About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Store Users What's New


Customize Theme

Flag: Tornado! Hurricane!

IDA Scripts: Microsoft VC++ Reversing Helpers

File Information
Category Open Source # Downloads Version
IDA Scripts Yes 11,770 3.0

Download from OpenRCE
MD5 Sum: 97D61B13B327EEEC63D3204A606AE3C9

Last updated on Sep 21, 2006 with the following description: Added scripts from second article "Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI" for parsing RTTI structures and vftables. Renamed project more appropriately.

Author Information
Username Name E-Mail URL
  igorsk Igor Skochinsky skochinskymailru http://igorsk.blogspot.com

Description These IDC scripts help with the reversing of MSVC programs. One script scans the whole program for typical SEH/EH code sequences and comments all related structures and fields. Commented are stack variables, exception handlers, exception types and other. It also tries to fix function boundaries that are sometimes incorrectly determined by IDA. The script to run is ms_ehseh.idc.

The other script scans the whole program for RTTI structures and vftables. For some simple cases, identifies and renames constructors and destructors. Outputs a file with the list of all vftables with referencing functions and class hierarchy. The script to run is ms_rtti4.idc.

For more information see the following OpenRCE articles written in conjunction with these scripts:

Reversing Microsoft Visual C++ Part I: Exception Handling
Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI
Active in Last 5 Minutes
Wannabe

There are 15,865 total registered users.


Recently Created Topics
Career: Technical Pr...
Feb/04
Help needed with: ge...
Feb/04
A question regarding...
Feb/01
Compiler infector an...
Jan/29
Yahoo autoupdater vi...
Jan/27
Solidshield VM Analyse
Jan/27
Tuto about unpacking...
Jan/25
IDA Pro plugins don'...
Jan/20
Bug -- proc_peek_rec...
Jan/17
SYSTEM_INFORMATION_C...
Jan/16


Recent Forum Posts
IDA Pro plugins don'...
Cluster
RECON
hugo
A question regarding...
ronnie2...
A question regarding...
lallous
A question regarding...
detlef
RECON
hugo
Tuto about unpacking...
jumpzero
Yahoo autoupdater vi...
invisghost
Kindle for PC DRM
clarknova
Stack tracing with I...
Hanumaan


Recent Blog Entries
mjobin
Feb/08
Malware Research Analyst Op...
lin0xx
Feb/04
User-supplied Array Index E...
cyphunk
Feb/03
JTAG Enumeration (tool)
dragula
Jan/29
Reversing compiler infector...
GynvaelColdwind
Jan/26
The tale of Syndicate Wars ...
More ...


Recent Blog Comments
cyphunk on:
Feb/03
JTAG Enumeration (tool)
GynvaelColdwind on:
Feb/03
JTAG Enumeration (tool)
suirp on:
Feb/02
Administrator account VS. S...
DelightedZuk on:
Jan/31
GDT / LDT Windows Kernel Ex...
DelightedZuk on:
Jan/31
Administrator account VS. S...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit