-
Notifications
You must be signed in to change notification settings - Fork 14
/
vtable-linux-gcc.idc
43 lines (41 loc) · 1.27 KB
/
vtable-linux-gcc.idc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#include <idc.idc>
static main(void)
{
auto SearchString;
auto searchStart;
auto searchTest;
auto occurances;
auto szFilePath,hFile;
auto strSize;
auto vTablePtr;
auto vTableLoc;
auto myString;
auto nextAddress;
auto byteVal;
occurances = 0;
searchStart = 0;
SearchString = AskStr("", "What vtable binary to search?");
szFilePath = AskFile(1, "*.txt", "Select output dump file:");
hFile = fopen(szFilePath, "wb");
Message("Scanning...");
searchStart = FindBinary(searchStart, SEARCH_DOWN, SearchString);
while(searchStart != BADADDR){
MakeStr(searchStart-2, BADADDR);
myString = GetString(searchStart-2,-1,GetStringType(searchStart-2));
strSize = strlen(myString);
nextAddress = searchStart-2+strSize+1;
byteVal = Byte(nextAddress);
while(byteVal == 0){
nextAddress++;
byteVal = Byte(nextAddress);
}
MakeDword(nextAddress);
vTableLoc = FindBinary(141301056,SEARCH_DOWN, form("%X", nextAddress));
MakeDword(nextAddress+4);
fprintf(hFile,"%a\t%s\n",vTableLoc,myString);
searchStart = FindBinary(searchStart+1, SEARCH_DOWN, SearchString);
occurances++;
}
fclose(hFile);
Message("Found %i Occurances",occurances);
}