UNLOZE/sourcemod
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #457 from GoD-Tony/vtable-dump-x64

Browse Source 
Add x64 support to IDA vtable dump script (npotb).
This commit is contained in:
Nicholas Hastings 2015-11-26 16:46:59 -05:00
commit 3e1ba143bf
1 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
tools/ida_scripts/vtable_dump.py
View File

@ -42,26 +42,29 @@ innerclass = ""
classname = None classname = None
offsetdata = {} offsetdata = {}
# Detect address size based on ScreenEA object
adr_size = (sys.getsizeof(ScreenEA()) - 8)
def ExtractTypeInfo(ea, level = 0): def ExtractTypeInfo(ea, level = 0):
global catchclass global catchclass
global innerclass global innerclass
global classname global classname
global offsetdata global offsetdata
end = ea + 4 end = ea + adr_size
while len(Name(end)) == 0: while len(Name(end)) == 0:
end += 4 end += adr_size
while Dword(end - 4) == 0: while Dword(end - adr_size) == 0:
end -= 4 end -= adr_size
# Skip vtable # Skip vtable
ea += 4 ea += adr_size
# Get type name # Get type name
name = Demangle("_Z" + GetString(Dword(ea)), GetLongPrm(INF_LONG_DN)) name = Demangle("_Z" + GetString(Dword(ea)), GetLongPrm(INF_LONG_DN))
ea += 4 ea += adr_size
if classname is None and level == 0: if classname is None and level == 0:
classname = name classname = name
@ -76,15 +79,15 @@ def ExtractTypeInfo(ea, level = 0):
pass pass
elif Dword(ea) != 0: #elif isData(GetFlags(Dword(ea))): # Single Inheritance elif Dword(ea) != 0: #elif isData(GetFlags(Dword(ea))): # Single Inheritance
ExtractTypeInfo(Dword(ea), level + 1) ExtractTypeInfo(Dword(ea), level + 1)
ea += 4 ea += adr_size
else: # Multiple Inheritance else: # Multiple Inheritance
ea += 8 ea += 8
while ea < end: while ea < end:
catchclass = True catchclass = True
ExtractTypeInfo(Dword(ea), level + 1) ExtractTypeInfo(Dword(ea), level + 1)
ea += 4 ea += adr_size
offset = Dword(ea) offset = Dword(ea)
ea += 4 ea += adr_size
#print "%*s Offset: 0x%06X" % (level, "", offset >> 8) #print "%*s Offset: 0x%06X" % (level, "", offset >> 8)
if (offset >> 8) != 0: if (offset >> 8) != 0:
offsetdata[offset >> 8] = innerclass offsetdata[offset >> 8] = innerclass
@ -106,15 +109,15 @@ def Analyze():
ea = ScreenEA() ea = ScreenEA()
end = ea + 4 end = ea + adr_size
while Demangle(Name(end), GetLongPrm(INF_LONG_DN)) is None: while Demangle(Name(end), GetLongPrm(INF_LONG_DN)) is None:
end += 4 end += adr_size
while Dword(end - 4) == 0: while Dword(end - adr_size) == 0:
end -= 4 end -= adr_size
while Demangle(Name(ea), GetLongPrm(INF_LONG_DN)) is None: while Demangle(Name(ea), GetLongPrm(INF_LONG_DN)) is None:
ea -= 4 ea -= adr_size
name = Demangle(Name(ea), GetLongPrm(INF_LONG_DN)) name = Demangle(Name(ea), GetLongPrm(INF_LONG_DN))
if ea == BADADDR or name is None or not re.search(r"vf?table(?: |'\{)for", name): if ea == BADADDR or name is None or not re.search(r"vf?table(?: |'\{)for", name):
@ -134,11 +137,11 @@ def Analyze():
# Read thisoffs # Read thisoffs
offset = -twos_comp(Dword(ea), 32) offset = -twos_comp(Dword(ea), 32)
#print "Offset: 0x%08X (%08X)" % (offset, ea) #print "Offset: 0x%08X (%08X)" % (offset, ea)
ea += 4 ea += adr_size
# Read typeinfo address # Read typeinfo address
typeinfo = Dword(ea) typeinfo = Dword(ea)
ea += 4 ea += adr_size
if offset == 0: # We only need to read this once if offset == 0: # We only need to read this once
print "Inheritance Tree:" print "Inheritance Tree:"
@ -175,7 +178,7 @@ def Analyze():
#print "Stripping '%s' from windows vtable." % (name) #print "Stripping '%s' from windows vtable." % (name)
temp_windows_vtable.remove(name) temp_windows_vtable.remove(name)
ea += 4 ea += adr_size
for i, v in enumerate(temp_windows_vtable): for i, v in enumerate(temp_windows_vtable):
if "::~" in v: if "::~" in v: