Better-rtti-parser - IDA script to parse RTTI information in executable

RTTI parser

Parses RTTI information from executable.

Example

HexRays decompiler view

Before:

After:

Functions window

Before:

After:

Structs window

Install & Run

git clone https://github.com/MlsDmitry/better-rtti-parser
Click on "IDA > File > Script file" and choose rtti_parse.py
Happy RE time!

Why another RTTI parser ?

I didn't really liked code in SusanRTTI repo and it didn't do what I want ( rename functions to BaseClass::AnotherClass::sub_4B5A ). I decided to spend few more hours to rewrite code, learn how to write IDA plugins. Finally, it became a lot faster, I really liked it, so I'll continue to update it.

Known issues

No Code refs found for _ZNTV...

Problem:

I didn't find a way to get address of first character of string that matched at some position. If know/found solution just add answer in #1 issue

Steps to resolve:

Find full symbol name for __class_type_info, __si_class_type_info or __vmi_class_type_info by searching in IDA and replace old ones in TiClassKind in rtti_parse.py.

Current cover

Test environment

Windows 10 2021 H1
IDA Pro 7.6
Python 3.10 ( I'm surprised this python version works well )
x64 GNU g++ binary

Examples

Check out example folder. There are .elf files for you to test.

Example output ->

Credits

@IgorSkochinsky for http://www.hexblog.com/wp-content/uploads/2012/06/Recon-2012-Skochinsky-Compiler-Internals.pdf ( plugin algo entirely based on his research )
@layle_ctf made my life easier with IDA remote script execution and debugging https://github.com/ioncodes/idacode

Better-rtti-parser - IDA script to parse RTTI information in executable

Related tags

Overview

RTTI parser

Example

Install & Run

Why another RTTI parser ?

Known issues

No Code refs found for _ZNTV...

Current cover

Test environment

Examples

Credits

Owner

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

🐝 ℹ️ Honeybee extension for export to IES-VE gem file format

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

A black hole for Internet advertisements

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

XSS scanner in python

Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available

Tool ini berfungsi untuk membuat virus secara instan

Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

This repo is about steps to create a effective custom wordlist in a few clicks/

Tools ini digunakan untuk krekk pacebuk:v

大宝剑-信息收集和资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）