qt5classdump, 辅助逆向qt5程序的小工具

辅助逆向qt5程序的小工具,尝试静态找出函数和属性的响应地址。支持elf64,macho64,pe32,pe64。
由于编译器指令比较复杂,找到的virtual_address地址不一定正确,不正确的情况下可尝试在类的static_metacall地址上下断点,人肉再分析。

例如分析ida.exe

./qt5classdump /Users/ye/work/tools/IDA_Pro_v7.0_Portable/ida.exe

输出

q5classdump 0.0.1, author : vmtest
for x86 x64 : elf64,macho64,pe32,pe64


//image_base 0x140000000


class DockArea{
    //static_metacall dispatch:0x1401d4a80
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void docksClosed(QList<DockWidget*> list);

    //virtual_address maybe:0x1402060c0
    void dragOccurred();

private slots:
    //virtual_address maybe:0x140008aa0
    void hideDragArrowsTimeout();

    //virtual_address maybe:0x14000ce30
    void tabDragRequest(BaseDockWidget* widget);

}

class DockAreaDragTitle{
    //static_metacall dispatch:0x1400443a0
}

class BaseDockWidget{
    //static_metacall dispatch:0x1400443a0
}

class DockWidgetTitleButton{
    //static_metacall dispatch:0x1400443a0
}

class DockWidgetTitle{
    //static_metacall dispatch:0x1400443a0
}

class DockTabBar{
    //static_metacall dispatch:0x1400443a0
}

class DockArrow{
    //static_metacall dispatch:0x1400443a0
}

class DockArrowArea{
    //static_metacall dispatch:0x1400443a0
}

class MainMsgList{
    //static_metacall dispatch:0x1401d5450
public slots:
    //virtual_address maybe:0x1400163f0
    void append(QString text);

    //virtual_address maybe:0x140209c78
    void scrollToCursor();

private slots:
    //virtual_address maybe:0x140016920
    void form_activate();

    //virtual_address maybe:0x140016930
    void form_deactivate();

    //get virtual_address maybe:0x1401d54f0
    //set virtual_address maybe:0x1400163f0
    QString append;

}

class IDAToolBar{
    //static_metacall dispatch:0x1400443a0
}

class ConsoleWidget{
    //static_metacall dispatch:0x1401d58f0
private slots:
    //virtual_address maybe:0x0
    bool form_activate();

    //virtual_address maybe:0x0
    bool form_deactivate();

    //virtual_address maybe:0x14001ea80
    bool form_help();

}

class IDAMainWindow{
    //static_metacall dispatch:0x1401d5930
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void srcviewChanged(QWidget* to);

    //virtual_address maybe:0x1401d5540
    void caretBlinkIntervalChanged(int was,int now);

    //virtual_address maybe:0x1402060c0
    void beginTraceBufChange();

    //virtual_address maybe:0x1402060c0
    void endTraceBufChange();

public slots:
    //virtual_address maybe:0x14001f7d0
    bool make_full_screen(DockWidget* dock);

public slots:
    //virtual_address maybe:0x14001f7d0
    bool make_full_screen();

public slots:
    //virtual_address maybe:0x14001f720
    bool leave_full_screen();

    //virtual_address maybe:0x0
    bool is_full_screen();

    //virtual_address maybe:0x14001e3d0
    void execute_action(QString command);

    //virtual_address maybe:0x140088ac0
    void execute_current_action();

    //virtual_address maybe:0x140088ce0
    void execute_selected_plugin();

    //virtual_address maybe:0x14001e3c0
    void exec_requests();

    //virtual_address maybe:0x1400c03b0
    void run_debugger();

    //virtual_address maybe:0x1400a3670
    void attach_debugger();

    //virtual_address maybe:0x1400443a0
    void buyIDA();

private slots:
    //virtual_address maybe:0x14001ea70
    void focusChanged(QWidget* old,QWidget* now);

    //virtual_address maybe:0x140129d90
    void popup_operation_clicked();

    //virtual_address maybe:0x14001b080
    void console_widget_destroyed();

    //virtual_address maybe:0x14001db60
    void docksClosed(QList<DockWidget*> list);

    //virtual_address maybe:0x140019ce0
    void actionDestroyed(QObjectStar obj);

    //virtual_address maybe:0x14001e410
    void fileMenuToShow();

    //virtual_address maybe:0x1400232a0
    void toolBarsMenuToShow();

    //virtual_address maybe:0x140023650
    void windowsMenuToShow();

    //virtual_address maybe:0x1400226c0
    void returnMenuToShow();

