Symbol Type Viewer is a tool which makes it possible to easily visualize the types which can be defined in the symbols of the modules of the systems Microsoft Windows 32/64bit. Moreover, it makes it possible to convert these informations for the C language (.h) and the disassembler IDA of DataRescue (.idc).
Public informations in connection with the types defined in the symbols are extremely limited. And the development of this tool could not have been done without the excellent work of Oleg Starodumov. (http://www.debuginfo.com/)
Symbol Type Viewer was developed with C# for the easy installation of graphical interface. But its principal engine works with native API of helpdbg.dll.
Symbol Type Viewer recognizes the types Structure, Union, Enum, Function like all the basic types (table, pointer, base_type, etc…).
The modules of Windows containing class types are extremely rare. It was thus impossible to do a reliable work with class types. Symbol Type Viewer thus does not manage the modules containing class informations.
This tool is made for all curious ones and reverse engineering fanatics.
To summarize, Symbol Type Viewer allows to :
download the symbols (pdb) very simply.
sail and visualize in a detailed way the types and their members in the form of tree structure
easily find the unused areas in the structures (padding). These areas are theoretically usable to put personal data there
translate the structures for the C Language (.h) and for IDA script (.idc) of DataRescue (http://www.datarescue.com/idabase/)
personalize the formatting: addition of suffix in the names of types, freeze the sizes of structures and members (the pointers become ULONG32 for a 32bit system and UINT64 for a 64bit system)
apply searchs of texts or regular expressions
do a batch processing by treating all modules met in a directory and its under-directories. For example: C:\Windows;)
At this time, Symbol Type Viewer is distributed in version beta and with license GPL (http://www.gnu.org/licenses/gpl.html).
The sources will be placed at the disposal at the final version… after a good cleaning 😉
Symbol Type Viewer functions with Microsoft .NET Framework 2.0.
有个问题请教一下，当IDA Pro动态调试android so时，如果so被strip过，没有符号了，怎么办？
我尝试了一个idc， renimp.idc, 可以把大部分的ARM库函数识别出来，但是THUMB的就的手工做了，你有方便的好办法吗