逆向工程 C++ - 最好的工具和方法
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4262194/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Reverse engineering C++ - best tools and approach
提问by Olav
I am sorry- C++ source code can be seen as implementation of a design, and with reverse-engineeringI mean getting the design back. It seems most of you have read it as getting C++ source from binaries. I have posted a more precise question at Understanding a C++ codebase by generating UML - tools&methology
对不起- C++ 源代码可以被视为设计的实现,而逆向工程我的意思是让设计回来。似乎你们中的大多数人都把它读为从二进制文件中获取 C++ 源代码。我在通过生成 UML 了解 C++ 代码库发布了一个更精确的问题- 工具和方法
I think there are many tools that can reverse-engineer C++ (source-code), but usually it is not so easy to make sense of what you get out.
我认为有很多工具可以对 C++(源代码)进行逆向工程,但通常要理解你得到的东西并不容易。
Have somebody found a good methodology?
有人找到了一个好的方法吗?
I think one of the things I might want to see for example is the GUI-layer and how it is separated (or not from the rest). Think the tools should somehow detect packages, and then let me manually organize it.
例如,我认为我可能希望看到的一件事是 GUI 层以及它是如何分离的(或不与其他层分离)。认为工具应该以某种方式检测包,然后让我手动组织它。
回答by John Dibling
To my knowledge, there are no reliable tools that can reverse-engineer compiled C++.
据我所知,没有可靠的工具可以对已编译的 C++ 进行逆向工程。
Moreover, I think it should be near impossible to construct such a device. A compiled C++ program becomes nothing more than machine language instructions. In order to kn ow how that's mapped to C++ constructs, you need to know the compiler, compiler settings, libraries included, etc ad infinitum.
此外,我认为构建这样的设备几乎是不可能的。编译后的 C++ 程序只不过是机器语言指令。为了知道它是如何映射到 C++ 构造的,您需要无限地了解编译器、编译器设置、包含的库等。
Why do you want such a thing? Depending on what you want it for, there may be other ways to accomplish what you're really after.
你为什么要这样的东西?根据您想要它的目的,可能还有其他方法可以完成您真正想要的。
回答by nate c
You can pull control flow with dissembly but you will never get data types back...
你可以用 dissembly 拉控制流,但你永远不会得到数据类型......
There are only integers (and maybe some shorts) in assembly. Think about objects, arrays, structs, strings, and pointer arithmetic all being the same type!
汇编中只有整数(可能还有一些短裤)。想想对象、数组、结构、字符串和指针算术都是相同的类型!
回答by Evan Teran
While it isn't a complete solution. You should look into IDA Proand Hexrays.
虽然它不是一个完整的解决方案。你应该看看IDA Pro和Hexrays。
It is more for "reverse engineering" in the traditional sense of the phrase. As in, it will give you a good enough idea of what the code would look like in a C like language, but will not (cannot) provide fully functioning source code.
它更像是传统意义上的“逆向工程”。如在,它会让您对代码在类似 C 的语言中的外观有足够的了解,但不会(不能)提供功能齐全的源代码。
What it is good for, is getting a good understanding of how a particular segment (usually a function) works. It is "user assisted", meaning that it will often do a lot of dereferences of offsets when there is a really a struct or class. At which point, you can supply the decompiler with a struct definition (classes are really just structs with extra things like v-tables and such) and it will reanalyze the code with the new type information.
它的好处是可以很好地了解特定段(通常是函数)的工作方式。它是“用户辅助的”,这意味着当确实存在结构或类时,它通常会取消对偏移量的大量引用。此时,您可以为反编译器提供结构定义(类实际上只是具有 v-table 等额外内容的结构),它将使用新类型信息重新分析代码。
Like I said, it isn't perfect, but if you want to do "reverse engineering" it is the best solution I am aware of. If you want full "decompilation" then you are pretty much out of luck.
就像我说的,它并不完美,但如果你想做“逆向工程”,它是我所知道的最好的解决方案。如果你想要完整的“反编译”,那么你就很不走运了。
回答by user3230547
The OovAide project at http://sourceforge.net/projects/oovaide/or on github has a few features that may help. It uses the CLang compiler for retrieving accurate information from the source code. It scans the directories looking for source code, and collects the information into a smaller dataset that contains the information needed for analysis.
http://sourceforge.net/projects/oovaide/或 github 上的 OovAide 项目有一些可能会有所帮助的功能。它使用 CLang 编译器从源代码中检索准确的信息。它扫描目录以查找源代码,并将信息收集到包含分析所需信息的较小数据集中。
One concept is called Zone Diagrams. It shows relationships between classes at a very high level since each class as shown as a dot on the diagram, and relationship lines are shown connecting them. This allows the diagrams to show hundreds or thousands of classes. The OovAide program zone diagram display has an option call "Show Child Zones", which groups the classes that are within directories closer to each other. There are also directory filters, which allow reducing the number of classes shown on a diagram for very large projects. An example of zone diagrams and how they work is shown here: http://oovaide.sourceforge.net/articles/ZoneDiagrams.html
一种概念称为区域图。它在非常高的层次上显示了类之间的关系,因为每个类在图表上显示为一个点,并且显示了连接它们的关系线。这允许图表显示成百上千个类。OovAide 程序区域图显示有一个名为“显示子区域”的选项,它将目录中的类分组到彼此较近的目录中。还有目录过滤器,它允许减少非常大的项目图表上显示的类的数量。区域图示例及其工作原理如下所示:http: //oovaide.sourceforge.net/articles/ZoneDiagrams.html
If the directories are assigned component types in the build settings, then the component diagram will show the dependencies between components. This even shows which components are dependent on external components such as GTK, or other external libraries.
如果在构建设置中为目录分配了组件类型,则组件图将显示组件之间的依赖关系。这甚至可以显示哪些组件依赖于外部组件,例如 GTK 或其他外部库。
The next level down shows something like UML class diagrams, but shows all relations instead of just aggregation and inheritance. It can show classes that are used within methods, or classes that are passed as parameters to methods. Any class can be chosen as a starting point, then before a class is added the diagram, a list is displayed that allows viewing which classes will be displayed by a relationship type.
下一层显示类似于 UML 类图的内容,但显示所有关系,而不仅仅是聚合和继承。它可以显示在方法中使用的类,或作为参数传递给方法的类。可以选择任何类作为起点,然后在将类添加到图表之前,会显示一个列表,允许查看关系类型将显示哪些类。
The lowest level shows sequence diagrams. This allows navigating up or down the call tree while showing the classes that contain the methods.
最低层显示序列图。这允许在显示包含方法的类的同时向上或向下导航调用树。