    //virtual_address maybe:0x140023430
    void undoReturnMenuToShow();

    //virtual_address maybe:0x140020c00
    void openRecentFile(QString fileName);

    //virtual_address maybe:0x140020b30
    void navMenuClick();

    //virtual_address maybe:0x140022ea0
    void statusBarContextMenu(QPoint p);

    //virtual_address maybe:0x140022e60
    void statusBarAnalysisInd();

    //virtual_address maybe:0x140020ef0
    void procSpecAnalysisOptions();

    //virtual_address maybe:0x14001d9f0
    void displayHelp();

    //virtual_address maybe:0x1400a0dc0
    void ComboBoxDebuggersChanged();

    //virtual_address maybe:0x140019ca0
    void FlowChartLabelsClicked();

    //virtual_address maybe:0x140023520
    void viewSwitcherDisplayTimeout();

}

class ActionsInspector{
    //static_metacall dispatch:0x1401d5e40
public slots:
    //virtual_address maybe:0x140092010
    bool shortcut_edited();

    //virtual_address maybe:0x140091ae0
    bool restore_clicked();

    //virtual_address maybe:0x140091f00
    bool set_clicked();

    //virtual_address maybe:0x140091160
    bool help_clicked();

    //virtual_address maybe:0x140091900
    bool reset_clicked();

    //virtual_address maybe:0x140091c70
    bool save_clicked();

    //virtual_address maybe:0x1400922f0
    void toggle_disabled_state_changed(int );

    //virtual_address maybe:0x1400922d0
    void toggle_conflicts_state_changed(int );

private slots:
    //virtual_address maybe:0x0
    void form_activate();

    //virtual_address maybe:0x0
    void form_deactivate();

}

class AbstractRenderer{
    //static_metacall dispatch:0x1401d6140
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    bool modelLoaded();

}

class qobject_lifecycle_monitor_t{
    //static_metacall dispatch:0x1401d6870
private slots:
    //virtual_address maybe:0x0
    bool onObjectDestroyed();

}

class caret_status_t{
    //static_metacall dispatch:0x1401d6810
private slots:
    //virtual_address maybe:0x14003d750
    void onCaretBlinkIntervalChanged(int was,int new_interval);

}

class highlight_t{
    //static_metacall dispatch:0x1401d6830
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    bool changed();

}

class CustomIDAMemo{
    //static_metacall dispatch:0x1401d6620
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void placeChanged(const place_t* );

    //virtual_address maybe:0x1402060c0
    void cursorChanged();

    //virtual_address maybe:0x1402060c0
    void rendererChanged(tcc_renderer_type_t );

    //virtual_address maybe:0x1402060c0
    void resized();

private slots:
    //virtual_address maybe:0x140042d70
    void vertActionTriggered(int action);

    //virtual_address maybe:0x14003ad70
    void horizActionTriggered(int action);

    //virtual_address maybe:0x14003d7c0
    void traceBufChangeCompleted();

    //virtual_address maybe:0x14003d7c0
    void onHighlightChanged();

    //virtual_address maybe:0x14003d7f0
    void onSyncRequested();

public slots:
    //virtual_address maybe:0x0
    void on_layout_performed();

protected slots:
    //virtual_address maybe:0x0
    void form_activate();

    //virtual_address maybe:0x0
    void form_deactivate();

    //virtual_address maybe:0x0
    void form_help();

}

class IDAViewHost{
    //static_metacall dispatch:0x1401d6c00
private slots:
    //virtual_address maybe:0x14004aa10
    void onSplitterMoved(int pos,int index);

    //virtual_address maybe:0x14004aa20
    void onViewFocusAcquired();

    //virtual_address maybe:0x14004aa40
    void onViewPlaceChanged(const place_t* p);

    //virtual_address maybe:0x14004a9f0
    void onRendererChanged(tcc_renderer_type_t rt);

    //virtual_address maybe:0x0
    void on_layout_performed();

}

class blinking_t{
    //static_metacall dispatch:0x1401d72a0
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void blinkingChanged(bool state);

}

class graph_mouse_pos_t{
    //static_metacall dispatch:0x1401d7310
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void mouseOverChanged(const selection_item_t* item);

}

class highlit_t{
    //static_metacall dispatch:0x1401d7380
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    bool nodesChanged();

    //virtual_address maybe:0x1402060c0
    bool edgesChanged();

}

class CIMBridge{
    //static_metacall dispatch:0x1401d7800
public slots:
    //virtual_address maybe:0x14007d930
    void customidamemo_renderer_changed(tcc_renderer_type_t );

