Macromonkey

General Category => IDA Pro => Topic started by: Administrator on December 30, 2014, 02:58:41 PM

Title: IDA Class Informer
Post by: Administrator on December 30, 2014, 02:58:41 PM
An IDA Pro MSVC object RTTI vftable finder, fixer, and lister plug-in.
Lists found RTTI structures and C++ classes.

RTTI ("Run-time type information"): Wikipedia RTTI (http://en.wikipedia.org/wiki/RTTI)

Based off article and IDC scripts by Igor Skochinsky:
http://www.openrce.org/articles/full_view/23
http://www.openrce.org/downloads/details/196
Recon 2012: Compiler Internals (http://www.hexblog.com/?p=704)

> Sourceforge ClassInformer < (http://sourceforge.net/projects/classinformer/)

Dialog:
(http://www.macromonkey.com/bb/Res/ClassInformerDlg.png)


Example list output:
(http://www.macromonkey.com/bb/Res/ClassInformer1.jpg)


Sample RTTI vftables commented by plugin:
(http://www.macromonkey.com/bb/Res/VftabkeShot1.jpg)

[May 2017]: Version 2.4
Will now scan all "DATA" type segments. Before would only scan the first ".rdata" and ".data" named segments.
Added a "segment select" to allow manually selecting the segments to scan.

[Jan 2016]: Version 2.2
Updated to IDA SDK 6.9 and now using MSVC 2015.

[May 2015]: Version 2.0, major update.
Added a fully functional 64bit version.
Different, more accurate scanning method.
Fancy "material design" inspired user interface.
Updated to IDA SDK 6.7

To build requires a minimal Qt 5.4.1 SDK install.
See: Qt 4.8.4 on Windows for IDA Pro C/C++ plug-in development Part 1 of 3 (http://www.macromonkey.com/qt-4-8-4-on-windows-for-ida-pro-cc-plug-in-development-part-1/)
Also requires my: IDA Support Library (https://sourceforge.net/projects/ida-support-library/)

> Sourceforge ClassInformer < (http://sourceforge.net/projects/classinformer/)
Title: Re: IDA Class Informer
Post by: Administrator on June 01, 2017, 11:27:52 PM
Mentioned in Chris Eagle's popular IDA Pro book:
https://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898 (https://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898)

qwerty9384 made a tutorial game hacking tutorial using Class Informer:
https://www.unknowncheats.me/wiki/IDA_Pro_ClassInformer_Tutorial (https://www.unknowncheats.me/wiki/IDA_Pro_ClassInformer_Tutorial)

In this thread, someone has made a IDA 6.8 version and more (use at your own risk):
https://www.techbliss.org/threads/class-informer-by-sirmabus.73/page-3 (https://www.techbliss.org/threads/class-informer-by-sirmabus.73/page-3)