About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
Sirmabus
's Blog
Created: Thursday, January 22 2009 03:42.28 CST
Modified: Tuesday, June 16 2009 00:57.15 CDT
Printer Friendly ...
Class Informer IDA plug-in
Author:
Sirmabus
# Views:
42595
My new IDA plug-in based on Igorsk's excellent
article
and IDC scripts.
[Download]
------------------------------------------------------------
Scans an MSVC 32bit target IDB for vftables with C++ RTTI, and MFC RTCI type data.
Places structure defs, names, labels, and comments to make more sense of class vftables ("Virtual Function Table") and make them read
easier as an aid to reverse engineering.
Creates a list window with found vftables for browsing.
RTTI ("Run-Time Type Identification"):
http://en.wikipedia.org/wiki/RTTI
RTCI ("Run Time Class Information") the MFC forerunner to "RTTI":
http://msdn.microsoft.com/en-us/library/fych0hw6(VS.80).aspx
------------------------------------------------------------
Example vftable output list:
.
.
Example vftable info set by plug-in:
.
.
Blog Comments
neoxfx
Posted: Thursday, January 22 2009 04:22.52 CST
great work!, thanks for sharing to the community.
camus
Posted: Thursday, January 22 2009 06:55.11 CST
Very nice, thanks!
RvaZero
Posted: Monday, January 26 2009 02:12.19 CST
Very valuable. Thanks.
Hendrix
Posted: Friday, October 1 2010 15:41.31 CDT
Thank you, very helpful!
Sirmabus
Posted: Tuesday, March 29 2011 05:20.19 CDT
Thanks guys.
I've done an update with some extra features and added exponential speedups by replacing string searching and processing with mostly binary methods.
I made a section on my forums for my IDA plug-ins where you can download the updates:
Sirmabus IDA plug-in forum
Add New Comment
Comment:
There are
31,325
total registered users.
Recently Created Topics
Oct/23
Oct/23
Oct/23
baselineForumId
Oct/23
Oct/23
x' OR (SELECT CASE W...
Oct/23
controlNoDelay
Oct/23
x' OR SLEEP(5)--
Oct/23
x' OR (SELECT CASE W...
Oct/23
controlNoDelay
Oct/23
Recent Forum Posts
Reverse Engineering ...
bytecod3r
Reverse Engineering ...
bytecod3r
Reverse Engineering ...
bytecod3r
Reverse Engineering ...
bytecod3r
Reverse Engineering ...
bytecod3r
let 'IDAPython' impo...
bytecod3r
Reverse Engineering ...
bytecod3r
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}