logo
Welcome Guest! To enable all features please Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
Anddos  
#1 Posted : Monday, June 11, 2012 5:21:57 AM(UTC)
Anddos

Rank: Newbie

Groups: Registered
Joined: 6/11/2012(UTC)
Posts: 3
Location: Lancashire

how do you find all the class's in ida pro ?
Sponsor

Wanna join the discussion?! Login to your forum account. New Registrations are disabled.

civan2  
#2 Posted : Monday, June 11, 2012 11:34:36 AM(UTC)
civan2

Rank: Advanced Member

Groups: Registered
Joined: 1/27/2012(UTC)
Posts: 109

Was thanked: 34 time(s) in 17 post(s)
You are confused, sir ;). There is no such thing as an object in ASM, it is translated to a data structure and a set of functions that take the this pointer as their first arg.
Good at pvp. I enjoy pvz and pvt too.
Da_Teach  
#3 Posted : Monday, June 11, 2012 12:01:03 PM(UTC)
Da_Teach

Rank: Administration

Groups: Administrators
Joined: 1/24/2011(UTC)
Posts: 541

Thanks: 1 times
Was thanked: 247 time(s) in 79 post(s)
Originally Posted by: civan2 Go to Quoted Post
You are confused, sir ;). There is no such thing as an object in ASM, it is translated to a data structure and a set of functions that take the this pointer as their first arg.


While you are correct in the strict sense of the word "class / object in asm", at least most C++ compilers leave some type of signature in compiled code which can be traced back to the class and/or its methods.

For IDA you'll want to look at Class Informer:
http://www.woodmann.com/...index.php/Class_Informer

Don't expect to get method names, and it's only compatible with the MSVC compiler, but it can help (seeing as that compiler is used a lot :)).

Also you'll want to do some research into v-tables. Basically with almost all "object oriented languages", the first dword of a class-'structure' (in memory) point's to the v-table of that class. The v-table is basically a list of function pointers of that class.

Some compilers leave info of the class in either the constructor (search for the v-table pointer, the function that writes it in the first-dword of a newly allocated piece of memory is usually the constructor). Or in the first method in the v-table (not always true, but in the beta-versions of Rift the first method of the v-table gave me class-names).

With v-table knowledge + string references (from methods of the v-table / constructor) you might be able to get a lot of info from IDA about the classes being used. Also (with some MMO's), getting a beta executable might help a lot as dev's often leave more info in them (as it makes it easier to debug for them).

Fun note, the first beta of WoW even had a PDB, which is a hacker's wet dream :)
civan2  
#4 Posted : Monday, June 11, 2012 12:17:53 PM(UTC)
civan2

Rank: Advanced Member

Groups: Registered
Joined: 1/27/2012(UTC)
Posts: 109

Was thanked: 34 time(s) in 17 post(s)
Problem with vtables is that you need at least one virtual function for the compiler to include them, and as the name suggests, non-virtual stuff is not included. I thought that is too much detail to go into on a one liner question ;).
Good at pvp. I enjoy pvz and pvt too.
Anddos  
#5 Posted : Monday, June 11, 2012 12:45:28 PM(UTC)
Anddos

Rank: Newbie

Groups: Registered
Joined: 6/11/2012(UTC)
Posts: 3
Location: Lancashire

i go to edit -> plugins but there is no option to add the plugin?
i am using ida pro verison 6.1.0.110409 (32 bit)

Edited by user Monday, June 11, 2012 1:42:55 PM(UTC)  | Reason: Not specified

Da_Teach  
#6 Posted : Monday, June 11, 2012 3:29:06 PM(UTC)
Da_Teach

Rank: Administration

Groups: Administrators
Joined: 1/24/2011(UTC)
Posts: 541

Thanks: 1 times
Was thanked: 247 time(s) in 79 post(s)
Originally Posted by: Anddos Go to Quoted Post
i go to edit -> plugins but there is no option to add the plugin?
i am using ida pro verison 6.1.0.110409 (32 bit)


You have to unpack the plugin into the right directory, also the plugin has to be compatible with 6.1. But I'm pretty sure there was a class informer plugin for 6.1 but I could be mistaken.
Anddos  
#7 Posted : Monday, June 11, 2012 3:44:38 PM(UTC)
Anddos

Rank: Newbie

Groups: Registered
Joined: 6/11/2012(UTC)
Posts: 3
Location: Lancashire

everytime it says

==== Stats ====
RTTI: 0
RTCI: 0
Named: 0
Other: 0
Total vftables: 0
-
Functions recovered: 0
Processing time: 0.13 seconds.

what am i doing wrong?
Da_Teach  
#8 Posted : Monday, June 11, 2012 4:10:34 PM(UTC)
Da_Teach

Rank: Administration

Groups: Administrators
Joined: 1/24/2011(UTC)
Posts: 541

Thanks: 1 times
Was thanked: 247 time(s) in 79 post(s)
I'm guessing its either not working or the program your trying to hack wasn't compiled with MSVC...
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.