search

0xgalz / Virtuailor

IDAPython tool for creating automatic C++ virtual tables in IDA Pro
GNU General Public License v3.0
1.26k stars 129 forks source link

Can't get the vtable result #6

Closed happydpc closed 5 years ago

happydpc commented 5 years ago

Here's the result when I execute the main.py. I can't figure out what's wrong but there's nothing output but these errors.

ERROR at address 0x7ffbd68bd37c: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ffbd68bdce8: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ffbd68be0dc: the vtable pointer was assigned outside of function, could not place BP

0xgalz commented 5 years ago

These errors mean that the vtable pointer was assigned to a register outside of the function where the virtual call was made from, or passed in unusual way. It might happens sometimes but it is not common, it depends what happens in this case specifically.

In case this BP is especially important, you can jump to address stated in the comment in IDA, and try to discover the reason your code acts like this.

In order to give you the correct answer to these errors I need to look at the Assembly or Assembly snippet of the case. In order to add support for them in the future I need to understand exactly what caused them, can you share the binary or share an assembly snippet?

Thanks!

Gal

happydpc commented 5 years ago

Sure, I have uploaded a dll file. And run the main.py , these errors come:

DataPortPk.zip

ERROR at address 0x7ff99f0a6bb0: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0a6bb0: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0a6bb0: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0a6bb0: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0a6bb0: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0a6bb0: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0a6bb0: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0f97fc: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0f97fc: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0f97fc: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0f9eb4: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0faa00: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0fad50: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f0fc62c: the vtable pointer was assigned outside of function, could not place BP ERROR at address 0x7ff99f10803d: the vtable pointer was assigned outside of function, could not place BP

0xgalz commented 5 years ago

Hi! :)
I Fixed the issue and improved the comments.
If there is a vtable that was assigned outside of the function it'll now look like this:

Warning! At address 0x1400bd600: The vtable assignment might be in another function (Maybe sub_1402F8B18),could not place BP.

In this case the new comment is supposed to help and focus you where
you should look afterwards for the problematic virtual call.

Additionally there was a bug with how the CFG was handled and this bug was fixed, as of today the amount of warnings/errors should be significantly lower.

I checked it on your DLL it seems to reduce the warnings/errors! :) (The warnings are now all for BPs that their vtable address might change in previous function calls),

please let me know if it fixed your problem in your opinion too, so I could close the issue.
Thank you very much for reporting about this bug :)