整理硬盘,找到以前写的辅助逆向qt5程序的小工具,尝试静态找出函数和属性的get/set地址。支持elf64,macho64,pe32,pe64。
由于编译器指令比较复杂,找到的virtual_address地址不一定正确(断点不到或者解析为0, 因为懒, superclass还没串起来)
不正确的情况下可尝试在类的static_metacall地址上下断点人肉再分析。(static_metacall地址应该比较准确)
例如分析ida.exe
./qt5classdump /Users/ye/work/tools/IDA_Pro_v7.0_Portable/ida.exe
输出
q5classdump 0.0.1, author : vmtest
for x86 x64 : elf64,macho64,pe32,pe64
//image_base 0x140000000
class DockArea{
//static_metacall dispatch:0x1401d4a80
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void docksClosed(QList<DockWidget*> list);
//virtual_address maybe:0x1402060c0
void dragOccurred();
private slots:
//virtual_address maybe:0x140008aa0
void hideDragArrowsTimeout();
//virtual_address maybe:0x14000ce30
void tabDragRequest(BaseDockWidget* widget);
}
class DockAreaDragTitle{
//static_metacall dispatch:0x1400443a0
}
class BaseDockWidget{
//static_metacall dispatch:0x1400443a0
}
class DockWidgetTitleButton{
//static_metacall dispatch:0x1400443a0
}
class DockWidgetTitle{
//static_metacall dispatch:0x1400443a0
}
class DockTabBar{
//static_metacall dispatch:0x1400443a0
}
class DockArrow{
//static_metacall dispatch:0x1400443a0
}
class DockArrowArea{
//static_metacall dispatch:0x1400443a0
}
class MainMsgList{
//static_metacall dispatch:0x1401d5450
public slots:
//virtual_address maybe:0x1400163f0
void append(QString text);
//virtual_address maybe:0x140209c78
void scrollToCursor();
private slots:
//virtual_address maybe:0x140016920
void form_activate();
//virtual_address maybe:0x140016930
void form_deactivate();
//get virtual_address maybe:0x1401d54f0
//set virtual_address maybe:0x1400163f0
QString append;
}
class IDAToolBar{
//static_metacall dispatch:0x1400443a0
}
class ConsoleWidget{
//static_metacall dispatch:0x1401d58f0
private slots:
//virtual_address maybe:0x0
bool form_activate();
//virtual_address maybe:0x0
bool form_deactivate();
//virtual_address maybe:0x14001ea80
bool form_help();
}
class IDAMainWindow{
//static_metacall dispatch:0x1401d5930
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void srcviewChanged(QWidget* to);
//virtual_address maybe:0x1401d5540
void caretBlinkIntervalChanged(int was,int now);
//virtual_address maybe:0x1402060c0
void beginTraceBufChange();
//virtual_address maybe:0x1402060c0
void endTraceBufChange();
public slots:
//virtual_address maybe:0x14001f7d0
bool make_full_screen(DockWidget* dock);
public slots:
//virtual_address maybe:0x14001f7d0
bool make_full_screen();
public slots:
//virtual_address maybe:0x14001f720
bool leave_full_screen();
//virtual_address maybe:0x0
bool is_full_screen();
//virtual_address maybe:0x14001e3d0
void execute_action(QString command);
//virtual_address maybe:0x140088ac0
void execute_current_action();
//virtual_address maybe:0x140088ce0
void execute_selected_plugin();
//virtual_address maybe:0x14001e3c0
void exec_requests();
//virtual_address maybe:0x1400c03b0
void run_debugger();
//virtual_address maybe:0x1400a3670
void attach_debugger();
//virtual_address maybe:0x1400443a0
void buyIDA();
private slots:
//virtual_address maybe:0x14001ea70
void focusChanged(QWidget* old,QWidget* now);
//virtual_address maybe:0x140129d90
void popup_operation_clicked();
//virtual_address maybe:0x14001b080
void console_widget_destroyed();
//virtual_address maybe:0x14001db60
void docksClosed(QList<DockWidget*> list);
//virtual_address maybe:0x140019ce0
void actionDestroyed(QObjectStar obj);
//virtual_address maybe:0x14001e410
void fileMenuToShow();
//virtual_address maybe:0x1400232a0
void toolBarsMenuToShow();
//virtual_address maybe:0x140023650
void windowsMenuToShow();
//virtual_address maybe:0x1400226c0
void returnMenuToShow();
//virtual_address maybe:0x140023430
void undoReturnMenuToShow();
//virtual_address maybe:0x140020c00
void openRecentFile(QString fileName);
//virtual_address maybe:0x140020b30
void navMenuClick();
//virtual_address maybe:0x140022ea0
void statusBarContextMenu(QPoint p);
//virtual_address maybe:0x140022e60
void statusBarAnalysisInd();
//virtual_address maybe:0x140020ef0
void procSpecAnalysisOptions();
//virtual_address maybe:0x14001d9f0
void displayHelp();
//virtual_address maybe:0x1400a0dc0
void ComboBoxDebuggersChanged();
//virtual_address maybe:0x140019ca0
void FlowChartLabelsClicked();
//virtual_address maybe:0x140023520
void viewSwitcherDisplayTimeout();
}
class ActionsInspector{
//static_metacall dispatch:0x1401d5e40
public slots:
//virtual_address maybe:0x140092010
bool shortcut_edited();
//virtual_address maybe:0x140091ae0
bool restore_clicked();
//virtual_address maybe:0x140091f00
bool set_clicked();
//virtual_address maybe:0x140091160
bool help_clicked();
//virtual_address maybe:0x140091900
bool reset_clicked();
//virtual_address maybe:0x140091c70
bool save_clicked();
//virtual_address maybe:0x1400922f0
void toggle_disabled_state_changed(int );
//virtual_address maybe:0x1400922d0
void toggle_conflicts_state_changed(int );
private slots:
//virtual_address maybe:0x0
void form_activate();
//virtual_address maybe:0x0
void form_deactivate();
}
class AbstractRenderer{
//static_metacall dispatch:0x1401d6140
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
bool modelLoaded();
}
class qobject_lifecycle_monitor_t{
//static_metacall dispatch:0x1401d6870
private slots:
//virtual_address maybe:0x0
bool onObjectDestroyed();
}
class caret_status_t{
//static_metacall dispatch:0x1401d6810
private slots:
//virtual_address maybe:0x14003d750
void onCaretBlinkIntervalChanged(int was,int new_interval);
}
class highlight_t{
//static_metacall dispatch:0x1401d6830
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
bool changed();
}
class CustomIDAMemo{
//static_metacall dispatch:0x1401d6620
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void placeChanged(const place_t* );
//virtual_address maybe:0x1402060c0
void cursorChanged();
//virtual_address maybe:0x1402060c0
void rendererChanged(tcc_renderer_type_t );
//virtual_address maybe:0x1402060c0
void resized();
private slots:
//virtual_address maybe:0x140042d70
void vertActionTriggered(int action);
//virtual_address maybe:0x14003ad70
void horizActionTriggered(int action);
//virtual_address maybe:0x14003d7c0
void traceBufChangeCompleted();
//virtual_address maybe:0x14003d7c0
void onHighlightChanged();
//virtual_address maybe:0x14003d7f0
void onSyncRequested();
public slots:
//virtual_address maybe:0x0
void on_layout_performed();
protected slots:
//virtual_address maybe:0x0
void form_activate();
//virtual_address maybe:0x0
void form_deactivate();
//virtual_address maybe:0x0
void form_help();
}
class IDAViewHost{
//static_metacall dispatch:0x1401d6c00
private slots:
//virtual_address maybe:0x14004aa10
void onSplitterMoved(int pos,int index);
//virtual_address maybe:0x14004aa20
void onViewFocusAcquired();
//virtual_address maybe:0x14004aa40
void onViewPlaceChanged(const place_t* p);
//virtual_address maybe:0x14004a9f0
void onRendererChanged(tcc_renderer_type_t rt);
//virtual_address maybe:0x0
void on_layout_performed();
}
class blinking_t{
//static_metacall dispatch:0x1401d72a0
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void blinkingChanged(bool state);
}
class graph_mouse_pos_t{
//static_metacall dispatch:0x1401d7310
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void mouseOverChanged(const selection_item_t* item);
}
class highlit_t{
//static_metacall dispatch:0x1401d7380
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
bool nodesChanged();
//virtual_address maybe:0x1402060c0
bool edgesChanged();
}
class CIMBridge{
//static_metacall dispatch:0x1401d7800
public slots:
