Release v1.2.3 - 2026.02.13

[1.2.3] - 2026-02-13

Added

• COL-based VTable Discovery: Detect vtables that have RTTI Complete Object Locator (??_R4) symbols but no ??_7 vtable symbol
  • Second-pass scan in find_vtables() processes all ??_R4 name entries
  • Extracts class name from COL's TypeDescriptor using existing RTTI parser
  • Locates vtable via name construction (??_R4 → ??_7 lookup) or data xref walking
  • Validates vtable entries point to executable code before adding
  • Supports both x86 (absolute pointers) and x64 (RVA-based) COL formats

Fixed

• Missing VTables in Windows PE Binaries: Classes like CSource2Server, CEngineServer that only had ??_R4 COL symbols are now properly discovered and displayed

Full Changelog: 2025.12.23...2026.02.13

Release v1.2.2 - 2025.12.23

[1.2.2] - 2025-12-23

Added

• VTable Header Comments: Vtable annotations now include header comment showing parent class inheritance
  • Format: vtable for 'ClassName' : inherits 'ParentClass'
  • Root classes show: vtable for 'ClassName' : (root class)
• Override Status Annotations: Function entries now display inheritance status
  • [Override] - Function overrides parent implementation
  • [Inherited] - Function inherited unchanged from parent
  • [NEW] - New virtual function not in parent
  • [Pure→Impl] - Pure virtual function now implemented
  • [Impl→Pure] - Implementation changed to pure virtual
  • [PURE] - Pure virtual function (for classes without parent)

Improved

• Fixed-Width Annotation Formatting: All annotation comments now align perfectly
  • Status prefixes padded to 13 characters for consistent alignment
  • Index and offset values left-aligned with trailing spaces
  • Format: [Status] index: N | offset: M

Full Changelog: 2025.12.21...2025.12.23

Release v1.2.1 - 2025.12.21

[1.2.1] - 2025-12-21

Added

• RTTI Auto-Detection: Automatic MSVC vs GCC/Itanium format detection based on file type and symbol mangling
• Intermediate Class Support: Detect and display compiler-inlined classes that exist in RTTI chain but have no vtable symbol
• Inheritance Graph Enhancement: Intermediate classes shown with proper parent-child connections and "uses [ParentVTable]" info
• MSVC x64 Pointer Format Detection: Auto-detect 64-bit absolute pointers vs 32-bit RVA format in Complete Object Locator

Fixed

• Nested Class Name Normalization: MSVC nested classes now properly display as Outer::Inner instead of Outer@Inner
• Graph Edge Logic: Fixed intermediate class connections - parent→intermediate→child chain displays correctly
• Class Name Validation: Relaxed validation to support more edge cases

Improved

• Code Cleanup: Compact comments, renamed functions, removed redundant code
• Chooser Simplification: Removed unused Insert/Delete options from VTable list
• Buffer Sizes: Increased limits for longer class names and RTTI strings

Full Changelog: 2025.12.19...2025.12.21

Release v1.2.0 - 2025.12.19

[1.2.0] - 2025-12-19 - Check README.md

Added

• Graph-based inheritance visualization with interactive navigation
• RTTI parser for automatic inheritance detection (GCC/MSVC formats)
• Comparison view with override detection and filtering
• Base class and derived count columns
• Keyboard shortcuts (Cmd/Ctrl+Shift+V/T/C)

Fixed

• Compiler-specific warning flags (GCC vs Clang)
• macOS deployment target (12.0 to match IDA SDK)
• All platforms build with 0 warnings

Full Changelog: 1.1.0...2025.12.19

Release v1.0.0 - 2025.12.02

[1.1.0] - 2025-12-02

Added

Function Browser

• New Del key action: Browse all functions in a vtable
• Secondary chooser window showing function index, address, name, and status
• Jump to any function with Enter key
• Pure virtual functions highlighted in red

Pure Virtual Detection

• Automatic detection of __cxa_pure_virtual, _purecall, and purevirt symbols
• Abstract classes marked with [abstract] suffix and distinct color
• Function count shows pure virtual breakdown: 26 (3 pv)

