Symbol Type Viewer 1.0.0.6

20130424182236

Symbol Type Viewer is a tool which makes it possible to easily visualize the types which can be defined in the symbols of the modules of the systems Microsoft Windows 32/64bit. Moreover, it makes it possible to convert these informations for the C language (.h) and the disassembler IDA of DataRescue (.idc).


Public informations in connection with the types defined in the symbols are extremely limited. And the development of this tool could not have been done without the excellent work of Oleg Starodumov. (http://www.debuginfo.com/)

Symbol Type Viewer was developed with C# for the easy installation of graphical interface. But its principal engine works with native API of helpdbg.dll.

Symbol Type Viewer recognizes the types Structure, Union, Enum, Function like all the basic types (table, pointer, base_type, etc…).

The modules of Windows containing class types are extremely rare. It was thus impossible to do a reliable work with class types. Symbol Type Viewer thus does not manage the modules containing class informations.

This tool is made for all curious ones and reverse engineering fanatics.

To summarize, Symbol Type Viewer allows to :
download the symbols (pdb) very simply.
sail and visualize in a detailed way the types and their members in the form of tree structure
easily find the unused areas in the structures (padding). These areas are theoretically usable to put personal data there
translate the structures for the C Language (.h) and for IDA script (.idc) of DataRescue (http://www.datarescue.com/idabase/)
personalize the formatting: addition of suffix in the names of types, freeze the sizes of structures and members (the pointers become ULONG32 for a 32bit system and UINT64 for a 64bit system)
apply searchs of texts or regular expressions
do a batch processing by treating all modules met in a directory and its under-directories. For example: C:\Windows;)

At this time, Symbol Type Viewer is distributed in version beta and with license GPL (http://www.gnu.org/licenses/gpl.html).
The sources will be placed at the disposal at the final version… after a good cleaning 😉

Symbol Type Viewer functions with Microsoft .NET Framework 2.0.

Download link:http://woodmann.com/collaborative/tools/index.php/Symbol_Type_Viewer

☆版权☆

* 网站名称:obaby@mars
* 网址:https://h4ck.org.cn/
* 个性:https://oba.by/
* 本文标题: 《Symbol Type Viewer 1.0.0.6》
* 本文链接:https://h4ck.org.cn/2013/04/5120
* 短链接:https://oba.by/?p=5120
* 转载文章请标明文章来源,原文标题以及原文链接。请遵从 《署名-非商业性使用-相同方式共享 2.5 中国大陆 (CC BY-NC-SA 2.5 CN) 》许可协议。


猜你喜欢:

2 comments

  1. Level 1
    Google Chrome 26 Google Chrome 26 Windows 7 Windows 7 cn北京市 联通

    有个问题请教一下,当IDA Pro动态调试android so时,如果so被strip过,没有符号了,怎么办?

    我尝试了一个idc, renimp.idc, 可以把大部分的ARM库函数识别出来,但是THUMB的就的手工做了,你有方便的好办法吗

    1. 公主 Queen 
      Opera 12 Opera 12 Windows 7 Windows 7 cn福建省厦门市思明区 电信

      对于分析不出来的函数我也没什么好办法,除了库函数,其余的东西也没什么比较好识别的特征可以直接用于函数命名吧?多费点功夫手工分析呗。

回复 obaby 取消回复

您的电子邮箱地址不会被公开。 必填项已用*标注