//virtual_address maybe:0x14007d930
void customidamemo_renderer_changed(tcc_renderer_type_t );
//virtual_address maybe:0x14007d9a0
void graphrenderer_graph_layout_changed();
//virtual_address maybe:0x14007d990
void graphrenderer_gli_changed();
}
class GraphMiniView{
//static_metacall dispatch:0x1401d7830
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void availabilityUpdated(bool avail);
public slots:
//virtual_address maybe:0x14007e4e0
void traceBufChangeCompleted();
}
class uicontext_t{
//static_metacall dispatch:0x1400443a0
}
class TChooser{
//static_metacall dispatch:0x1401d7db0
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
bool focusNextSibling();
private slots:
//virtual_address maybe:0x1400e3e60
bool on_ok_clicked();
//virtual_address maybe:0x1400e3e80
bool on_search_clicked();
//virtual_address maybe:0x1400e54b0
void selectionChanged(QItemSelection selected);
//virtual_address maybe:0x1400e3480
void itemDoubleClicked(QModelIndex index);
//virtual_address maybe:0x1400e23a0
void form_activate();
//virtual_address maybe:0x1400e24c0
void form_deactivate();
//virtual_address maybe:0x1400e2500
void form_help();
//virtual_address maybe:0x1400e4840
void quick_filter_changed();
//virtual_address maybe:0x1400e4940
void quick_filter_reserved_key_press(QKeyEvent ke);
}
class TChooserItemDelegate{
//static_metacall dispatch:0x1400443a0
}
class TMyDialog{
//static_metacall dispatch:0x1401d81e0
private slots:
//virtual_address maybe:0x1400ee7c0
bool on_button_yes();
//virtual_address maybe:0x1400e98a0
void button_box_clicked(QAbstractButton* button);
//virtual_address maybe:0x1400eca80
void focus_previous_child();
//virtual_address maybe:0x1400eca70
void focus_next_child();
//virtual_address maybe:0x0
void form_activate();
//virtual_address maybe:0x0
void form_deactivate();
//virtual_address maybe:0x1400f11d0
void qtInputFieldChanged();
//virtual_address maybe:0x1400f0d30
void qtButtonClicked(int idx);
//virtual_address maybe:0x1400f0f50
void qtFileBtnClicked(int idx);
//virtual_address maybe:0x1400f0e80
void qtColorButtonClicked(int idx);
//virtual_address maybe:0x1400f0dc0
void qtChooserSelectionChanged();
//virtual_address maybe:0x1400f0ed0
void qtEditFieldChanged();
}
class EditContainer{
//static_metacall dispatch:0x1401d81d0
private slots:
//virtual_address maybe:0x0
bool cursor_changed();
}
class text_event_filter_t{
//static_metacall dispatch:0x1400443a0
}
class TextArrows{
//static_metacall dispatch:0x1401d8a00
private slots:
//virtual_address maybe:0x140155d60
bool onFlatModelLoaded();
}
class HintProvider{
//static_metacall dispatch:0x1400443a0
}
class ColorButtonView{
//static_metacall dispatch:0x1401d8dc0
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void colorChanged(QColor color);
}
class ColorButton{
//static_metacall dispatch:0x1401d8d20
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void colorChanged(QColor color);
private slots:
//virtual_address maybe:0x140160e10
void on_mainButton_clicked();
//virtual_address maybe:0x140160f10
void on_mainButton_colorChanged(QColor color);
//virtual_address maybe:0x140160fc0
void on_resetButton_clicked();
}
class FocusLabel{
//static_metacall dispatch:0x1401d9030
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
bool clicked();
//virtual_address maybe:0x1402060c0
bool hover();
public slots:
//virtual_address maybe:0x140161830
bool focusLabel();
//get virtual_address maybe:0x1401d8e50
QString associatedWidgetName;
}
class MVCComboBox{
//static_metacall dispatch:0x1400443a0
}
class MVCListView{
//static_metacall dispatch:0x1400443a0
}
class TNavBand{
//static_metacall dispatch:0x1401d9280
public slots:
//virtual_address maybe:0x140167300
bool refresh_all();
//virtual_address maybe:0x140168490
bool zoom_in();
//virtual_address maybe:0x1401684a0
