Exemple #1
        private static void DumpRtti(string fileName)
            if (File.Exists(fileName))
                BinaryReader br   = null;
                RttiHelp     help = new RttiHelp();

                byte[] data;

                using (br = new BinaryReader(File.Open(fileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)))
                    data = br.ReadBytes((int)br.BaseStream.Length);

                RangeVft(data, 0x5142FCA8, 0x514320B8, 0x51432044 - 0x01412044, help);
                RangeVft(data, 0x51432158, 0x51435024, 0x51432044 - 0x01412044, help);
                //RangeVft(data, 0x51432158, 0x51458F6C, 0x51432044 - 0x01412044, help);

                help.AddFuncName(0x502BD4A0, "pure_virt_memberPtr");


                using (var sw = new StreamWriter(File.Open(fileName + ".class.txt", FileMode.Create, FileAccess.Write, FileShare.ReadWrite)))
                    using (var sw2 = new StreamWriter(File.Open(fileName + ".class_sym.idc", FileMode.Create, FileAccess.Write, FileShare.ReadWrite)))
                        help.DumpHdrs(sw, sw2);
Exemple #2
            internal void Dump(RttiHelp help, TextWriter tw, TextWriter tw_sym, string p)
                tw.WriteLine("0x{1:X4} t: {2:X4} n: {3:x4} '{4}' fc: {5} bfc: {6} mfc: {7} ", p, mem_loc, type, name_loc, name, baseclassfunc_count + myclassfunc_count, baseclassfunc_count, myclassfunc_count);
                foreach (var b in baseClassesAddr)
                    var hdr = help.GetClass(b.Item2);

                    tw.Write("{0}  c {1:X} ", p, b.Item1);
                    hdr.Dump(help, tw, tw_sym, p + "  ");

                foreach (var f in funcs)
                    long funcAddr  = f.Item3;
                    int  funcIdx   = f.Item2;
                    int  offset    = f.Item1;
                    long real_addr = funcAddr & 0xFFffFFfe;
                    bool arm16     = real_addr != funcAddr;
                    bool neg_off   = offset < 0;
                    int  t_offset  = neg_off ? -offset : offset;

                    tw.WriteLine("{0}  f {1}{2:X2} {3} 0x{4:X4}{5} {6}", p, neg_off ? "-" : "", t_offset, funcIdx, real_addr, arm16 ? "+1" : "", help.GetFuncName(real_addr));

                    //tw.WriteLine("{0}  f {1:X} {2:X4}", p, f.Item1, f.Item2);
Exemple #3
Exemple #4
        private static long ScanVft(byte[] data, long addr, long fileFix, RttiHelp help)
            long file_loc   = addr - fileFix;
            long offset     = 0;
            long class_addr = ReadUint32BE(data, file_loc);

            offset += 4;

            if (class_addr == 0)
                return(addr + offset);

            help.AddClassRef(addr, class_addr);
            while (help.HasWork())
                var w_addr  = help.GetWork();
                var w_class = new ClassHdr(help, data, w_addr, fileFix);
                help.AddClass(w_addr, w_class);

            var thisClass   = help.GetClass(class_addr);
            var activeClass = thisClass;
            int funcOffset  = 0;
            int classOffset = 0;
            int state       = 0;

            while (ReadUint32BE(data, file_loc + offset) != 0)
                int val = (int)ReadUint32BE(data, file_loc + offset);
                offset += 4;
                if (state == 0)
                    if (val < 0)
                        funcOffset  = 0;
                        classOffset = val;

                        state = 1;
                        thisClass.AddFunction(classOffset, funcOffset, val);
                        funcOffset += 1;
                else if (state == 1)
                    // check class is same as above
                    if (val != class_addr)
                        int z = 0;
                    state = 0;

            return(addr + offset + 4);
Exemple #5
Exemple #6
            public ClassHdr(RttiHelp help, byte[] data, long startAddr, long addrOffset)
                mem_loc         = startAddr;
                file_loc        = startAddr - addrOffset;
                baseClassesAddr = new List <Tuple <int, long> >();
                funcs           = new List <Tuple <int, int, long> >();
                baseClasses     = new List <Tuple <int, ClassHdr> >();

                Read(help, data, mem_loc, file_loc, addrOffset);
Exemple #7
Exemple #8
Exemple #9
            public void Read(RttiHelp help, byte[] data, long addr, long fileOffset, long fileFix)
                type     = ReadUint32BE(data, file_loc);
                name_loc = ReadUint32BE(data, file_loc + 0x04);
                name     = ReadString(data, name_loc - fileFix, 100);

                Debug.WriteLine("0x{0:X4} t: {1:X4} n: {2:x4} '{3}'", addr, type, name_loc, name);
                if (type == 0x51458F20)
                else if (type == 0x51458F30)
                    sub_loc = ReadUint32BE(data, file_loc + 0x08);
                    help.AddClassRef(addr, sub_loc);
                    baseClassesAddr.Add(new Tuple <int, long>(0, sub_loc));
                else if (type == 0x51458F40)
                    subtype = ReadUint32BE(data, file_loc + 0x08);

                    if (subtype == 0 || subtype == 2)
                        subcount = ReadUint32BE(data, file_loc + 0x0C);

                        for (int i = 0; i < subcount; i++)
                            UInt32 suba_loc = ReadUint32BE(data, file_loc + 0x10 + (8 * i));
                            byte   a        = data[file_loc + 0x10 + (8 * i) + 0x04];
                            byte   b        = data[file_loc + 0x10 + (8 * i) + 0x05];
                            byte   c        = data[file_loc + 0x10 + (8 * i) + 0x06];
                            byte   d        = data[file_loc + 0x10 + (8 * i) + 0x07];

                            Debug.WriteLine(" 0x{0:X4} {1:x2} {2:x2} {3:x2} {4:x2}", suba_loc, a, b, c, d);
                            help.AddClassRef(addr, suba_loc);
                            if (a == 2)
                                baseClassesAddr.Add(new Tuple <int, long>(b, suba_loc));
                                baseClassesAddr.Add(new Tuple <int, long>(b, suba_loc));
                        throw new Exception(string.Format("subtype 0x{0:X} not known {1}", addr, subtype));
Exemple #10
            void ResolveBaseClassOffsets(RttiHelp help)
                // Add the offsetted base classes for all base class to this class table.
                max_base_depth = 0;

                foreach (var bca in baseClassesAddr)
                    int offset = bca.Item1;
                    var bc     = help.GetClass(bca.Item2);

                    foreach (var bbc in bc.baseClasses)
                        baseClasses.Add(new Tuple <int, ClassHdr>(offset + bbc.Item1, bbc.Item2));

                    baseClasses.Add(new Tuple <int, ClassHdr>(offset, bc));
                    max_base_depth = Math.Max(max_base_depth, bc.max_base_depth + 1);
Exemple #11
Exemple #12
Exemple #13
Exemple #14
Exemple #15
Exemple #16
Exemple #17
Exemple #18
Exemple #19
Exemple #20
