Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Old 09-08-2020, 20:22
jonwil jonwil is offline
Join Date: Feb 2004
Posts: 347
Rept. Given: 2
Rept. Rcvd 19 Times in 7 Posts
Thanks Given: 1
Thanks Rcvd at 46 Times in 29 Posts
jonwil Reputation: 19
STL and IDA Pro/HexRays?

Does anyone have any tips for how to work with the STL (std::wstring, std:air, std::vector, std::deque, std::multimap in particular seem to be used by my target based on its symbols) in IDA? How to figure out what the actual layout of a given STL class looks like? (once you expand out the template parameters) How to recognize inlined STL functions? Or any other tips for worknig with the STL in IDA
Reply With Quote
Old 09-09-2020, 01:09
chants chants is offline
Join Date: Jul 2016
Posts: 591
Rept. Given: 9
Rept. Rcvd 35 Times in 21 Posts
Thanks Given: 533
Thanks Rcvd at 865 Times in 404 Posts
chants Reputation: 35
I imagine only pretty trivial STL functions would be inlined. Especially in modern variants the library gets quite complicated especially in debug builds. But iterators and such are almost surely inlined in release builds. But there is hardly anything to recognize there just pointers being incremented or dereferenced.

Inherently, the basic task of a decompiler is to deal with the control flow and data flow and produce some exact proper representation in C code. Everything and I mean everything C++ related can be done merely by pattern recognition algorithms. Its basically just a code cleanup phase. Of course pattern recognition may not always be the ideal or least complex approach but theoretically it should work. Practically speaking, simply reversing the way the compiler translate C++ code into C code in a more algorithmic way would also be a good idea.

In the context of IDA, dealing with anything C++ ideally you would look for plugins or write your own which does some sort of pattern matching or algorithmic identification. If going the algorithm route, it would really help to be an expert in some open source compiler frameworks like LLVM or GCC or something to know how and why those algorithms work, so as to have a hope of reversing them.
Reply With Quote
Old 10-17-2020, 04:07
vic4key vic4key is offline
Join Date: Apr 2010
Posts: 30
Rept. Given: 5
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 34
Thanks Rcvd at 7 Times in 5 Posts
vic4key Reputation: 8
Take a look at `Options \ Demangled names...` It might help you to look STL asm codes more pretty.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

All times are GMT +8. The time now is 03:26.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )