Update function discovery and extracting types #9

intfinity-zhanteng · 2024-08-08T05:45:58Z

Function discovery

Undefine large qword arrays from IDA auto-analysis
Deliberately add_func to improve the output while walking through the function address table from pcln
Remove rodata segment requirement since it will not work with memory dump

Extract types

Search lea instruction in reverse order
Add dynamic search for data section to get name of types
Add register tagging to each function since the type will be placed in different registers for different functions instead of hardcoding registers
Add parsing of variables of structs

…arge qword from autoanalysis in IDA

… search for _rdata instead of relying of defined segments, Added parsing of structure members inside structs

intfinity-zhanteng added 6 commits August 8, 2024 10:41

Make function after finding the func_addr from pclntab and Undefine l…

8367f7e

…arge qword from autoanalysis in IDA

Add more functions where type information is available, Added dynamic…

99a523e

… search for _rdata instead of relying of defined segments, Added parsing of structure members inside structs

Refactor to undefine from mhdr rather than fixed offset

8921f96

Update README.md on new features

3bf447b

Add link to figure

787fa57

Modify image dimensions

be89346

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update function discovery and extracting types #9

Update function discovery and extracting types #9

intfinity-zhanteng commented Aug 8, 2024 •

edited

Loading

Update function discovery and extracting types #9

Are you sure you want to change the base?

Update function discovery and extracting types #9

Conversation

intfinity-zhanteng commented Aug 8, 2024 • edited Loading

intfinity-zhanteng commented Aug 8, 2024 •

edited

Loading