Fixup vtable_structs and finalize vtable_io again

Scags · Scags · commit 61a24d720d4f · 2023-08-12T19:39:10.000-05:00
diff --git a/README.md b/README.md
@@ -25,11 +25,14 @@ Takes a SourceMod (or any) signature input and detects if it's unique or not.
 
 Python translation of [makesig](https://github.com/alliedmodders/sourcemod/blob/master/tools/ida_scripts/makesig.idc).
 
+Optionally, install pyperclip with `pip install pyperclip` to automatically copy any signatures to your clipboard when running.
+
 
 ### makesigfromhere.py ###
 
 Creates a signature from the cursor offset. Useful for byte patching.
 
+
 ### nameresetter.py ###
 
 Resets the name of every function in IDA's database. Does not include library or external functions.
@@ -71,9 +74,40 @@ This works well with the Signature Smasher. However to save you an hour or so, I
 
 ### vtable_io.py ###
 
-Imports and exports virtual tables. Run it through a Linux binary to export to a file, then run it through a Windows binary to import those VTables into the database. This is similar to [Asherkin's VTable Dumper](https://asherkin.github.io/vtable/) but doesn't suffer from the pitfalls of multiple inheritance. Since it doesn't have those liabilities, it's function typing will almost always be perfect. 32-bit only for now.
-
-Only works on libraries that have virtual thunks *after* the virtual table declaration such as in TF2. Fixing this is a TODO.
+Imports and exports virtual tables. Run it through a Linux binary to export to a file, then run it through a Windows binary to import those VTables into the database. This is similar to [Asherkin's VTable Dumper](https://asherkin.github.io/vtable/) but doesn't suffer from the pitfalls of multiple inheritance. Since it doesn't have those liabilities, its function typing will almost always be perfect.
+
+#### Features ####
+This script is slightly heavy and has features that warrant explanation. Features can be freely enabled/disabled in the popup form that opens when you run the script. Desired features options are kept in the IDA registry and will persist.
+
+**Parse type strings**
+- Sometimes IDA fails to properly analyze Windows RTTI Type Descriptor objects. Because of this, there won't be a reference from certain type descriptors to std::type_info, which is required for the script to work.
+- If this feature is enabled, then the string names of the type descriptor will be parsed in order to discover the unreferencing type descriptors. This will be done alongside the normal script function.
+- If you notice that there are multiple functions of the same name or classes that have virtual functions that aren't typed, consider enabling this.
+- It should be harmless to keep on regardless, but it is disabled by default.
+- This problem only seemed to be present in NMRiH.
+
+**Skip vtable size mismatches**
+- The script is *almost* perfect. On rare occasion, it will fail to properly prepare a Windows translation of a Linux virtual table.
+- If this option is enabled, then any size mismatches will forego function typing.
+- Enabled by default.
+
+**Comment reused functions**
+- Windows oftentimes optimizes shorter and simpler functions and reuses them across multiple virtual tables. This means that it would be redundant to rename these functions over and over again.
+- If enabled, virtual table declarations instead emplace a comment on the function's reference.
+- Enabled by default.
+
+**Export options**
+- Should be self-explanatory, but the script is able to export the Linux and Windows virtual tables to a file.
+- This is is a .json file and is organized to be readable.
+- The format of the export file is as follows:
+```json
+"classname"
+{
+	"[this-offset]	vtable-offset	function-name"
+}
+```
+- Linux offsets are denoted with `L` and Windows with `W`. If the function is not present in a certain OS, then that index is empty.
+- Exporting is optional, and if it is not enabled, then the export file path option can be safely ignored.
 
 ### vtable_structs.py ###
 
diff --git a/sigsmasher.py b/sigsmasher.py
@@ -200,7 +200,7 @@ def main():
 		f += ".yml"
 
 	with open(f, "w") as f:
-		yaml.safe_dump(root, f, default_flow_style = False, width = 999999)
+		yaml.safe_dump(root, f, default_flow_style=False, width=999999)
 
 	idaapi.hide_wait_box()
 	print("Successfully generated {} signatures from {} functions".format(sigcount, funccount))
diff --git a/vtable_io.py b/vtable_io.py
@@ -5,26 +5,25 @@
 import ctypes
 import time
 import re
-import os
 
