|
|
|||||||
|
|
Thread Tools | Display Modes |
|
#5
11-24-2016, 21:43
|
|||
|
|||
|
I updated it so you dont need to set CodeSize= in the ini file if its the same as Size= (less typing and less chance to accidentally screw up)
I also added support for jump tables (where you have a table at the end of the function with a list of addresses pointing to somewhere in the function). It will support the case of functions with multiple jump tables. To use the new JumpTable stuff, you need to define a [JumpTableSymbols] section that defines all the jump tables you want to copy. Each symbol under there needs an Address= line (for the start of the jump table) and a Size= line (for the size in bytes of the jump table) You also need to make sure the Size= line for the function that contains the jump table points to the end of the jump table and the CodeSize= line for that function points to the end of the code. You also need a [JumpTargetSymbols] section. Each symbol under that just gets an address representing a label that is the target of an entry in the jump table. See test.ini for examples of this. This doesn't yet support indirect jump tables (where you have both a table of addresses then another table with indexes into the first table) 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| unlinker IDA - an IDA plugin for extracting functions from a PE file for later reuse | jonwil | Community Tools | 9 | 02-26-2022 04:48 |
| Extracting file from MSI package | new_profile | General Discussion | 20 | 12-09-2013 15:06 |
Threaded Mode