software

PyClassInformer : An Advanced RTTI Parsing Plugin For IDA Pro

PyClassInformer is an IDAPython-based plugin designed for parsing Run-Time Type Information (RTTI) in C++ binaries.

While existing tools like Class Informer and SusanRTTI offer similar functionality, PyClassInformer stands out by addressing limitations such as the inability to use these tools as libraries and the lack of advanced class hierarchy management.

Key Features

  • Cross-Platform Compatibility: PyClassInformer supports Windows, macOS, and Linux, as it is written in Python and runs within IDA Pro.
  • RTTI Parsing: It parses RTTI for both x86 and x64 binaries, extracting detailed information about class layouts and hierarchies.
  • Enhanced Visualization: The plugin provides a tabular output with additional columns like:
    • Offset: Displays the offset of a virtual function table (vftable) in the class layout.
    • Hierarchy Order: Shows inheritance order from a class to its top-most superclass.
  • Integration with Python: Results can be accessed programmatically by importing PyClassInformer as a library, enabling advanced automation and analysis.

To launch PyClassInformer:

  1. Press Alt+Shift+L in IDA Pro.
  2. Alternatively, navigate to Edit -> Plugins -> PyClassInformer.

Double-clicking any entry in the results navigates directly to the corresponding vftable address.

  1. Place pyclassinformer_plugin.py and the pyclassinformer folder into the plugins directory of your IDA user directory ($IDAUSR).
  2. Restart IDA Pro to load the plugin.
  • IDA Pro: Version 7.4 or later (tested on versions up to 9.1).
  • Python: Version 3.x (tested on Python 3.8 and 3.10).

PyClassInformer outputs detailed RTTI information, including Complete Object Locators (COL), Class Hierarchy Descriptors (CHD), and Base Class Descriptors (BCD).

It also visualizes class hierarchies in a tree-like structure, aiding reverse engineers in understanding complex inheritance relationships.

Compared to tools like Class Informer, PyClassInformer offers:

  • Library functionality for integration into custom Python scripts.
  • Additional data columns for better analysis of class layouts and hierarchies.

While it shares some similarities with SusanRTTI, PyClassInformer enhances usability by combining RTTI parsing with flexible data handling capabilities.

In summary, PyClassInformer is an invaluable tool for reverse engineers working with C++ binaries, offering both ease of use and powerful insights into object-oriented structures.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtoolsPyClassInformer
7 months ago

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

4 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

4 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

5 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

6 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

1 week ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

1 week ago