deeso/extract_bytes_from_vtable_names.py

## extract_bytes_from_vtable_names.py
import pickle, idc

def accumulate_names_from_filename (filename):
    data = [i.strip().strip("`vtable for'") for i in open(filename).readlines()]
    results = []
    for i in data:
        address = i.split()[-1]
        name = i.split(address)[0].strip()
        name = name.replace("`vtable for'", '')
        results.append((name, int(address, 16)))
    return results

def accumulate_names (start_ea, end_ea, filter=None):
    names = []
    found_names = set()
    ea = start_ea

    while ea < end_ea:
        name = idc.Name(ea)
        if name is None or name in found_names:
            continue
        if not filter is None and filter(name):
            names.append((ea, name))
        elif filter is None and len(name) > 0:
            names.append((ea, name))
        ea += 1
    return names

def get_bytes_to_read (vtable_locs, s_seg, e_seg):
    addresses = vtable_locs.keys()
    addresses.sort()
    pos = 0
    stop = len(addresses) -1
    results = []
    while pos < stop:
        addr = addresses[pos]
        naddr = addresses[pos+1]
        name = vtable_locs[addr]
        r = {'name':name, 'addr':addr, 'sz':naddr-addr}
        results.append(r)
        pos += 1

    if stop != 0 and pos == stop:
        addr = addresses[pos]
        naddr = e_seg
        name = vtable_locs[addr]
        r = {'name':name, 'addr':addr, 'sz':naddr-addr}
        results.append(r)

    return results

def read_bytes(addr, sz):
    ea_s = addr
    ea_e = addr+sz
    bytes = ["%02x"%idc.Byte(ea) for ea in xrange (ea_s, ea_e)]
    return "".join(bytes)

data_rel_ro = ".data.rel.ro"
seg = idc.FirstSeg()
found_seg = False

while seg != 0xffffffff:
    if idc.SegName(seg) == data_rel_ro:
        found_seg = True
        break
    seg = idc.NextSeg(seg)

if seg == 0xffffffff:
    raise

data_rel_ro_s = idc.SegStart(seg)
data_rel_ro_e = idc.SegEnd(seg)
filename = "C:\\data\\vtable_locations.txt"
names_addrs = accumulate_names_from_filename (filename)
#vtable_name_filter = lambda x: x.find("`vtable for'")
#names_addrs = accumulate_names(data_rel_ro_s, data_rel_ro_e)
vtable_locs = dict([(name, addr) for addr, name in names_addrs])
com = get_bytes_to_read(vtable_locs, data_rel_ro_s, data_rel_ro_e)

for i in com:
    i['bytes'] = read_bytes(i['addr'], i['sz'])

pickle.dump(com, open("c:\\data\\vtable_info.pickle", 'wb'))
	import pickle, idc

	def accumulate_names_from_filename (filename):
	data = [i.strip().strip("`vtable for'") for i in open(filename).readlines()]
	results = []
	for i in data:
	address = i.split()[-1]
	name = i.split(address)[0].strip()
	name = name.replace("`vtable for'", '')
	results.append((name, int(address, 16)))
	return results

	def accumulate_names (start_ea, end_ea, filter=None):
	names = []
	found_names = set()
	ea = start_ea

	while ea < end_ea:
	name = idc.Name(ea)
	if name is None or name in found_names:
	continue
	if not filter is None and filter(name):
	names.append((ea, name))
	elif filter is None and len(name) > 0:
	names.append((ea, name))
	ea += 1
	return names

	def get_bytes_to_read (vtable_locs, s_seg, e_seg):
	addresses = vtable_locs.keys()
	addresses.sort()
	pos = 0
	stop = len(addresses) -1
	results = []
	while pos < stop:
	addr = addresses[pos]
	naddr = addresses[pos+1]
	name = vtable_locs[addr]
	r = {'name':name, 'addr':addr, 'sz':naddr-addr}
	results.append(r)
	pos += 1

	if stop != 0 and pos == stop:
	addr = addresses[pos]
	naddr = e_seg
	name = vtable_locs[addr]
	r = {'name':name, 'addr':addr, 'sz':naddr-addr}
	results.append(r)

	return results

	def read_bytes(addr, sz):
	ea_s = addr
	ea_e = addr+sz
	bytes = ["%02x"%idc.Byte(ea) for ea in xrange (ea_s, ea_e)]
	return "".join(bytes)

	data_rel_ro = ".data.rel.ro"
	seg = idc.FirstSeg()
	found_seg = False

	while seg != 0xffffffff:
	if idc.SegName(seg) == data_rel_ro:
	found_seg = True
	break
	seg = idc.NextSeg(seg)

	if seg == 0xffffffff:
	raise

	data_rel_ro_s = idc.SegStart(seg)
	data_rel_ro_e = idc.SegEnd(seg)
	filename = "C:\\data\\vtable_locations.txt"
	names_addrs = accumulate_names_from_filename (filename)
	#vtable_name_filter = lambda x: x.find("`vtable for'")
	#names_addrs = accumulate_names(data_rel_ro_s, data_rel_ro_e)
	vtable_locs = dict([(name, addr) for addr, name in names_addrs])
	com = get_bytes_to_read(vtable_locs, data_rel_ro_s, data_rel_ro_e)

	for i in com:
	i['bytes'] = read_bytes(i['addr'], i['sz'])

	pickle.dump(com, open("c:\\data\\vtable_info.pickle", 'wb'))