Virtuailor - IDAPython tool for C++ vtables reconstruction
Virtuailor is an IDAPython tool that reconstructs vtables for C++ code written for intel architecture and both 32bit and 64bit code. The tool constructed from 2 parts, static and dynamic.The first is the static part, contains the following capabilities:
[*]Detects indirect calls.
[*]Hooks the value assignment of the indirect calls using conditional breakpoints (the hook code).
The second is the dynamic part, contains the following capabilities:
[*]Creates vtable structures.
[*]Rename functions and vtables addresses.
[*]Add structure offset to the assembly indirect calls.
[*]Add xref from indirect calls to their virtual functions(multiple xrefs).
https://raw.githubusercontent.com/0xgalz/Virtuailor/master/Images/howto.gif
Output and General Functions
vtables structures
The structures Virtuailor creates from the vtable used in virtual call that were hit. The vtable functions are extracted from the memory based on the relevant register that was used in the BP opcode.
https://raw.githubusercontent.com/0xgalz/Virtuailor/master/Images/vtable_structure.png
More info :
https://github.com/0xgalz/Virtuailor
牛逼还原虚表的工具:lol 厲害了這個 哈哈~楼主发的东西还是很不错的,{:1_893:}{:1_893:}感谢~!{:301_991:}
页:
[1]