Better-rtti-parser - IDA script to parse RTTI information in executable

Related tags

Security related resourcesbetter-rtti-parser
Overview

RTTI parser

Parses RTTI information from executable.

Example

HexRays decompiler view

Before:

decompiler view before

After:

decompiler view after

Functions window

Before:

functions window before

After:

functions window after

Structs window

structs windows

Install & Run

  1. git clone https://github.com/MlsDmitry/better-rtti-parser
  2. Click on "IDA > File > Script file" and choose rtti_parse.py
  3. Happy RE time!

Why another RTTI parser ?

I didn't really liked code in SusanRTTI repo and it didn't do what I want ( rename functions to BaseClass::AnotherClass::sub_4B5A ). I decided to spend few more hours to rewrite code, learn how to write IDA plugins. Finally, it became a lot faster, I really liked it, so I'll continue to update it.

Known issues

No Code refs found for _ZNTV...

Problem:

I didn't find a way to get address of first character of string that matched at some position. If know/found solution just add answer in #1 issue

Steps to resolve:

Find full symbol name for __class_type_info, __si_class_type_info or __vmi_class_type_info by searching in IDA and replace old ones in TiClassKind in rtti_parse.py.

Current cover

  • GNU g++ 64-bit
  • IDA Pro 7.4-7.6
  • Rename functions to BaseClass::AnotherClass::sub_4B5A format
  • Create structures for vtables
  • Fix: place "v" at the end of symbol only if there are no parameters for function
  • Fix: some functions are only renamed, but retyping fails
  • Find destructors ( Not really sure how accurate it will be )
  • Make class graph
  • IDA Pro 7.0-7.3 support
  • GNU G++ 32-bit
  • MSVC 64-bit
  • MSVC 32-bit

Test environment

  • Windows 10 2021 H1
  • IDA Pro 7.6
  • Python 3.10 ( I'm surprised this python version works well )
  • x64 GNU g++ binary

Examples

Check out example folder. There are .elf files for you to test.

Example output ->

an image should be here

Credits

  1. @IgorSkochinsky for http://www.hexblog.com/wp-content/uploads/2012/06/Recon-2012-Skochinsky-Compiler-Internals.pdf ( plugin algo entirely based on his research )
  2. @layle_ctf made my life easier with IDA remote script execution and debugging https://github.com/ioncodes/idacode
Owner
CTF player, Reverse Engineer
GitHub Repository
The Devils Eye is an OSINT tool that searches the Darkweb for onion links and descriptions that match with the users query without requiring the use for Tor.

The Devil's Eye searches the darkweb for information relating to the user's query and returns the results including .onion links and their description

Richard Mwewa 135 Dec 31, 2022
Password List Maker

Red-Key Red-Key Password List Maker Version 1.1.2 Created By FireKing255 -=Features=- Create Random Password List Create Password List Create Password

FireKing255 7 Dec 26, 2021
宝塔面板Windows版提权方法

宝塔面板Windows提权方法 本项目整理一些宝塔特性,可以在无漏洞的情况下利用这些特性来增加提权的机会。

298 Dec 14, 2022
Uma ferramenta de segurança da informação escrita em python3,capaz de dar acesso total ao computador de alguém!

shell-reverse Uma ferramenta de segurança da informação escrita em python3, capaz de dar acesso total ao computador de alguém! A cybersecurity tool wr

Marcus Vinícius Ribeiro Andrade 1 Nov 03, 2021
IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

Re-Scripts IA32-VMX-Helper (IDA-Script) IA32-MSR-Decoder (IDA-Script) IA32 VMX Helper It's an IDA script (Updated IA32 MSR Decoder) which helps you to

Behrooz Abbassi 16 Oct 08, 2022
This repo is about steps to create a effective custom wordlist in a few clicks/

Custom Wordlist This repo is about steps to take in order to create a effective custom wordlist in a few clicks. this comes handing in pentesting enga

2 Oct 08, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible

CRACKER911181 1 Jan 10, 2022
This is a simple Port Flooder written in Python 3.

This is a simple Port Flooder written in Python 3. Use this tool to quickly stress test your network devices and measure your router's or server's load.

Júlio Carneiro 4 Feb 20, 2022
NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network

NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. And it is improving every day, new packages are added. Than

Error 263 Jan 01, 2023
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

Cowrie 4.1k Jan 09, 2023
Nmap scanner with python

Nmap_scanner Usage: sudo python3 nmap_ping.py -i Network List.txt -o Output Folder Location Program can Run Ping Scan Run Port Scan Run Nmap Vuln

Arshaad Mohiadeen 3 Apr 13, 2022
Official implementation of the paper "Backdoor Attacks on Self-Supervised Learning".

SSL-Backdoor Abstract Large-scale unlabeled data has allowed recent progress in self-supervised learning methods that learn rich visual representation

UMBC Vision 44 Nov 21, 2022
pwncat module that automatically exploits CVE-2021-4034 (pwnkit)

pwncat_pwnkit Introduction The purpose of this module is to attempt to exploit CVE-2021-4034 (pwnkit) on a target when using pwncat. There is no need

Dana Epp 33 Jul 01, 2022
MozDef: Mozilla Enterprise Defense Platform

MozDef: Documentation: https://mozdef.readthedocs.org/en/latest/ Give MozDef a Try in AWS: The following button will launch the Mozilla Enterprise Def

Mozilla 2.2k Jan 08, 2023
recover Firefox and more browsers logins

Browser Creds this script will recover saved browsers logins into txt files. It currently only support windows 10. currently support : Chrome Opera Fi

HugoLB 41 Nov 09, 2022
CVE-2021-43798Exp多线程批量验证脚本

Grafana V8.*任意文件读取Exp--多线程批量验证脚本 漏洞描述 Grafana是一个开源的度量分析与可视化套件。经常被用作基础设施的时间序列数据和应用程序分析的可视化,它在其他领域也被广泛的使用包括工业传感器、家庭自动化、天气和过程控制等。其 8.*版本任意文件读取漏洞,该漏洞目前为0d

2 Dec 16, 2021
Worm/Trojan/Ransomware/apt/Rootkit/Virus Database

Pestilence - The Malware Database [] Screenshot Pestilence is a project created to make the possibility of malware analysis open and available to the

*ERR0R* 47 Dec 21, 2022
HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu

EntySec 100 Dec 23, 2022
Installation of hacking tools

Tools-Spartan This is a program that makes it easy for you to download and install tools used in Kali Linux, there are tons of tools available.

1 Nov 10, 2021
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

Cracker 331 Jan 01, 2023