2

I am trying to reverse engineer some C++ code that was made by "architecture astronaut", having multiple layers, lots of virtual functions, lots of polymorphism, metaprogramming, inlined stuff, and so on.

I know that generating C++ from machine code is an almost absurd idea, but what I am looking for is a tool to help me organize information.

Example of features that I would appreciate: support navigating through code by vtables (ie: after you manually find all relevant vtables, you point them to the program, and clicking on a code that jumps to member "6" of the vtable jumps to that function, if this is ambiguous due to various vtables being possible, it asks you what vtable you want).

Easy editing of nested structures (example: instead of defining a class as a struct myClass { myBase baseClass; int someInt;}; you can actually see "myBase" contents inside "myClass" and even edit it, without having to edit the separate structures.

Support for STL names (extremely long names, names with <>: , characters in it)

Being able to tag some code as "copy and paste" of another code, at least in a highlight manner, so you can more easily see what is going on (for example for heavily inlined code, templates, metaprogramming abuse, and so on).

Being able to organize and compare vtables, suppose you have 1 base vtable that is almost entire pure virtual functions, and 2 vtables that override it later, then you can compare all 3, and know what is what (for example you know what functions are overriding the pure virtual functions, and thus if you have debug symbols or something figure the name of the original pure virtual functions).

Being able to merge structs (suppose you find functions of a class all over the code, and create a struct for each one, eventually you find it is the same class)

Being able to give "fake names" to entries on vtable (suppose you know the correct name of a function in a vtable, also the compiler optmized away this function because it was identical to other unrelated function, this way you can use the original name, instead of seeing A::func1(); A::func2(); B::func47(); A::func4();

speeder
  • 387
  • 1
  • 2
  • 4
  • 2
    I think HexRays CodeXplorer is probably as good as it currently gets. Maybe you could start from there? – broadway Jan 26 '16 at 04:37
  • People could comment why they are downvoting :(

    Also, CodeXplorer don't fix any of the issues I mentioned, at all... AND cause some serious bugs (infinite loops, creating bogus structures while debugging, and several other extremely aberrant behaviour, including making IDA crash a couple times).

     – speeder Jan 27 '16 at 03:34
  • @speeder they downvote because they consider you a n00b and consider your question a waste of time. I agree it would be nicer if they gave you constructive criticism rather than just downvoting. – 43.52.4D. Jan 28 '16 at 01:49
  • @43.52.4D. I, for one, downvote all "questions" that equal to "give me a magic tool/incantation to solve my obscure problems, and don't even ask me to think!" Nothing constructive can be said when a questioner has already decided on what the solution would be, and demands a tool that will adhere to that spec. If you're asking for how other people manage to wade through piles of assembly originating from C++, ask an appropriate question. There are a few plugins that help a little, but it's mostly experience and personal skill. – Vitaly Osipov Jan 29 '16 at 05:28
  • Vitaly I asked that in multiple locations, multile times, people never reply, or tell me that I am crazy and that reverse engineering C++ is impossible or makes no sense.

    This question was an attempt to ask in a different manner and see what would be the result, maybe someone would suggest something useful. (example: the CodeXplorer wasn't a bad suggestion, I am already using it, but it doesn't fix the specific issues I mentioned)

     – speeder Jan 29 '16 at 16:02

0 Answers0