Parses RTTI information from executable.
This repository and author are open to feature requests. You're more than welcome to open a feature request in issue tab. For template see FEATURE REQUEST
Post your issues here https://github.com/MlsDmitry/better-rtti-parser/issues.
HexRays decompiler view
Before:
After:
Functions window
Before:
After:
Structs window
- git clone https://github.com/MlsDmitry/better-rtti-parser
- Click on "IDA > File > Script file" and choose rtti_parse.py
- Happy RE time!
Known tools didn't have functionality to rename functions based on typeinfo ( e.g. sub_4B5A to BaseClass::AnotherClass::sub_4B5A ). So, I decided to spend few more hours to rewrite code, learn how to write IDA plugins. Finally, it works pretty fast, I really liked it, so I'll continue to update it.
Problem:
It's a bug that will be fixed in later commits. Probably, will add number prefix to names as IDA does for functions.
Steps to resolve
Click on ignore for this database and continue.
- GNU g++ 64-bit
- IDA Pro 7.4-7.6
- Rename functions to BaseClass::AnotherClass::sub_4B5A format
- Create structures for vtables
- Fix: some functions are only renamed, but retyping fails
- Fix: place "v" at the end of symbol only if there are no parameters for function
- Beta support for ARM 32-bit
- Find destructors ( Not really sure how accurate it will be )
- Make class graph
- IDA Pro 7.0-7.3 support
- GNU G++ 32-bit
- MSVC 64-bit
- MSVC 32-bit
- Windows 10 2021 H1
- IDA Pro 7.6
- Python 3.10 ( I'm surprised this python version works well )
- x64 GNU g++ binary
Check out example folder. There are .elf files for you to test.
Example output ->
- @IgorSkochinsky for http://www.hexblog.com/wp-content/uploads/2012/06/Recon-2012-Skochinsky-Compiler-Internals.pdf ( plugin algo entirely based on his research )
- @layle_ctf made my life easier with IDA remote script execution and debugging https://github.com/ioncodes/idacode