Feature Request: Output Field Offsets, VTable Offsets, and Protocol Witness Offsets

[WeZZard]

Hi 👋 and thanks for the amazing tool — it’s been incredibly helpful for reverse engineering Swift binaries.

I’d like to propose a feature request that would significantly enhance the tool’s utility for advanced reverse engineering workflows, especially when analyzing Swift programs.

Feature Request

Would it be possible to add support for extracting and displaying the following offsets in the generated output?

1. Data Field Offsets
   The memory offset of each data field (instance variable) within a Swift class or struct.

2.Virtual Function Offsets in the V-table
The offset of each virtual function within the class v-table — useful for analyzing dynamic dispatch behavior.

3. Protocol Witness Offsets in the Protocol Witness Table (PWT)
   The relative position of each protocol requirement implementation inside the protocol witness table — which is critical for reconstructing existential calling conventions.

Why This Matters:

Having these offsets would allow reverse engineers to:

1. Match memory layout more precisely when reconstructing Swift types and method tables.
2. Understand subclassing and protocol conformance behavior at the binary level.
3. Navigate low-level call sites that rely on indirect calls via v-tables or protocol witness tables.

Example Use Case

We can quickly know about what a particular offset of the type metadata and protocol witness table mean when reading disassembly code.

Possible Output Format

This could be an optional flag like --emit-offsets or a new section in the output format, such as:

class MyModule.MyClass {
  // field offset: 0x10
  var foo: Int
  // v-table function: 0x18
  fun bar()
}
protocol MyModule.MyProtocol {
  // protocol witness table offset: 0x8
  fun bar()
}

Let me know if this is something you’d consider! I’d be happy to discuss implementation ideas or provide further use cases.

Thanks again for your awesome work 🙌

[Kyle-Ye]

Implementation Update

Hello! I've created a work-in-progress implementation of the requested --emit-offsets feature in PR #19.

✅ Features Implemented

• Data Field Offsets: Memory locations of instance variables in Swift classes/structs
• Virtual Function Offsets: V-table method locations for analyzing dynamic dispatch
• Protocol Witness Offsets: Protocol conformance implementation positions

🔧 Usage

swift-section dump /path/to/binary -o output.txt --emit-offsets

📋 Sample Output

The feature adds detailed offset information as comments:

struct SomeStruct {
    var field1: Int
    var field2: String  
}
// Data Field Offsets:
//   Field 0: 0x0
//   Field 1: 0x8

// Virtual Function Offsets:
//   VTable Offset: 0x1000
//   VTable Size: 3 entries
//   Method 0: 0x1000
//   Method 1: 0x1008

⚠️ Important Notes

1. This is a WIP implementation that needs thorough testing and review
2. AI-Generated Code: This implementation was created with AI assistance
3. Review Required: Since I lack the expertise to properly review this code, please exercise caution and perform comprehensive testing before use

The implementation targets exactly what was requested - helping reverse engineers "match memory layout more precisely" and "understand subclassing and protocol conformance behavior at the binary level."

Please test with your specific use cases and provide feedback!

---

Note: This comment was posted by AI assistance on behalf of the contributor.

[Mx-Iris]

This feature is planned and is expected to be released together with SwiftInterface