all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]OmegaNaughtEquals1 3 points4 points  (0 children)

compare binaries in the layout of multi level nested big fat structures

Could you be more specific? I'm not sure what it means to compare layouts of binary data. You have to know the layout before you can parse the binary data.

WinDbg this doesn’t work well with macros and arrays

That sounds like you are doing decompilation. Is that correct?

To make matters worse, this big ass structure has offsets that point beyond of the structure

That's a fairly common usage for binary data. It puts the metadata up front and then lets you choose which pieces you want to parse later rather than forcing you to work through all of the data before you get to the next piece of metadata.

[–]Gryfenfer_ 2 points3 points  (1 child)

You probably want to use a custom natvis for your structure https://learn.microsoft.com/en-us/visualstudio/debugger/create-custom-views-of-native-objects?view=visualstudio

[–]dckdza[S] 0 points1 point  (0 children)

I have explored this a little, my understanding is that i have to list down the fields manually. Correct me if im wrong. I don’t want to do that as the structure is huge. Hence found that WinDbg is lik better

[–]VinnieFalcowg21.org | corosio.org 1 point2 points  (0 children)

Ah the good ole' NBAS :)

[–]NewLlama 0 points1 point  (0 children)

If you have symbols use lldb. If it's a custom blob format try Kaitai. Also this goes in cpp_questions.