Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-08-2020, 20:22
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 323
Rept. Given: 2
Rept. Rcvd 19 Times in 7 Posts
Thanks Given: 1
Thanks Rcvd at 41 Times in 26 Posts
jonwil Reputation: 19
STL and IDA Pro/HexRays?

Does anyone have any tips for how to work with the STL (std::wstring, std:air, std::vector, std::deque, std::multimap in particular seem to be used by my target based on its symbols) in IDA? How to figure out what the actual layout of a given STL class looks like? (once you expand out the template parameters) How to recognize inlined STL functions? Or any other tips for worknig with the STL in IDA
Reply With Quote
  #2  
Old 09-09-2020, 01:09
chants chants is offline
Family
 
Join Date: Jul 2016
Posts: 562
Rept. Given: 6
Rept. Rcvd 35 Times in 21 Posts
Thanks Given: 475
Thanks Rcvd at 837 Times in 392 Posts
chants Reputation: 35
I imagine only pretty trivial STL functions would be inlined. Especially in modern variants the library gets quite complicated especially in debug builds. But iterators and such are almost surely inlined in release builds. But there is hardly anything to recognize there just pointers being incremented or dereferenced.

Inherently, the basic task of a decompiler is to deal with the control flow and data flow and produce some exact proper representation in C code. Everything and I mean everything C++ related can be done merely by pattern recognition algorithms. Its basically just a code cleanup phase. Of course pattern recognition may not always be the ideal or least complex approach but theoretically it should work. Practically speaking, simply reversing the way the compiler translate C++ code into C code in a more algorithmic way would also be a good idea.

In the context of IDA, dealing with anything C++ ideally you would look for plugins or write your own which does some sort of pattern matching or algorithmic identification. If going the algorithm route, it would really help to be an expert in some open source compiler frameworks like LLVM or GCC or something to know how and why those algorithms work, so as to have a hope of reversing them.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 01:56.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )