Drifter and I were discussing making VTable reconstruction
more accessible to beginners on IRC today, and the differences between GCC's and MSVC's ordering.
Over the last several hours, I've rewritten the well-known linux_vtable_dump IDC script in IDAPython, with the following changes:
- Attempts to fully reconstruct the MSVC VTable ordering, giving Windows offsets that are accurate in almost all cases.
- Prints to the IDA console instead of writing a file, much faster for quick lookups.
- Many more safety checks to not try and process gibberish.
It can be found in the SourceMod repo,
here.
The only downside to this script, is that due to using IDAPython, it's not compatible with IDA 5.0.
I've also included my simple IDC script that attempts to help with making Windows signatures.
Using it is easy, just place the cursor in a function and run the script, it'll dump a wildcarded signature to the output window.
It's primarily intended for use during rapid development, although by extending and checking the wildcards, you can make the generated sig more robust for released projects.
You can download it
here.
Just post in this thread if you run into any problems, now go forth and reverse engineer!