About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
Sirmabus
's Blog
Created: Thursday, January 22 2009 03:42.28 CST
Modified: Tuesday, June 16 2009 00:57.15 CDT
Printer Friendly ...
Class Informer IDA plug-in
Author:
Sirmabus
# Views:
13726
My new IDA plug-in based on Igorsk's excellent
article
and IDC scripts.
[Download]
------------------------------------------------------------
Scans an MSVC 32bit target IDB for vftables with C++ RTTI, and MFC RTCI type data.
Places structure defs, names, labels, and comments to make more sense of class vftables ("Virtual Function Table") and make them read
easier as an aid to reverse engineering.
Creates a list window with found vftables for browsing.
RTTI ("Run-Time Type Identification"):
http://en.wikipedia.org/wiki/RTTI
RTCI ("Run Time Class Information") the MFC forerunner to "RTTI":
http://msdn.microsoft.com/en-us/library/fych0hw6(VS.80).aspx
------------------------------------------------------------
Example vftable output list:
.
.
Example vftable info set by plug-in:
.
.
Blog Comments
neoxfx
Posted: Thursday, January 22 2009 04:22.52 CST
great work!, thanks for sharing to the community.
camus
Posted: Thursday, January 22 2009 06:55.11 CST
Very nice, thanks!
RvaZero
Posted: Monday, January 26 2009 02:12.19 CST
Very valuable. Thanks.
Hendrix
Posted: Friday, October 1 2010 15:41.31 CDT
Thank you, very helpful!
Sirmabus
Posted: Tuesday, March 29 2011 05:20.19 CDT
Thanks guys.
I've done an update with some extra features and added exponential speedups by replacing string searching and processing with mostly binary methods.
I made a section on my forums for my IDA plug-ins where you can download the updates:
Sirmabus IDA plug-in forum
Add New Comment
Comment:
Active in Last 5 Minutes
phifli
There are
28,212
total registered users.
Recently Created Topics
Reverse Engineering ...
Jan/23
Career: DoD Agency I...
Jan/22
"Disappearing&q...
Jan/17
Career: Software Sec...
Jan/11
Where is the call st...
Jan/07
IDA Pro 6.1 Breakpoi...
Jan/01
How to create data s...
Dec/30
can i search all mod...
Dec/23
IDA symbol table exp...
Dec/20
An anti-attach trick
Dec/17
Recent Forum Posts
Reverse Engineering ...
NirIzr
"Disappearing&q...
NirIzr
Reverse Engineering ...
charlie
"Disappearing&q...
charlie
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
Looking for value in...
NirIzr
Recent Blog Entries
Ludwig
Feb/04
chi on sale
Ludwig
Feb/04
Monster In The Vicinity Of ...
Ludwig
Feb/04
Supra footwear Online
waleedassar
Jan/31
Yet Another Anti-Debug Trick
RolfRolles
Jan/22
Finding Bugs in VMs with a ...
More ...
Recent Blog Comments
waleedassar
on:
Feb/01
Yet Another Anti-Debug Trick
NirIzr
on:
Jan/31
Yet Another Anti-Debug Trick
jackchen
on:
Jan/10
nike mercurial vapor iii
waleedassar
on:
Dec/27
A new Anti-Olly trick.
PeterFerrie
on:
Dec/27
A new Anti-Olly trick.
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}