    //virtual_address maybe:0x14007d9a0
    void graphrenderer_graph_layout_changed();

    //virtual_address maybe:0x14007d990
    void graphrenderer_gli_changed();

}

class GraphMiniView{
    //static_metacall dispatch:0x1401d7830
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void availabilityUpdated(bool avail);

public slots:
    //virtual_address maybe:0x14007e4e0
    void traceBufChangeCompleted();

}

class uicontext_t{
    //static_metacall dispatch:0x1400443a0
}

class TChooser{
    //static_metacall dispatch:0x1401d7db0
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    bool focusNextSibling();

private slots:
    //virtual_address maybe:0x1400e3e60
    bool on_ok_clicked();

    //virtual_address maybe:0x1400e3e80
    bool on_search_clicked();

    //virtual_address maybe:0x1400e54b0
    void selectionChanged(QItemSelection selected);

    //virtual_address maybe:0x1400e3480
    void itemDoubleClicked(QModelIndex index);

    //virtual_address maybe:0x1400e23a0
    void form_activate();

    //virtual_address maybe:0x1400e24c0
    void form_deactivate();

    //virtual_address maybe:0x1400e2500
    void form_help();

    //virtual_address maybe:0x1400e4840
    void quick_filter_changed();

    //virtual_address maybe:0x1400e4940
    void quick_filter_reserved_key_press(QKeyEvent ke);

}

class TChooserItemDelegate{
    //static_metacall dispatch:0x1400443a0
}

class TMyDialog{
    //static_metacall dispatch:0x1401d81e0
private slots:
    //virtual_address maybe:0x1400ee7c0
    bool on_button_yes();

    //virtual_address maybe:0x1400e98a0
    void button_box_clicked(QAbstractButton* button);

    //virtual_address maybe:0x1400eca80
    void focus_previous_child();

    //virtual_address maybe:0x1400eca70
    void focus_next_child();

    //virtual_address maybe:0x0
    void form_activate();

    //virtual_address maybe:0x0
    void form_deactivate();

    //virtual_address maybe:0x1400f11d0
    void qtInputFieldChanged();

    //virtual_address maybe:0x1400f0d30
    void qtButtonClicked(int idx);

    //virtual_address maybe:0x1400f0f50
    void qtFileBtnClicked(int idx);

    //virtual_address maybe:0x1400f0e80
    void qtColorButtonClicked(int idx);

    //virtual_address maybe:0x1400f0dc0
    void qtChooserSelectionChanged();

    //virtual_address maybe:0x1400f0ed0
    void qtEditFieldChanged();

}

class EditContainer{
    //static_metacall dispatch:0x1401d81d0
private slots:
    //virtual_address maybe:0x0
    bool cursor_changed();

}

class text_event_filter_t{
    //static_metacall dispatch:0x1400443a0
}

class TextArrows{
    //static_metacall dispatch:0x1401d8a00
private slots:
    //virtual_address maybe:0x140155d60
    bool onFlatModelLoaded();

}

class HintProvider{
    //static_metacall dispatch:0x1400443a0
}

class ColorButtonView{
    //static_metacall dispatch:0x1401d8dc0
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void colorChanged(QColor color);

}

class ColorButton{
    //static_metacall dispatch:0x1401d8d20
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void colorChanged(QColor color);

private slots:
    //virtual_address maybe:0x140160e10
    void on_mainButton_clicked();

    //virtual_address maybe:0x140160f10
    void on_mainButton_colorChanged(QColor color);

    //virtual_address maybe:0x140160fc0
    void on_resetButton_clicked();

}

class FocusLabel{
    //static_metacall dispatch:0x1401d9030
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    bool clicked();

    //virtual_address maybe:0x1402060c0
    bool hover();

public slots:
    //virtual_address maybe:0x140161830
    bool focusLabel();

    //get virtual_address maybe:0x1401d8e50
    QString associatedWidgetName;

}

class MVCComboBox{
    //static_metacall dispatch:0x1400443a0
}

class MVCListView{
    //static_metacall dispatch:0x1400443a0
}

class TNavBand{
    //static_metacall dispatch:0x1401d9280
public slots:
    //virtual_address maybe:0x140167300
    bool refresh_all();

    //virtual_address maybe:0x140168490
    bool zoom_in();

    //virtual_address maybe:0x1401684a0
    bool zoom_out();

    //virtual_address maybe:0x1401684b0
    void zoom_scale(asize_t scale);

    //virtual_address maybe:0x140167cc0
    void scroll();

    //virtual_address maybe:0x140165e30
    void SbMouseDown();