Annotate All

• New Ins key action: Annotate all vtables at once
• Progress indicator with cancel support
• Summary dialog showing total vtables and functions processed

UI Improvements

• New "Functions" column showing function count per vtable
• Color coding: abstract classes in light blue, pure virtuals in red
• Dockable tab instead of modal window
• Singleton chooser - reopening brings back the same tab with cached data
• Refresh action to rescan vtables

Optimized

• Cached vtable data for instant reopening
• Binary search for vtable boundary detection
• Unified scanner template eliminates duplicate code

Release 2025.11.20

[1.0.2] - 2025-11-20

Fixed

• Buffer overrun protection in demangle_msvc_name() for malformed MSVC symbols
• Exception handling around find_vtables() to prevent crashes

Removed

• Windows Docker build (MinGW has ABI incompatibility with MSVC for C++ virtual functions)

Full Changelog: 2025.11.18...2025.11.20

Release 2025.11.18

[1.0.1] - 2025-11-18

Changed

Annotation Format

• Updated vtable entry comments to "index: X | offset: Y" format (includes both virtual function index and byte offset)
• Removed function-level comments from decompiled code (assembly-only annotation now)

Function Detection

• Enhanced function pointer validation with name-based trust (accepts IDA auto-generated names: sub_*, nullsub_*, j_*, *_vfunc_*)
• Increased invalid entry tolerance from 2 to 5 consecutive entries for better vtable scanning

Full Changelog: 2025.11.16...2025.11.18

Release 2025.11.16

[1.0.0] - 2025-11-16

Added

Platform Support

• ► IDA Pro 9.x with modern SDK APIs
• ► macOS ARM64 (Apple Silicon M1/M2/M3)
• ► macOS Intel x64
• ► Linux x64
• ► Windows x64
• ► Docker multi-platform build system

Core Features

• Symbol-based vtable detection (Linux/GCC + Windows/MSVC)
• Automatic class name extraction from mangled symbols
• Virtual function index annotation (0-based indexing)
• Native IDA chooser interface with searchable vtable list
• Smart RTTI offset detection (Linux: +2, Windows: 0)
• Boundary detection (stops at next vtable or invalid pointers)

Symbol Detection

• _ZTV* pattern matching (Linux/GCC vtables)
• ??_7*@@6B@ pattern matching (Windows/MSVC vftables)
• Fallback patterns: *vftable*, *vtbl*
• Itanium C++ name mangling parser
• IDA demangler integration

Annotation System

• Automatic index annotation (vtable index #0, #1, etc.)
• Function-level comments (vtable index: 0)
• Vtable entry comments (vtable index #0)
• 0-based indexing (C++ standard compliant)
• RTTI/typeinfo pointer skipping

User Interface

• Context menu integration (right-click → VTable Explorer)
• Platform-specific hotkeys (⌘⇧V / Ctrl+Shift+V)
• Searchable vtable list (2000+ entries support)
• One-click annotation and navigation
• Info dialog with annotation summary

Technical Implementation

VTable Detection Strategy

• Symbol enumeration via get_nlist_size() / get_nlist_ea()
• Mangled name parsing with length-prefix extraction
• Nested namespace handling (_ZTVN...E format)
• _ptr suffix stripping (IDA symbol decoration)

Class Name Extraction

• Primary: IDA demangle_name() API
• Fallback: Manual Itanium C++ name parsing
• Simple names: _ZTV<len><name> extraction
• Complex names: Nested component extraction

Offset Detection

• Auto-detection of first valid function pointer
• Linux default: offset +2 (after offset-to-top + RTTI)
• Windows default: offset 0 (immediate vfunc start)
• Validation: executable segment + function prologue checks

Annotation Logic

• Separate vfunc_index counter (not loop counter)
• Skips invalid/typeinfo pointers without breaking index
• Consecutive invalid limit (max 2)
• Boundary detection (next vtable or unmapped memory)

Build System

• Docker multi-stage builds (Linux, Windows, macOS ARM64, macOS x64)
• Single make build command for all platforms
• Cross-compilation via osxcross and mingw-w64

Full Changelog: https://github.com/K4ryuu/IDA-VTableExplorer/commits/2025.11.16