-from sys import version_info
 from dataclasses import dataclass
 
 if idc.__EA64__:
 	ea_t = ctypes.c_uint64
 	ptr_t = ctypes.c_int64
 	get_ptr = idaapi.get_qword
-	# Calling this a lot so we'll speed up the invocations by manually implementing this here
-	def is_ptr(f): return (f & idaapi.MS_CLS) == idaapi.FF_DATA and (f & idaapi.DT_TYPE) == idaapi.FF_QWORD
+	FF_PTR = idaapi.FF_QWORD
 else:
 	ea_t = ctypes.c_uint32
 	ptr_t = ctypes.c_int32
 	get_ptr = idaapi.get_dword
-	def is_ptr(f): return (f & idaapi.MS_CLS) == idaapi.FF_DATA and (f & idaapi.DT_TYPE) == idaapi.FF_DWORD
+	FF_PTR = idaapi.FF_DWORD
 
-def is_off(f): return f & (idaapi.FF_0OFF|idaapi.FF_1OFF) != 0
+# Calling these a lot so we'll speed up the invocations by manually implementing them here
+def is_off(f): return (f & (idaapi.FF_0OFF|idaapi.FF_1OFF)) != 0
 def is_code(f): return (f & idaapi.MS_CLS) == idaapi.FF_CODE
 def has_any_name(f): return (f & idaapi.FF_ANYNAME) != 0
+def is_ptr(f): return (f & idaapi.MS_CLS) == idaapi.FF_DATA and (f & idaapi.DT_TYPE) == FF_PTR
 
 # Let's go https://www.blackhat.com/presentations/bh-dc-07/Sabanal_Yason/Paper/bh-dc-07-Sabanal_Yason-WP.pdf
 
@@ -245,16 +244,17 @@ class VFunc:
 	postname: str
 	sname: str
 
-def make_vfunc(ea=idc.BADADDR, mangledname="", inheritid=-1, vaddr=idc.BADADDR):
-	name = ""
-	postname = ""
-	sname = ""
-	if mangledname:
-		name = idaapi.demangle_name(mangledname, idaapi.MNG_LONG_FORM) or mangledname
-		if name:
-			postname = get_func_postname(name)
-			sname = postname.split("(")[0]
-	return VFunc(ea, vaddr, mangledname, inheritid, name, postname, sname)
+	@staticmethod
+	def create(ea=idc.BADADDR, mangledname="", inheritid=-1, vaddr=idc.BADADDR):
+		name = ""
+		postname = ""
+		sname = ""
+		if mangledname:
+			name = idaapi.demangle_name(mangledname, idaapi.MNG_LONG_FORM) or mangledname
+			if name:
+				postname = get_func_postname(name)
+				sname = postname.split("(")[0]
+		return VFunc(ea, vaddr, mangledname, inheritid, name, postname, sname)
 
 class VOptions(object):
 	StringMethod = 1 << 0
@@ -412,7 +412,7 @@ def parse_vtable_addresses(ea):
 		if not is_code(fflags):
 			break
 
-		funcs.append(make_vfunc(ea=offs, vaddr=ea))
+		funcs.append(VFunc.create(ea=offs, vaddr=ea))
 
 		ea = idaapi.next_head(ea, idc.BADADDR)
 	return funcs
@@ -684,6 +684,8 @@ def is_thunk(thunkfunc, targetfuncs):
 	return False
 
 def build_export_table(linuxtables, wintables):
+	# Table is built mainly for readability but having one that is actually parsable would
+	# be a cool idea for the future
 	exporttable = {}
 	# Save Linux only tables for exporting too
 	winless = {k: linuxtables[k] for k in linuxtables.keys() - wintables.keys()}
@@ -895,7 +897,7 @@ def fix_win_overloads(linuxitems, winitems, vclass, functable):
 		currfuncs = linuxitems[i].funcs
 		vfuncs = []
 		for u in range(len(currfuncs)):
-			f = make_vfunc(mangledname=currfuncs[u])
+			f = VFunc.create(mangledname=currfuncs[u])
 			for j, baseclass in enumerate(vclass.baseclasses.values()):
 				if f.postname in baseclass.postnames:
 					f.inheritid = j
diff --git a/vtable_structs.py b/vtable_structs.py
