search

astrelsky / Ghidra-Cpp-Class-Analyzer

Ghidra C++ Class and Run Time Type Information Analyzer
MIT License
633 stars 46 forks source link
class-analyzer ghidra ghidra-analyzer ghidra-extension ghidra-gcc-rtti ghidra-plugin reverse-engineering rtti-analyzer software-analysis

readme

Run tests Ghidra C++ Class and Run Time Type Information Analyzer

NOTICE

This project has reached its end of life and is no longer being maintained. Ghidra currently provides scripts for RTTI analysis and class reconstruction. These scripts should now be used and improved upon.

API Documentation

A fully built and linked version of the documentation is available at https://astrelsky.github.io/Ghidra-Cpp-Class-Analyzer.

Building

Run the following command in a terminal of your choice.

gradle buildExtension

Upon completion the output will be located in the dist folder.

Installation

Extract the archive to a destination folder of your choice. Launch ghidra and from the project manager go to file->Install Extensions... Click the + icon near the top right corner of the window. Select the the path of the extracted Ghidra-Cpp-Class-Analyzer folder and select OK. After restarting ghidra open the CodeBrowser and go to file->Configure...->Experimental and select ClassTypeInfoManagerPlugin. Restart the CodeBrowser to allow the analyzers to be refreshed.

Features

Supported Compilers

Inheritance Modeling via the Type Info Tree

Capture

Class Type Info Color Coding

#FFFF00 - Nested Class #28a745 - Basic Class #d73a49 - Abstract Class #0366d6 - Virtual Class #6f42c1 - Virtual Abstract Class

CppClassAnalyzerGhidraScript

Want to make a GhidraScript with easy access to the ClassTypeInfoManager for the currentProgram? Try extending the CppClassAnalyzerGhidraScript class instead of GhidraScript. Unfortunately this is currently only possible for scripts written in Java.

Fill Out Class Decompiler Action

Right clicking within the decompiler window in a __thiscall function with which a ClassTypeInfo exists will contain an action to fill out the class. It behaves similarly to the fill out structure action accept class members are determined via calls to other __thiscall functions.

Dynamic RTTI Handling

For GNU binaries a project archive will need to be created to provide data required for analysis. Each library containing dynamic RTTI will need to be analyzed and copied into the project archive via the TypeInfoTree prior to analyzing the program. In the future an archive wil be distributed for libstdc++.

TODO