Cpp Reversing

Most of this requires IDA Pro + Hex-Rays.

https://blog.0xbadc0de.be/archives/67 https://alschwalm.com/blog/static/2016/12/17/reversing-c-virtual-functions/

You need to do more work depending on whether your binary is stripped or not.

The basic concepts are as follows:

Each subclass will have a structure like

With the parent classes first. Each parent class will have a vtable, containing function pointers. Next are the member variables for the parent class, and then the member variables for the subclass.

you can create structs in IDA in the Structs Subview (Subviews -> Structs). The shortcut is Shift-F9.

When creating structs for C++ classes in IDA, the first member will be a vtable ptr, and the next will be the parent's member variables.

You might want to create the structures as follows:

For each class, define a classXX_members, classXX_vtable, classXX structure. classXX contains

+++ vtable (typed to classXX_vtable *)

+++ classXX-1_members (members of the superclass)

+++ classXX_members, if any classXX_vtable contains

+++classXX-1_vtable

+++classXX’s vptrs, if any

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cpp Reversing

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally