H_2_OFF V0.4
--------------
*   09.05.2003 Darko   V0.4
                       Binary included for IDA 4.5, use it at your own risk ;)

This plugin helps with structure offsets (indirect access to structure members
through pointers) for third party libraries when you do not have PDB, but do have
FLIRT signature files and header files for the library. For the present it
works only in case where function args are pointers to structure.


ATTENTION: Parts of the code (everything in obj_rec directory) are private
           property of Halvar Flake <halvar@blackhat.com>. If you plan to use
           that source code you should talk to Halvar first!!

ATTENTION 2: The rest of the source code
             (all files with 'Copyright (c) :   Darko' in file header)
             is under BSD license.


Installation: Copy h_2_stroff.plw to IDA Pro 4.5 plugin directory.


Before trying on a real project check how it works on test project in
'test_files' directory.

1. Compile test3.cpp
2. Rename manually 'sub_401000' called from 'main' to 'f34' (no FLIRT for this)
3. Load test3.h (the declaration appears above f34)
4. Apply H_2_OFF
5. Check indirect access to structure members through pointers in f34


==============================================================================
Use:

1. Compile a project and load exe in IDA Pro.
2. Apply FLIRT signature files to recognize third party library functions.
3. Load C header files in IDA. (Now all the library functions should have
    declarations. BTW, if you do not have ready header files you could always
    write them :)
4. Apply H_2_OFF

==============================================================================

Any volunteer to improve C argument parsing and args offset ?

Darko

