map method names to addresses

williballenthin / python-vb

analysis of visual basic code

39 stars 8 forks source link

map method names to addresses #4

Open williballenthin opened 6 years ago

williballenthin commented 6 years ago

names can be found referenced from PublicObjectDescriptor.lpMethodNames. methods (and events!) can be found referenced from OptionalObjectInfo.lpMethodLinkTable. but what is the ordering?

williballenthin commented 6 years ago

for floki test file, we should have the names from Form1:

  0x42DE50: Random
  0x42DF70: IsUserAdmin
  0x42E1C0: RemoteTime
  0x42F210: DumpsCollectorInstaller
  0x42F530: BatGenerator
  0x430420: CheckIfExists
  0x430560: IsInArray
  0x430790: isOdd
  0x420810: CreateShortcut
  0x431BB0: ShellAndWait
  0x432F40: AbductKiller

source: vb-decompiler