Archive for the ‘REtypedef – Reverse typedef substitution for IDA Pro’ Category


Author: athre0z

REtypedef is an IDA PRO plugin that allows definition of custom substitutions for function names. It comes with a default ruleset providing substitutions for many common STL types. If you ever reversed software that makes heavy use of STL classes, you can probably figure out why you would need such a plugin.

Without REtypedef:

.text:0040142E ; =============== S U B R O U T I N E =======================================
.text:0040142E
.text:0040142E ; Attributes: thunk
.text:0040142E
.text:0040142E public: void __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::swap(class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> &) proc near
.text:0040142E
.text:0040142E _Right          = dword ptr  4
.text:0040142E
.text:0040142E                 jmp     std::basic_string<char,std::char_traits<char>,std::allocator<char>>::swap(std::basic_string<char,std::char_traits<char>,std::allocator<char>> &)
.text:0040142E public: void __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::swap(class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> &) endp
.text:0040142E
.text:00401433
.text:00401433 ; =============== S U B R O U T I N E =======================================
.text:00401433
.text:00401433 ; Attributes: thunk
.text:00401433
.text:00401433 public: class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> & __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::insert(unsigned int, class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> const &) proc near
.text:00401433
.text:00401433 _Off            = dword ptr  4
.text:00401433 _Right          = dword ptr  8
.text:00401433
.text:00401433                 jmp     std::basic_string<char,std::char_traits<char>,std::allocator<char>>::insert(uint,std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &)
.text:00401433 public: class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> & __thiscall std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::insert(unsigned int, class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>> const &) endp

With REtypedef:

.text:0040142E ; =============== S U B R O U T I N E =======================================
.text:0040142E
.text:0040142E ; Attributes: thunk
.text:0040142E
.text:0040142E public: void __thiscall std::string::swap(class std::string &) proc near
.text:0040142E
.text:0040142E _Right          = dword ptr  4
.text:0040142E
.text:0040142E                 jmp     std::string::swap(std::string &)
.text:0040142E public: void __thiscall std::string::swap(class std::string &) endp
.text:0040142E
.text:00401433
.text:00401433 ; =============== S U B R O U T I N E =======================================
.text:00401433
.text:00401433 ; Attributes: thunk
.text:00401433
.text:00401433 public: class std::string & __thiscall std::string::insert(unsigned int, class std::string const &) proc near
.text:00401433
.text:00401433 _Off            = dword ptr  4
.text:00401433 _Right          = dword ptr  8
.text:00401433
.text:00401433                 jmp     std::string::insert(uint,std::string const &)
.text:00401433 public: class std::string & __thiscall std::string::insert(unsigned int, class std::string const &) endp

Custom rules can be defined at “Options/Edit name substitutions…”.

Latest binary release (IDA 6.1 – 6.6 Windows): https://github.com/athre0z/REtypedef/releases/latest

Advertisements