About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Store
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
IDA Scripts
: Microsoft VC++ Reversing Helpers
File Information
Category
Open Source
# Downloads
Version
IDA Scripts
Yes
12,816
3.0
Download from OpenRCE
MD5 Sum: 97D61B13B327EEEC63D3204A606AE3C9
Last updated on Sep 21, 2006 with the following description: Added scripts from second article "Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI" for parsing RTTI structures and vftables. Renamed project more appropriately.
Author Information
Username
Name
E-Mail
URL
igorsk
Igor Skochinsky
skochinsky
mail
ru
http://igorsk.blogspot.com
Description
These IDC scripts help with the reversing of MSVC programs. One script scans the whole program for typical SEH/EH code sequences and comments all related structures and fields. Commented are stack variables, exception handlers, exception types and other. It also tries to fix function boundaries that are sometimes incorrectly determined by IDA. The script to run is ms_ehseh.idc.
The other script scans the whole program for RTTI structures and vftables. For some simple cases, identifies and renames constructors and destructors. Outputs a file with the list of all vftables with referencing functions and class hierarchy. The script to run is ms_rtti4.idc.
For more information see the following OpenRCE articles written in conjunction with these scripts:
Reversing Microsoft Visual C++ Part I: Exception Handling
Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI
Active in Last 5 Minutes
timtoady
There are
21,677
total registered users.
Recently Created Topics
PyEmu error when cal...
Sep/02
Restore Themida/Winl...
Sep/02
Anti-olly technique
Aug/30
RAR Password
Aug/29
Heap protection on W...
Aug/23
Why Inline asm in C+...
Aug/20
Bypassing OllyAdvance
Aug/17
Error in logic for g...
Aug/17
Has anyone seen this...
Aug/17
ARM Executable - Pat...
Aug/16
Recent Forum Posts
reverse engineering ...
raiden56
pydbg, memory breakp...
Researc...
RAR Password
Ineedhelp
RAR Password
cod
Heap protection on W...
voila
Heap protection on W...
j00ru
Heap protection on W...
voila
Heap protection on W...
j00ru
Heap protection on W...
psylocn
Why Inline asm in C+...
ronnie2...
Recent Blog Entries
meshmesh
Sep/01
Is it legal??
waleedassar
Aug/30
Anti-olly technique
QvasiModo
Aug/24
WinAppDbg 1.4 is out!
artemblagodarenko
Aug/18
Dataflow-0.2.0 released. Ne...
grzonu
Aug/17
Bypassing OllyAdvanced
More ...
Recent Blog Comments
tosanjay
on:
Sep/02
PyEmu 0.0.2
GynvaelColdwind
on:
Sep/01
Is it legal??
PeterFerrie
on:
Aug/31
Anti-olly technique
dennis
on:
Aug/26
Dr. Gadget IDAPython plugin
halsten
on:
Aug/19
Dataflow-0.2.0 released. Ne...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}