☆Obaby's H4cking W0rld☆

Hack-Crack==Backdoors - RATs - Trojans // Binders-Packers - Rootkits



Symbol Type Viewer


Symbol Type Viewer is a tool which makes it possible to easily visualize the types which can be defined in the symbols of the modules of the systems Microsoft Windows 32/64bit. Moreover, it makes it possible to convert these informations for the C language (.h) and the disassembler IDA of DataRescue (.idc).

Public informations in connection with the types defined in the symbols are extremely limited. And the development of this tool could not have been done without the excellent work of Oleg Starodumov. (http://www.debuginfo.com/)

Symbol Type Viewer was developed with C# for the easy installation of graphical interface. But its principal engine works with native API of helpdbg.dll.

Symbol Type Viewer recognizes the types Structure, Union, Enum, Function like all the basic types (table, pointer, base_type, etc…).

The modules of Windows containing class types are extremely rare. It was thus impossible to do a reliable work with class types. Symbol Type Viewer thus does not manage the modules containing class informations.

This tool is made for all curious ones and reverse engineering fanatics.

To summarize, Symbol Type Viewer allows to :

download the symbols (pdb) very simply.

sail and visualize in a detailed way the types and their members in the form of tree structure

easily find the unused areas in the structures (padding). These areas are theoretically usable to put personal data there

translate the structures for the C Language (.h) and for IDA script (.idc) of DataRescue (http://www.datarescue.com/idabase/)

personalize the formatting: addition of suffix in the names of types, freeze the sizes of structures and members (the pointers become ULONG32 for a 32bit system and UINT64 for a 64bit system)

apply searchs of texts or regular expressions

do a batch processing by treating all modules met in a directory and its under-directories. For example: C:\Windows;)

At this time, Symbol Type Viewer is distributed in version beta and with license GPL (http://www.gnu.org/licenses/gpl.html).

The sources will be placed at the disposal at the final version… after a good cleaning ;)

Symbol Type Viewer functions with Microsoft .NET Framework 2.0.

Download link:http://woodmann.com/collaborative/tools/index.php/Symbol_Type_Viewer

0 评论: