About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

IDA Scripts: Microsoft VC++ Reversing Helpers

File Information
Category Open Source # Downloads Version
IDA Scripts Yes 27,588 3.0

Download from OpenRCE
MD5 Sum: 97D61B13B327EEEC63D3204A606AE3C9

Last updated on Sep 21, 2006 with the following description: Added scripts from second article "Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI" for parsing RTTI structures and vftables. Renamed project more appropriately.

Author Information
Username Name E-Mail URL
  igorsk Igor Skochinsky skochinskymailru http://igorsk.blogspot.com

Description These IDC scripts help with the reversing of MSVC programs. One script scans the whole program for typical SEH/EH code sequences and comments all related structures and fields. Commented are stack variables, exception handlers, exception types and other. It also tries to fix function boundaries that are sometimes incorrectly determined by IDA. The script to run is ms_ehseh.idc.

The other script scans the whole program for RTTI structures and vftables. For some simple cases, identifies and renames constructors and destructors. Outputs a file with the list of all vftables with referencing functions and class hierarchy. The script to run is ms_rtti4.idc.

For more information see the following OpenRCE articles written in conjunction with these scripts:

Reversing Microsoft Visual C++ Part I: Exception Handling
Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI

There are 31,310 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit