Raised This Month: $ Target: $400
 0% 

Calculating a virtual function offset from a signature


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
pRED*
Join Date: Dec 2006
Old 09-30-2010 , 04:29   Re: Calculating a virtual function offset from a signature
Reply With Quote #2

On linux the vtable has a symbol, so you can look this up fairly trivially.

Windows would be more interesting, finding a byte signature that doesn't break would probably be difficult.

The vtable is definitely locatable using RTTI information, though I haven't look into this.

If you look for IDA plugins (on OpenRCE) and find one called MSVC reversing helpers (I think), and run the ms_rtti4.idc it will dump a text file with all the vtable addresses. It should be possible to use similar logic at runtime.

I can find a download link tomorrow if you can't find it.
pRED* is offline
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:10.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode