Want to Join Us ?

you'll be able to discuss, share and send private messages.

Class Informer By Sirmabus

Discussion in 'Plugins' started by storm shadow, Feb 8, 2013.

Share This Page

  1. sendersu

    Active Member

    anybody alive or all are heaving some fun on vacations :)
     
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    i had to work all summer so i have vacation in two weeks.
    I cant wait
     
    sendersu likes this.
  3. sendersu

    Active Member

    looks like summer is over... was your vacations cool? :)
     
  4. Sirmabus

    Member Ida Pro Expert

    Sorry for the delay, I should check the site more often.

    That's good info. Didn't know there was a hard limit of 2048 characters for these names.

    The problem is IDA string limits are normally 1024 due to the way the internal DB system works.
    One could structure things to use multiples of these blocks of course to hold larger strings but they probably wouldn't be viewable in an IDA chooser() window.
    At any rate I don't really think it's worth the effort. In the IDBs that I work and test with this problem rarely shows up, and usually not one of interest.

    Part of the problem might be where a simple class when epanded in binary form ends up being a very large string.
    For example the simple code that startes as "std::string::swap(class std::string &)" gets expanded to:
    "std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::swap(class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> &)"

    There is a plug-in made by "zyantific" to ease this problem (and where I got this example from):
    https://github.com/zyantific/REtypedef

    Chances are the ones that your are running into are one of these type.
    His plug-in will not help with ClassInformer as it is, his code would have to be added to a point where either the names are stored or before they are displayed (allowing one to switch).
    Also some other kind of filtering might work, like filtering out arument types when they are too long, etc., and prehaps only keeping the base type name(s).

    I have no current plans for adding any of these features.
    You're more than welcome to make a fork and work out your own solution:
    https://sourceforge.net/projects/classinformer/
     
    Last edited: Nov 28, 2016
  5. computerline

    Well-Known Member Ida Pro Expert

    ClassInformer v2.4 R2 has been updated :) Thanks for awesome work Sirmabus (y). The attach file is my build for IDA 6.8.
     

    Attached Files:

  6. sendersu

    Active Member

    Great news! thanks a lot
    Could you please share the steps how you built the binary?
    thx

    2) I've seen these days a repo ClassInformer_Modified @github
    https://github.com/Hugues92/IDA_ClassInformer_Modified

    I see it has lots of improvements into CI.

    Could you please review and import it into the main branch of CI?
     
  7. computerline

    Well-Known Member Ida Pro Expert

    Because the main repo is build with Qt5 (and all library is rebuild with QT5), it's very hard to downgrate to Qt4, so I compared the main repo with my current local repo and manual modify it :3. I attached the code use Qt4, could be build with VS2013, IDASDK 6.8, QT 4.8.6 (with QT namespace) :)
    The repo IDA_ClassInformer_Modified has lots of change, I'll try my best :D
     

    Attached Files:

    Rip Cord and storm shadow like this.
  8. Sirmabus

    Member Ida Pro Expert

    Thanks for making and posting a 6.8 version :)
     
  9. Sirmabus

    Member Ida Pro Expert

    I'll have to study it. I'm not so interested adding constructor/destructor support although people have asked for that. Also people ask for some kind of automatic member function naming.
    There was a white paper once where it claimed they do full class reconstruction years ago but I doubt it.
    Also some scripts from Halvar Flake that are supposed to recover as least partial class higherarcy.

    I think it will take a serious code analyzer to get right. For class reconstruction I could imagine prehaps converting the binary to LLVM or some other IR, and analizing the data figuring how big the new/allocation(s) are, sub-classes, etc.
     
  10. hypnz

    Member

    Hello guys i try the build of classinformer for ida 6.8 and when try to load a target gives me error "Fatal error before kernel init"

    *EDIT*
    I fixed it guys. For those who have the same problem and because at readme.txt doesn't mention anything. At plugins.cfg change ; Sirmabus "Class Informer" plug-in
    Class-Informer IDA_ClassInformer_PlugIn.p64 Alt-2 0 instead of .plw
     
    Last edited: Jul 5, 2017
    storm shadow and Rip Cord like this.
  11. malware_hunter

    New Member

    Hi,
    I always get RTTI Vftables as 0, and don't get my any output window.
    I use it for IDA Pro 6.8 version
     
    computerline likes this.
  12. computerline

    Well-Known Member Ida Pro Expert

    I think the plugins didn't start correctly, in case not found rtti, it still show in the output :3
     
  13. hypnz

    Member

    Hello guys

    Anyone can help to compile class informer for ida 7? Thanks
     
  14. computerline

    Well-Known Member Ida Pro Expert

    Can't compile ida7 without rebuild Qt5SDK :3, it tooks some day to build the sdk. The ida7 change much api and flow :3, need to analyze the change to fix in plugin too :( sad news, the lib file in idasdk build with linker v15 (VS 2017), my machine can't install it :(
     
    Last edited: Sep 30, 2017
  15. Sirmabus

    Member Ida Pro Expert

    I'll get to it soon.
    Making a 64bit (AMD64 DLL) version shouldn't be a problem, but it will need some investigation because the patch notes say they added RTTI support.
    Which means maybe IDA detects RTTI now and might already place a lot of the structures automatically.
    If so just means I might to check and maybe clean some up, and just show them as a list still.
     
    Rip Cord, hypnz and storm shadow like this.
  16. sendersu

    Active Member

    Hi gentlemen,
    how are we doing with this great plugin upgrade?
    thanks
     
Top