Raised This Month: $7 Target: $400
 1% 

A vtable dumper that even you can use!


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 04-22-2016 , 19:22   A vtable dumper that even you can use!
Reply With Quote #1



Well we're coming up on about 4 years since Drifter's tutorial and my improved IDA script were posted here, but people still consider being able to update gamedata one of the arcane arts, even without any signatures involved.
It's also about 1000X faster than IDA is if you're just after a quick offset.

The source for the binaries linked on the main page is the same as used for SourceMod's automatic gamedata checking, so should always be pretty up-to-date (hopefully avoiding problems with similar older attempts), but you can just drag-and-drop any .so file.

Couple of things on the wishlist (dylib support and proper history / navigation), but this has been sitting for too long already, so have at it!
Browser support: You get what you get. Latest Chrome and Firefox are fine at least.
__________________

Last edited by asherkin; 04-22-2019 at 15:13.
asherkin is offline
Neuro Toxin
Veteran Member
Join Date: Oct 2013
Location: { closing the void; }
Old 04-22-2016 , 20:10   Re: A vtable dumper that even you can use!
Reply With Quote #2

I assume this doesnt support .exe?
__________________
Neuro Toxin is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 04-22-2016 , 20:12   Re: A vtable dumper that even you can use!
Reply With Quote #3

Quote:
Originally Posted by Neuro Toxin View Post
I assume this doesnt support .exe?
PE binaries do not contain symbols.
Like the IDA script before it, this does best-effort reconstruction of the Windows vtable layout using the Linux one (and it's good enough to get even CTFPlayer::GiveNamedItem, which is one of the more complex).
__________________

Last edited by asherkin; 04-22-2016 at 20:16.
asherkin is offline
splewis
Veteran Member
Join Date: Feb 2014
Location: United States
Old 04-23-2016 , 01:58   Re: A vtable dumper that even you can use!
Reply With Quote #4

Wow, this is a really nice addition. Love the web tools you've been putting up.
__________________
splewis is offline
HamletEagle
AMX Mod X Plugin Approver
Join Date: Sep 2013
Location: Romania
Old 04-24-2016 , 11:39   Re: A vtable dumper that even you can use!
Reply With Quote #5

Is there any chance to make this compatible with goldsrc dlls? I have tried it with "cs.so" and the result is
Quote:
0 0 (pure virtual function)
+ this warning:
Quote:
Some Windows Indexes May Be Incorrect
This class uses C++ features which can not be accounted for by this tool.
__________________

Last edited by HamletEagle; 04-24-2016 at 11:40.
HamletEagle is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 04-24-2016 , 11:57   Re: A vtable dumper that even you can use!
Reply With Quote #6

You should open an issue on GitHub and I'll take a look when I have time.
__________________

Last edited by asherkin; 04-24-2016 at 11:59.
asherkin is offline
shavit
AlliedModders Donor
Join Date: Dec 2011
Location: Israel
Old 04-25-2016 , 03:45   Re: A vtable dumper that even you can use!
Reply With Quote #7

This is actually brilliant. Thanks
__________________
retired
shavit is offline
ImACow
AlliedModders Donor
Join Date: Feb 2015
Old 04-28-2016 , 18:35   Re: A vtable dumper that even you can use!
Reply With Quote #8

Holy shit.
__________________
ImACow is offline
Oshizu
Veteran Member
Join Date: Nov 2012
Location: Warsaw
Old 05-15-2016 , 10:40   Re: A vtable dumper that even you can use!
Reply With Quote #9

I'm able to do signature scanning quite well but for some reason vtable stuff is black magic to me, this sure is going to help out alot

Thanks
__________________
...
Oshizu is offline
Potato Uno
Veteran Member
Join Date: Jan 2014
Location: Atlanta, Georgia
Old 05-15-2016 , 20:34   Re: A vtable dumper that even you can use!
Reply With Quote #10

The irony is that finding signatures is easier than finding offsets, especially for windows.

Great work as always asherkin.
Potato Uno is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:07.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode