Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-08-2020, 20:22
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 387
Rept. Given: 2
Rept. Rcvd 21 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 65 Times in 34 Posts
jonwil Reputation: 21
STL and IDA Pro/HexRays?

Does anyone have any tips for how to work with the STL (std::wstring, std:air, std::vector, std::deque, std::multimap in particular seem to be used by my target based on its symbols) in IDA? How to figure out what the actual layout of a given STL class looks like? (once you expand out the template parameters) How to recognize inlined STL functions? Or any other tips for worknig with the STL in IDA
Reply With Quote
  #2  
Old 09-09-2020, 01:09
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
I imagine only pretty trivial STL functions would be inlined. Especially in modern variants the library gets quite complicated especially in debug builds. But iterators and such are almost surely inlined in release builds. But there is hardly anything to recognize there just pointers being incremented or dereferenced.

Inherently, the basic task of a decompiler is to deal with the control flow and data flow and produce some exact proper representation in C code. Everything and I mean everything C++ related can be done merely by pattern recognition algorithms. Its basically just a code cleanup phase. Of course pattern recognition may not always be the ideal or least complex approach but theoretically it should work. Practically speaking, simply reversing the way the compiler translate C++ code into C code in a more algorithmic way would also be a good idea.

In the context of IDA, dealing with anything C++ ideally you would look for plugins or write your own which does some sort of pattern matching or algorithmic identification. If going the algorithm route, it would really help to be an expert in some open source compiler frameworks like LLVM or GCC or something to know how and why those algorithms work, so as to have a hope of reversing them.
Reply With Quote
  #3  
Old 10-17-2020, 04:07
vic4key vic4key is offline
Family
 
Join Date: Apr 2010
Posts: 57
Rept. Given: 5
Rept. Rcvd 24 Times in 10 Posts
Thanks Given: 60
Thanks Rcvd at 94 Times in 21 Posts
vic4key Reputation: 24
Take a look at `Options \ Demangled names...` It might help you to look STL asm codes more pretty.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IDA/HexRays and bitfields... jonwil General Discussion 4 04-14-2021 23:43


All times are GMT +8. The time now is 19:11.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )