software

PyClassInformer : An Advanced RTTI Parsing Plugin For IDA Pro

PyClassInformer is an IDAPython-based plugin designed for parsing Run-Time Type Information (RTTI) in C++ binaries.

While existing tools like Class Informer and SusanRTTI offer similar functionality, PyClassInformer stands out by addressing limitations such as the inability to use these tools as libraries and the lack of advanced class hierarchy management.

Key Features

  • Cross-Platform Compatibility: PyClassInformer supports Windows, macOS, and Linux, as it is written in Python and runs within IDA Pro.
  • RTTI Parsing: It parses RTTI for both x86 and x64 binaries, extracting detailed information about class layouts and hierarchies.
  • Enhanced Visualization: The plugin provides a tabular output with additional columns like:
    • Offset: Displays the offset of a virtual function table (vftable) in the class layout.
    • Hierarchy Order: Shows inheritance order from a class to its top-most superclass.
  • Integration with Python: Results can be accessed programmatically by importing PyClassInformer as a library, enabling advanced automation and analysis.

To launch PyClassInformer:

  1. Press Alt+Shift+L in IDA Pro.
  2. Alternatively, navigate to Edit -> Plugins -> PyClassInformer.

Double-clicking any entry in the results navigates directly to the corresponding vftable address.

  1. Place pyclassinformer_plugin.py and the pyclassinformer folder into the plugins directory of your IDA user directory ($IDAUSR).
  2. Restart IDA Pro to load the plugin.
  • IDA Pro: Version 7.4 or later (tested on versions up to 9.1).
  • Python: Version 3.x (tested on Python 3.8 and 3.10).

PyClassInformer outputs detailed RTTI information, including Complete Object Locators (COL), Class Hierarchy Descriptors (CHD), and Base Class Descriptors (BCD).

It also visualizes class hierarchies in a tree-like structure, aiding reverse engineers in understanding complex inheritance relationships.

Compared to tools like Class Informer, PyClassInformer offers:

  • Library functionality for integration into custom Python scripts.
  • Additional data columns for better analysis of class layouts and hierarchies.

While it shares some similarities with SusanRTTI, PyClassInformer enhances usability by combining RTTI parsing with flexible data handling capabilities.

In summary, PyClassInformer is an invaluable tool for reverse engineers working with C++ binaries, offering both ease of use and powerful insights into object-oriented structures.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtoolsPyClassInformer
1 month ago

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

6 hours ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

1 day ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

1 day ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

1 day ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

1 day ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

1 day ago