Scripts for IDA pro to aid reversing
These scripts are written using hexray's IDAPython api and can only be used within the IDA interface.
To run an IDA python script click File -> Script File, or use the hotkey Alt+F7
This will open up an explorer, you can then select a script and press 'Open' to run it.
This script will dump all indexes and mangled func name + some other info into a json file, this is for use with paster.py
To use the dumper script, select a partion of a vtable:
Minecraft BDS with symbols
Now run the dumper.py script, it will query a file, it will create a file for you if you just type a name in the input box. This file can be anywhere.
Then click save.
The dumper will run and output the file with that name in the directory you gave it. One it is finished a message like this will appear in your output subview.
Yayyyyy vtable dumped :)))
This script will dump all indexes of functions in a vtable, along with their demangled name. It has the exact same usage as dumper.py, except dumps into a txt file.
This script will paste results of dumper.py onto another vtable, it will name each function in one vtable with corresponding function in the dump.
To use this script, again select a partition from the vtable you dumped but on, in my case, the client db.
Minecraft Bedrock client without symbols
Now run paster.py, it will again query a file, select the dumped vtable from dumper.py:
Now press open, the script will now start.
Once done you'll see this in your output subview:
and this on your vtable view:
All the functions in the vtable are now named on the client! Happy reversing :)