Virtuailor is an IDAPython tool that reconstructs vtables for C++ code written for intel architecture, both 32bit and 64bit code and AArch64 (New!). The tool constructed from 2 parts, static and dynamic. The first is the static part, contains the following capabilities: Detects indirect calls. Hooks the value assignment of the indirect calls using conditional breakpoints (the hook code). The second is the dynamic part, contains the following capabilities: Creates vtable structures. Rename functions and vtables addresses. Add structure offset to the assembly indirect calls. Add xref from indirect calls to their virtual functions(multiple xrefs). For AArch64- tries to fix undefined vtables and related virtual functions (support for firmware). How to Use? By default Virtuailor will look for virtual calls in ALL the addresses in the code. If you want to limit the code only for specific address range, no problem, just edit the _ Main _ file to add the range you want to target in the variables start_addr_range and end_addr_range: if name == ‘main': start_addr_range = idc.MinEA() # You can change the virtual calls address range end_addr_range = idc.MaxEA() add_bp_to_virtual_calls(start_addr_range, end_addr_range) Optional, (but extremely recommended), create a snapshot of your idb. Just press ctrl+shift+t and create a snapshot. Press File->Run script… then go to Virtuailor folder and choose to run Main.py, You can see the following gif for a…
http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-11-01 17:11:002019-11-01 17:11:00Virtuailor - IDAPython Tool For Creating Automatic C++ Virtual Tables In IDA Pro
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org