Ghidra: Improved C++ support
Is your feature request related to a problem? Please describe.
Working with C++ binaries is a pain. There's no way to automatically add vtables to a class, the best way involves creating a custom structure and adding all the vtable functions as members of the structure, and then setting a pointer to that structure in the class objects. In the decompiler, functions using the thiscall convention appear as called like normal functions (i.e. example(this) instead of this->example()). Binaries which use the C++ standard library (things like std::string, std::cout etc) are a pain to work with, since ghidra doesn't have a c++ standard library database (as it has a libc database). The try and catch sections are detected, but they appear as comments.
Describe the solution you'd like
- better class support, and more automation in detecting and using vtables
- better decompiler support, actually using C++ syntax instead of plain C
- try/catch in the decompiler (instead of comments)
- c++ standard library structure, class, function database
- template support would be nice to have
Describe alternatives you've considered
Additional context
I would be happy even with partial support (for example, automating some of the vtable stuff so I don't have to waste time defining structures).
There is a 3rd party plugin called OOAnalyzer which does some of this stuff.
chibicitiberiu
All 3 comments
Also this one by @astrelsky looks really promising!
Piruzzolo
on 26 Sep 2019
Also this one by @astrelsky looks really promising!
I had actually commented on this with it linked twice but deleted them both because I felt like I was just advertising it. There are a ton of problems with it mainly stemming from the fact it was the first thing I ever wrote in java or have used any sort of polymorphism. The visual studio binary support is really shady at the moment but can be used as a reference. I would like to have some of it put into ghidra, mainly the ClassTypeInfo interface and the GccRttiAnalyzer since they are fully functional. The only reason I haven't submitted a pr is because some of it is still unclean and the tests aren't complete. I don't want to submit something of that scale without tests and with the fall semester having started unfortunately I have a very minimal amount of free time to work on it.
astrelsky
on 26 Sep 2019
I agree Decompiling c++ makes shady c output ... for vtable i creat an array of pointer by hand witch time consuming and script automation can lead to false positive... also c++ runtime type are helpful if in standard ghidra data package ...
pabx06
on 28 Aug 2020
Related issues
dalvarezperez
路
19Comments
0x6d696368
路
17Comments
dw
路
20Comments
rszibele
路
35Comments
ghost
路
29Comments
Most helpful comment
I had actually commented on this with it linked twice but deleted them both because I felt like I was just advertising it. There are a ton of problems with it mainly stemming from the fact it was the first thing I ever wrote in java or have used any sort of polymorphism. The visual studio binary support is really shady at the moment but can be used as a reference. I would like to have some of it put into ghidra, mainly the ClassTypeInfo interface and the GccRttiAnalyzer since they are fully functional. The only reason I haven't submitted a pr is because some of it is still unclean and the tests aren't complete. I don't want to submit something of that scale without tests and with the fall semester having started unfortunately I have a very minimal amount of free time to work on it.