bool zoom_out();
//virtual_address maybe:0x1401684b0
void zoom_scale(asize_t scale);
//virtual_address maybe:0x140167cc0
void scroll();
//virtual_address maybe:0x140165e30
void SbMouseDown();
//virtual_address maybe:0x140165e80
void SbMouseUp();
}
class FramedLabel{
//static_metacall dispatch:0x1400443a0
}
class BarDockWidget{
//static_metacall dispatch:0x1401d9940
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void dockStatusChanged(int );
private slots:
//virtual_address maybe:0x140183440
void dockAreaChanged(Qt::DockWidgetArea area);
//virtual_address maybe:0x1401834e0
void dockFloatingChanged();
}
class NoDockTitleBar{
//static_metacall dispatch:0x1400443a0
}
class TNavBox{
//static_metacall dispatch:0x1401d9ac0
protected slots:
//virtual_address maybe:0x0
bool form_activate();
//virtual_address maybe:0x0
bool form_deactivate();
private slots:
//virtual_address maybe:0x140184950
void dockChanged(int status);
//virtual_address maybe:0x140184790
void displayChanged(int index);
public slots:
//virtual_address maybe:0x140184530
void bandHint();
}
class SOStructsAndUnions{
//static_metacall dispatch:0x1401da420
private slots:
//virtual_address maybe:0x0
bool form_activate();
//virtual_address maybe:0x0
bool form_deactivate();
}
class SOTypeOffsets{
//static_metacall dispatch:0x1401da450
private slots:
//virtual_address maybe:0x0
bool form_activate();
//virtual_address maybe:0x0
bool form_deactivate();
}
class HexSpinBox{
//static_metacall dispatch:0x1400443a0
}
class IdaTableWidget{
//static_metacall dispatch:0x1401da640
public slots:
//virtual_address maybe:0x1401a1610
void show_popup(QPoint );
}
class TCallBox{
//static_metacall dispatch:0x1401da660
public slots:
//virtual_address maybe:0x1401a1340
bool callersHint();
//virtual_address maybe:0x1401a12f0
bool calleesHint();
//virtual_address maybe:0x1401a13c0
void itemActivated(QTableWidgetItem* item);
//virtual_address maybe:0x1400443a0
void form_activate();
//virtual_address maybe:0x1400443a0
void form_deactivate();
}
class TCustomIDAText{
//static_metacall dispatch:0x1401daa20
public slots:
//virtual_address maybe:0x1401a4070
bool hint();
}
class RegJumpButton{
//static_metacall dispatch:0x1400443a0
}
class RegValue{
//static_metacall dispatch:0x1400443a0
}
class TCpuRegs{
//static_metacall dispatch:0x1401da9f0
private slots:
//virtual_address maybe:0x0
bool form_activate();
//virtual_address maybe:0x0
bool form_deactivate();
//virtual_address maybe:0x1401a5bd0
void valueContextMenu(QPoint p);
public slots:
//virtual_address maybe:0x1401a4200
void jump_button_click();
}
class TNoteBox{
//static_metacall dispatch:0x1401dabd0
private slots:
//virtual_address maybe:0x1401a6e10
bool form_activate();
//virtual_address maybe:0x1401a6e60
bool form_deactivate();
//virtual_address maybe:0x1401a6e70
bool form_help();
//virtual_address maybe:0x1401a6b50
void custom_context_menu_requested(QPoint pos);
}
class CLIWidget{
//static_metacall dispatch:0x1401dad10
private slots:
//virtual_address maybe:0x1401a8eb0
bool switch_cli_clicked();
//virtual_address maybe:0x1401a7bc0
bool button_click();
//virtual_address maybe:0x1401a8030
void custom_context_menu_requested(QPoint pos);
//virtual_address maybe:0x0
void form_activate();
//virtual_address maybe:0x0
void form_deactivate();
public slots:
//virtual_address maybe:0x1401a7da0
void complete_click_fwd();
//virtual_address maybe:0x1401a7d80
void complete_click_back();
//virtual_address maybe:0x1401a8a60
void next_cli();
//virtual_address maybe:0x1401a8b80
void prev_cli();
//virtual_address maybe:0x1401a8c80
void set_current_as_default();
//virtual_address maybe:0x1401a8f00
void switch_to_default_cli();
//virtual_address maybe:0x1401a8530
void execute_click();
}
class IDADialog{
//static_metacall dispatch:0x1400443a0
