technique	Aug/30
RAR Password	Aug/29
Heap protection on W...	Aug/23
Why Inline asm in C+...	Aug/20
Bypassing OllyAdvance	Aug/17
Error in logic for g...	Aug/17
Has anyone seen this...	Aug/17
ARM Executable - Pat...	Aug/16

Recent Forum Posts
reverse engineering ...	raiden56
pydbg, memory breakp...	Researc...
RAR Password	Ineedhelp
RAR Password	cod
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	psylocn
Why Inline asm in C+...	ronnie2...

Recent Blog Entries
	meshmesh	Sep/01
Is it legal??
	waleedassar	Aug/30
Anti-olly technique
	QvasiModo	Aug/24
WinAppDbg 1.4 is out!
	artemblagodarenko	Aug/18
Dataflow-0.2.0 released. Ne...
	grzonu	Aug/17
Bypassing OllyAdvanced
More ...

Recent Blog Comments
	tosanjay on:	Sep/02
PyEmu 0.0.2
	GynvaelColdwind on:	Sep/01
Is it legal??
	PeterFerrie on:	Aug/31
Anti-olly technique
	dennis on:	Aug/26
Dr. Gadget IDAPython plugin
	halsten on:	Aug/19
Dataflow-0.2.0 released. Ne...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit