Class Informer By Sirmabus
- Thread starter Storm Shadow
- Start date
i had to work all summer so i have vacation in two weeks.
I cant wait
I cant wait
Sorry for the delay, I should check the site more often.
That's good info. Didn't know there was a hard limit of 2048 characters for these names.
The problem is IDA string limits are normally 1024 due to the way the internal DB system works.
One could structure things to use multiples of these blocks of course to hold larger strings but they probably wouldn't be viewable in an IDA chooser() window.
At any rate I don't really think it's worth the effort. In the IDBs that I work and test with this problem rarely shows up, and usually not one of interest.
Part of the problem might be where a simple class when epanded in binary form ends up being a very large string.
For example the simple code that startes as "std::string::swap(class std::string &)" gets expanded to:
"std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::swap(class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> &)"
There is a plug-in made by "zyantific" to ease this problem (and where I got this example from):
https://github.com/zyantific/REtypedef
Chances are the ones that your are running into are one of these type.
His plug-in will not help with ClassInformer as it is, his code would have to be added to a point where either the names are stored or before they are displayed (allowing one to switch).
Also some other kind of filtering might work, like filtering out arument types when they are too long, etc., and prehaps only keeping the base type name(s).
I have no current plans for adding any of these features.
You're more than welcome to make a fork and work out your own solution:
https://sourceforge.net/projects/classinformer/
That's good info. Didn't know there was a hard limit of 2048 characters for these names.
The problem is IDA string limits are normally 1024 due to the way the internal DB system works.
One could structure things to use multiples of these blocks of course to hold larger strings but they probably wouldn't be viewable in an IDA chooser() window.
At any rate I don't really think it's worth the effort. In the IDBs that I work and test with this problem rarely shows up, and usually not one of interest.
Part of the problem might be where a simple class when epanded in binary form ends up being a very large string.
For example the simple code that startes as "std::string::swap(class std::string &)" gets expanded to:
"std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::swap(class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> &)"
There is a plug-in made by "zyantific" to ease this problem (and where I got this example from):
https://github.com/zyantific/REtypedef
Chances are the ones that your are running into are one of these type.
His plug-in will not help with ClassInformer as it is, his code would have to be added to a point where either the names are stored or before they are displayed (allowing one to switch).
Also some other kind of filtering might work, like filtering out arument types when they are too long, etc., and prehaps only keeping the base type name(s).
I have no current plans for adding any of these features.
You're more than welcome to make a fork and work out your own solution:
https://sourceforge.net/projects/classinformer/
Last edited:
ClassInformer v2.4 R2 has been updated 
Thanks for awesome work Sirmabus . The attach file is my build for IDA 6.8.
Thanks for awesome work Sirmabus . The attach file is my build for IDA 6.8.Great news! thanks a lot
Could you please share the steps how you built the binary?
thx
2) I've seen these days a repo ClassInformer_Modified @github
https://github.com/Hugues92/IDA_ClassInformer_Modified
I see it has lots of improvements into CI.
Could you please review and import it into the main branch of CI?
Could you please share the steps how you built the binary?
thx
2) I've seen these days a repo ClassInformer_Modified @github
https://github.com/Hugues92/IDA_ClassInformer_Modified
I see it has lots of improvements into CI.
Could you please review and import it into the main branch of CI?
Because the main repo is build with Qt5 (and all library is rebuild with QT5), it's very hard to downgrate to Qt4, so I compared the main repo with my current local repo and manual modify it :3. I attached the code use Qt4, could be build with VS2013, IDASDK 6.8, QT 4.8.6 (with QT namespace)
The repo IDA_ClassInformer_Modified has lots of change, I'll try my best
Thanks for making and posting a 6.8 versionClassInformer v2.4 R2 has been updated
I'll have to study it. I'm not so interested adding constructor/destructor support although people have asked for that. Also people ask for some kind of automatic member function naming.
There was a white paper once where it claimed they do full class reconstruction years ago but I doubt it.
Also some scripts from Halvar Flake that are supposed to recover as least partial class higherarcy.
I think it will take a serious code analyzer to get right. For class reconstruction I could imagine prehaps converting the binary to LLVM or some other IR, and analizing the data figuring how big the new/allocation(s) are, sub-classes, etc.
Hello guys i try the build of classinformer for ida 6.8 and when try to load a target gives me error "Fatal error before kernel init"
*EDIT*
I fixed it guys. For those who have the same problem and because at readme.txt doesn't mention anything. At plugins.cfg change ; Sirmabus "Class Informer" plug-in
Class-Informer IDA_ClassInformer_PlugIn.p64 Alt-2 0 instead of .plw
*EDIT*
I fixed it guys. For those who have the same problem and because at readme.txt doesn't mention anything. At plugins.cfg change ; Sirmabus "Class Informer" plug-in
Class-Informer IDA_ClassInformer_PlugIn.p64 Alt-2 0 instead of .plw
Last edited:
malware_hunter
New member
ClassInformer v2.4 R2 has been updated
Hi,
I always get RTTI Vftables as 0, and don't get my any output window.
I use it for IDA Pro 6.8 version
I think the plugins didn't start correctly, in case not found rtti, it still show in the output :3
Can't compile ida7 without rebuild Qt5SDK :3, it tooks some day to build the sdk. The ida7 change much api and flow :3, need to analyze the change to fix in plugin too sad news, the lib file in idasdk build with linker v15 (VS 2017), my machine can't install it
sad news, the lib file in idasdk build with linker v15 (VS 2017), my machine can't install it
Last edited:
I'll get to it soon.
Making a 64bit (AMD64 DLL) version shouldn't be a problem, but it will need some investigation because the patch notes say they added RTTI support.
Which means maybe IDA detects RTTI now and might already place a lot of the structures automatically.
If so just means I might to check and maybe clean some up, and just show them as a list still.
Making a 64bit (AMD64 DLL) version shouldn't be a problem, but it will need some investigation because the patch notes say they added RTTI support.
Which means maybe IDA detects RTTI now and might already place a lot of the structures automatically.
If so just means I might to check and maybe clean some up, and just show them as a list still.
Getting around to updatding all my plugins to IDA 7 finally.
Put in about 30 hours into so far.
There is a lot of IDA SDK API changes so it's a lot more work as opposed to just doing an update.
For one thing, they nicely added RTTI support to IDA. But unfortuantly so far I noticed it has an error rate where it misses around 5 to 30% of the vftables.
I was hoping ClassInformer could just turn into a viewer/lister, but not quite yet..
Someone did make a Python version of my plugin, but I have havn';t tried it yet so I have no clue on how well it works.
Put in about 30 hours into so far.
There is a lot of IDA SDK API changes so it's a lot more work as opposed to just doing an update.
For one thing, they nicely added RTTI support to IDA. But unfortuantly so far I noticed it has an error rate where it misses around 5 to 30% of the vftables.
I was hoping ClassInformer could just turn into a viewer/lister, but not quite yet..
Someone did make a Python version of my plugin, but I have havn';t tried it yet so I have no clue on how well it works.
Last edited:
Great news
, the IDA 7 has support RTTI but it lack of features that your plugin support I have tested the python version but doesnt work at 7 version and the author seems abandoned.
the python version is not supported by the auther of the c++ plugin to my knowledge , so discussion about that version must go in a seperate thread.