AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Snippets and Tutorials (https://forums.alliedmods.net/forumdisplay.php?f=112)
-   -   A vtable dumper that even you can use! (https://forums.alliedmods.net/showthread.php?t=281859)

asherkin 04-22-2016 19:22

A vtable dumper that even you can use!
 


Well we're coming up on about 4 years since Drifter's tutorial and my improved IDA script were posted here, but people still consider being able to update gamedata one of the arcane arts, even without any signatures involved.
It's also about 1000X faster than IDA is if you're just after a quick offset.

The source for the binaries linked on the main page is the same as used for SourceMod's automatic gamedata checking, so should always be pretty up-to-date (hopefully avoiding problems with similar older attempts), but you can just drag-and-drop any .so file.

Couple of things on the wishlist (dylib support and proper history / navigation), but this has been sitting for too long already, so have at it!
Browser support: You get what you get. Latest Chrome and Firefox are fine at least.

Neuro Toxin 04-22-2016 20:10

Re: A vtable dumper that even you can use!
 
I assume this doesnt support .exe?

asherkin 04-22-2016 20:12

Re: A vtable dumper that even you can use!
 
Quote:

Originally Posted by Neuro Toxin (Post 2413327)
I assume this doesnt support .exe?

PE binaries do not contain symbols.
Like the IDA script before it, this does best-effort reconstruction of the Windows vtable layout using the Linux one (and it's good enough to get even CTFPlayer::GiveNamedItem, which is one of the more complex).

splewis 04-23-2016 01:58

Re: A vtable dumper that even you can use!
 
Wow, this is a really nice addition. Love the web tools you've been putting up.

HamletEagle 04-24-2016 11:39

Re: A vtable dumper that even you can use!
 
Is there any chance to make this compatible with goldsrc dlls? I have tried it with "cs.so" and the result is
Quote:

0 0 (pure virtual function)
+ this warning:
Quote:

Some Windows Indexes May Be Incorrect
This class uses C++ features which can not be accounted for by this tool.

asherkin 04-24-2016 11:57

Re: A vtable dumper that even you can use!
 
You should open an issue on GitHub and I'll take a look when I have time.

shavit 04-25-2016 03:45

Re: A vtable dumper that even you can use!
 
This is actually brilliant. Thanks :)

ImACow 04-28-2016 18:35

Re: A vtable dumper that even you can use!
 
Holy shit.

Oshizu 05-15-2016 10:40

Re: A vtable dumper that even you can use!
 
I'm able to do signature scanning quite well but for some reason vtable stuff is black magic to me, this sure is going to help out alot

Thanks :3

Potato Uno 05-15-2016 20:34

Re: A vtable dumper that even you can use!
 
The irony is that finding signatures is easier than finding offsets, especially for windows.

Great work as always asherkin.


All times are GMT -4. The time now is 04:16.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.