    //virtual_address maybe:0x140165e80
    void SbMouseUp();

}

class FramedLabel{
    //static_metacall dispatch:0x1400443a0
}

class BarDockWidget{
    //static_metacall dispatch:0x1401d9940
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void dockStatusChanged(int );

private slots:
    //virtual_address maybe:0x140183440
    void dockAreaChanged(Qt::DockWidgetArea area);

    //virtual_address maybe:0x1401834e0
    void dockFloatingChanged();

}

class NoDockTitleBar{
    //static_metacall dispatch:0x1400443a0
}

class TNavBox{
    //static_metacall dispatch:0x1401d9ac0
protected slots:
    //virtual_address maybe:0x0
    bool form_activate();

    //virtual_address maybe:0x0
    bool form_deactivate();

private slots:
    //virtual_address maybe:0x140184950
    void dockChanged(int status);

    //virtual_address maybe:0x140184790
    void displayChanged(int index);

public slots:
    //virtual_address maybe:0x140184530
    void bandHint();

}

class SOStructsAndUnions{
    //static_metacall dispatch:0x1401da420
private slots:
    //virtual_address maybe:0x0
    bool form_activate();

    //virtual_address maybe:0x0
    bool form_deactivate();

}

class SOTypeOffsets{
    //static_metacall dispatch:0x1401da450
private slots:
    //virtual_address maybe:0x0
    bool form_activate();

    //virtual_address maybe:0x0
    bool form_deactivate();

}

class HexSpinBox{
    //static_metacall dispatch:0x1400443a0
}

class IdaTableWidget{
    //static_metacall dispatch:0x1401da640
public slots:
    //virtual_address maybe:0x1401a1610
    void show_popup(QPoint );

}

class TCallBox{
    //static_metacall dispatch:0x1401da660
public slots:
    //virtual_address maybe:0x1401a1340
    bool callersHint();

    //virtual_address maybe:0x1401a12f0
    bool calleesHint();

    //virtual_address maybe:0x1401a13c0
    void itemActivated(QTableWidgetItem* item);

    //virtual_address maybe:0x1400443a0
    void form_activate();

    //virtual_address maybe:0x1400443a0
    void form_deactivate();

}

class TCustomIDAText{
    //static_metacall dispatch:0x1401daa20
public slots:
    //virtual_address maybe:0x1401a4070
    bool hint();

}

class RegJumpButton{
    //static_metacall dispatch:0x1400443a0
}

class RegValue{
    //static_metacall dispatch:0x1400443a0
}

class TCpuRegs{
    //static_metacall dispatch:0x1401da9f0
private slots:
    //virtual_address maybe:0x0
    bool form_activate();

    //virtual_address maybe:0x0
    bool form_deactivate();

    //virtual_address maybe:0x1401a5bd0
    void valueContextMenu(QPoint p);

public slots:
    //virtual_address maybe:0x1401a4200
    void jump_button_click();

}

class TNoteBox{
    //static_metacall dispatch:0x1401dabd0
private slots:
    //virtual_address maybe:0x1401a6e10
    bool form_activate();

    //virtual_address maybe:0x1401a6e60
    bool form_deactivate();

    //virtual_address maybe:0x1401a6e70
    bool form_help();

    //virtual_address maybe:0x1401a6b50
    void custom_context_menu_requested(QPoint pos);

}

class CLIWidget{
    //static_metacall dispatch:0x1401dad10
private slots:
    //virtual_address maybe:0x1401a8eb0
    bool switch_cli_clicked();

    //virtual_address maybe:0x1401a7bc0
    bool button_click();

    //virtual_address maybe:0x1401a8030
    void custom_context_menu_requested(QPoint pos);

    //virtual_address maybe:0x0
    void form_activate();

    //virtual_address maybe:0x0
    void form_deactivate();

public slots:
    //virtual_address maybe:0x1401a7da0
    void complete_click_fwd();

    //virtual_address maybe:0x1401a7d80
    void complete_click_back();

    //virtual_address maybe:0x1401a8a60
    void next_cli();

    //virtual_address maybe:0x1401a8b80
    void prev_cli();

    //virtual_address maybe:0x1401a8c80
    void set_current_as_default();

    //virtual_address maybe:0x1401a8f00
    void switch_to_default_cli();

    //virtual_address maybe:0x1401a8530
    void execute_click();

}

class IDADialog{
    //static_metacall dispatch:0x1400443a0
}

class IDAFileDialog{
    //static_metacall dispatch:0x1400443a0
}

class IDAColorDialog{
    //static_metacall dispatch:0x1400443a0
}

class FixedFontDialog{
    //static_metacall dispatch:0x1401db500
private slots:
    //virtual_address maybe:0x1401b0750
    void onFontSelected(QFont font);

    //virtual_address maybe:0x1401b0660
    void onDialogButtonClicked(QAbstractButton* button);

}

class HelpViewer{
    //static_metacall dispatch:0x1401db650
private slots:
    //virtual_address maybe:0x1401b09d0
    void i_display_help(int id);

}

class PluginForm{
    //static_metacall dispatch:0x1400443a0
public slots:
    //virtual_address maybe:0x0
    bool form_activate();

    //virtual_address maybe:0x0
    bool form_deactivate();

}

class SearchLineEdit{
    //static_metacall dispatch:0x1401dbbd0
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void reserved_key_press(QKeyEvent ke);

    //virtual_address maybe:0x1402060c0
    void search_text_changed(QString txt);

    //virtual_address maybe:0x1402060c0
    void search_history_changed(QString txt);

private slots:
    //virtual_address maybe:0x1401bf110
    void text_changed(QString txt);

}

class SearchLineEditEx{
    //static_metacall dispatch:0x1401dbd10
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    void reserved_key_press(QKeyEvent ke);

    //virtual_address maybe:0x1402060c0
    void filter_changed();

private slots:
    //virtual_address maybe:0x1401be4f0
    void on_reserved_key_press(QKeyEvent ke);

    //virtual_address maybe:0x1401be690
    void on_search_text_changed(QString txt);

    //virtual_address maybe:0x1401be530
    void on_search_history_changed(QString txt);

public slots:
    //virtual_address maybe:0x1401becf0
    void show_quick_filter();

    //virtual_address maybe:0x1401be470
    void hide_quick_filter();

}

class LineInfoWidget{
    //static_metacall dispatch:0x1401dc060
private slots:
    //virtual_address maybe:0x1401bf450
    bool check_line_info_ranges();

    //virtual_address maybe:0x1401bfd70
    void on_cim_place_changed(const place_t* );

}

class CustomCodeViewer{
    //static_metacall dispatch:0x1400443a0
}

class TextEdit{
    //static_metacall dispatch:0x1401dc240
Q_SIGNALS:
    //virtual_address maybe:0x1402060c0
    bool acceptDialog();

    //virtual_address maybe:0x1402060c0
    bool focusNextSibling();

    //virtual_address maybe:0x1402060c0
    bool focusPreviousSibling();

    //virtual_address maybe:0x1402060c0
    bool textModified();

private slots:
    //virtual_address maybe:0x1401c08d0
    bool changedText();

    //virtual_address maybe:0x1401c08e0
    void contentsChanged(int pos,int removed,int added);

}

class TAddressDetailsContainer{
    //static_metacall dispatch:0x1401dc550
public slots:
    //virtual_address maybe:0x0
    bool refresh();

}

class CollapsibleFrame{
    //static_metacall dispatch:0x1401dc540
private slots:
    //virtual_address maybe:0x0
    bool changeState();

}

class TAddressDetails{
    //static_metacall dispatch:0x1401dca30
private slots:
    //virtual_address maybe:0x0
    bool form_activate();

public slots:
    //virtual_address maybe:0x1401c5ca0
    void update(uint32 mask);

public slots:
    //virtual_address maybe:0x1401c5ca0
    void update();

}

class items_tree_model_t{
    //static_metacall dispatch:0x1401dcdc0
public slots:
    //virtual_address maybe:0x1401cbcf0
    void onItemExpanded(QModelIndex parent);

}

class watch_view_t{
    //static_metacall dispatch:0x1401dcde0
protected slots:
    //virtual_address maybe:0x0
    bool form_activate();

    //virtual_address maybe:0x0
    bool form_deactivate();

    //virtual_address maybe:0x1401ca900
    bool force_update_actions();

    //virtual_address maybe:0x0
    void currentChanged(QModelIndex current,QModelIndex previous);

private slots:
    //virtual_address maybe:0x1401cbb30
    void item_activated(QModelIndex index);

    //virtual_address maybe:0x1401ce500
    void srcview_changed(QWidget* to);

}

class IdaMenu{
    //static_metacall dispatch:0x1400443a0
}

class QtSyntaxHighlighter{
    //static_metacall dispatch:0x1400443a0
}

附件是mac的命令行程序, windows的待编译

上一篇:Superset入坑之cannot import name '_maybe_box_datetimelike'


下一篇:关于electron中入口文件main.js一些重要参数(持续更新maybe)