}
class IDAFileDialog{
//static_metacall dispatch:0x1400443a0
}
class IDAColorDialog{
//static_metacall dispatch:0x1400443a0
}
class FixedFontDialog{
//static_metacall dispatch:0x1401db500
private slots:
//virtual_address maybe:0x1401b0750
void onFontSelected(QFont font);
//virtual_address maybe:0x1401b0660
void onDialogButtonClicked(QAbstractButton* button);
}
class HelpViewer{
//static_metacall dispatch:0x1401db650
private slots:
//virtual_address maybe:0x1401b09d0
void i_display_help(int id);
}
class PluginForm{
//static_metacall dispatch:0x1400443a0
public slots:
//virtual_address maybe:0x0
bool form_activate();
//virtual_address maybe:0x0
bool form_deactivate();
}
class SearchLineEdit{
//static_metacall dispatch:0x1401dbbd0
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void reserved_key_press(QKeyEvent ke);
//virtual_address maybe:0x1402060c0
void search_text_changed(QString txt);
//virtual_address maybe:0x1402060c0
void search_history_changed(QString txt);
private slots:
//virtual_address maybe:0x1401bf110
void text_changed(QString txt);
}
class SearchLineEditEx{
//static_metacall dispatch:0x1401dbd10
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
void reserved_key_press(QKeyEvent ke);
//virtual_address maybe:0x1402060c0
void filter_changed();
private slots:
//virtual_address maybe:0x1401be4f0
void on_reserved_key_press(QKeyEvent ke);
//virtual_address maybe:0x1401be690
void on_search_text_changed(QString txt);
//virtual_address maybe:0x1401be530
void on_search_history_changed(QString txt);
public slots:
//virtual_address maybe:0x1401becf0
void show_quick_filter();
//virtual_address maybe:0x1401be470
void hide_quick_filter();
}
class LineInfoWidget{
//static_metacall dispatch:0x1401dc060
private slots:
//virtual_address maybe:0x1401bf450
bool check_line_info_ranges();
//virtual_address maybe:0x1401bfd70
void on_cim_place_changed(const place_t* );
}
class CustomCodeViewer{
//static_metacall dispatch:0x1400443a0
}
class TextEdit{
//static_metacall dispatch:0x1401dc240
Q_SIGNALS:
//virtual_address maybe:0x1402060c0
bool acceptDialog();
//virtual_address maybe:0x1402060c0
bool focusNextSibling();
//virtual_address maybe:0x1402060c0
bool focusPreviousSibling();
//virtual_address maybe:0x1402060c0
bool textModified();
private slots:
//virtual_address maybe:0x1401c08d0
bool changedText();
//virtual_address maybe:0x1401c08e0
void contentsChanged(int pos,int removed,int added);
}
class TAddressDetailsContainer{
//static_metacall dispatch:0x1401dc550
public slots:
//virtual_address maybe:0x0
bool refresh();
}
class CollapsibleFrame{
//static_metacall dispatch:0x1401dc540
private slots:
//virtual_address maybe:0x0
bool changeState();
}
class TAddressDetails{
//static_metacall dispatch:0x1401dca30
private slots:
//virtual_address maybe:0x0
bool form_activate();
public slots:
//virtual_address maybe:0x1401c5ca0
void update(uint32 mask);
public slots:
//virtual_address maybe:0x1401c5ca0
void update();
}
class items_tree_model_t{
//static_metacall dispatch:0x1401dcdc0
public slots:
//virtual_address maybe:0x1401cbcf0
void onItemExpanded(QModelIndex parent);
}
class watch_view_t{
//static_metacall dispatch:0x1401dcde0
protected slots:
//virtual_address maybe:0x0
bool form_activate();
//virtual_address maybe:0x0
bool form_deactivate();
//virtual_address maybe:0x1401ca900
bool force_update_actions();
//virtual_address maybe:0x0
void currentChanged(QModelIndex current,QModelIndex previous);
private slots:
//virtual_address maybe:0x1401cbb30
void item_activated(QModelIndex index);
//virtual_address maybe:0x1401ce500
void srcview_changed(QWidget* to);
}
class IdaMenu{
//static_metacall dispatch:0x1400443a0
}
class QtSyntaxHighlighter{
//static_metacall dispatch:0x1400443a0
}
附件是mac的命令行程序, windows的待编译