Yes. Step 1: Highlight the entire vtable in linear view and right click. Select "create struct" or "make struct" or whatever it's called
-
-
Replying to @josh_watson @taviso
Step 2: Rename the resulting struct type "MyClass_vtbl"
1 reply 0 retweets 0 likes -
Replying to @josh_watson @taviso
Step 3: Create your class struct in Local Types. struct __cppobj MyClass { MyClass_vtbl* __vftable; int foo; int bar; };
1 reply 0 retweets 0 likes -
Replying to @josh_watson @taviso
Step 4: If you have inheritance, you can do that too! struct __cppobj MyChildClass : MyClass { }; and now when you define a struct for MyChildClass_vtbl, it will automatically use that one for MyChildClass instead
1 reply 0 retweets 1 like -
Replying to @josh_watson @taviso
By using the "create struct" feature, especially on stuff with symbols, it'll automatically define the function types of all the virtual methods, and by naming the vtable __vftable, you'll see this->AddRef(this) instead of this->__vftable->AddRef(this), for example
1 reply 0 retweets 0 likes -
Replying to @josh_watson @taviso
Oh, and finally, if it's casting the method because the types don't perfectly match up (like it thinks it's __fastcall instead of __thiscall or something), you can right click on the method name and select "Force Type" and it will force it to be the defined method type
1 reply 0 retweets 0 likes -
Replying to @josh_watson @taviso
And now that I look this over again, I realize that you're asking about v*b*tables, not v*f*tables lol
2 replies 0 retweets 2 likes -
Replying to @josh_watson @taviso
Sorry if I am asking something stupid: what is an VBTable?
1 reply 0 retweets 0 likes -
I had to google it myself, seems like it’s some sort of virtual base class table?
1 reply 0 retweets 1 like -
Replying to @josh_watson @matalaz
Right, It's a table of offsets from the base class to subclasses, so (SubClass)(&BaseClass->base + BaseClass->base->IndexOfSubClass]), at least that's how MSVC generates them. Isn't it beautiful?
1 reply 0 retweets 0 likes
There are some slides with examples here from @IgorSkochinsky https://www.hexblog.com/wp-content/uploads/2011/08/Recon-2011-Skochinsky.pdf …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.