About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

IDA Scripts: Microsoft VC++ Reversing Helpers

File Information
Category Open Source # Downloads Version
IDA Scripts Yes 17,394 3.0

Download from OpenRCE
MD5 Sum: 97D61B13B327EEEC63D3204A606AE3C9

Last updated on Sep 21, 2006 with the following description: Added scripts from second article "Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI" for parsing RTTI structures and vftables. Renamed project more appropriately.

Author Information
Username Name E-Mail URL
  igorsk Igor Skochinsky skochinskymailru http://igorsk.blogspot.com

Description These IDC scripts help with the reversing of MSVC programs. One script scans the whole program for typical SEH/EH code sequences and comments all related structures and fields. Commented are stack variables, exception handlers, exception types and other. It also tries to fix function boundaries that are sometimes incorrectly determined by IDA. The script to run is ms_ehseh.idc.

The other script scans the whole program for RTTI structures and vftables. For some simple cases, identifies and renames constructors and destructors. Outputs a file with the list of all vftables with referencing functions and class hierarchy. The script to run is ms_rtti4.idc.

For more information see the following OpenRCE articles written in conjunction with these scripts:

Reversing Microsoft Visual C++ Part I: Exception Handling
Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI

There are 29,883 total registered users.


Recently Created Topics
Incorrect bitness wh...
May/20
PaiMei stalker modul...
May/19
Attach to program us...
May/13
IDA PRO how to make ...
May/12
FACT: OpenRCE is dead.
May/08
Int 3 anti debug?
May/05
help needed - Beginn...
May/03
Attaching IDA Pro to...
Apr/27
File type
Apr/21
Debugging iphone app...
Apr/15


Recent Forum Posts
Ollydbg 2.0 - Plugin...
openrce...
IDA PRO how to make ...
codeinject
FACT: OpenRCE is dead.
codeinject
IDA Resource Viewer ...
r2x64
FACT: OpenRCE is dead.
djnemo
FACT: OpenRCE is dead.
codeinject
FACT: OpenRCE is dead.
pedram
help needed - Beginn...
araujo
Attaching IDA Pro to...
codeinject
Int 3 anti debug?
codeinject


Recent Blog Entries
sweetyss
May/18
Adam Wainwright continues t...
lowpriority
Apr/13
OllyMigrate Plugin for Olly...
everdox
Mar/08
2 anti-trace mechanisms spe...
everdox
Mar/07
Advanced debugging techniques
everdox
Mar/06
Branch tracing and LBR acce...
More ...


Recent Blog Comments
clarisonic on:
Apr/03
New version of Ollydbg!
clarisonic on:
Apr/03
New version of Ollydbg!
trackerx90 on:
Mar/04
SuppressDebugMsg As Anti-De...
coachfactory on:
Feb/25
Portable Executable Format ...
coachfactory on:
Feb/25
A new Anti-Olly trick.
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit