qt5classdump, 辅助逆向qt5程序的小工具

整理硬盘,找到以前写的辅助逆向qt5程序的小工具,尝试静态找出函数和属性的get/set地址。支持elf64,macho64,pe32,pe64。
由于编译器指令比较复杂,找到的virtual_address地址不一定正确(断点不到或者解析为0, 因为懒, superclass还没串起来)
不正确的情况下可尝试在类的static_metacall地址上下断点人肉再分析。(static_metacall地址应该比较准确)

例如分析ida.exe

./qt5classdump /Users/ye/work/tools/IDA_Pro_v7.0_Portable/ida.exe

输出

q5classdump 0.0.1, author : vmtest
for x86 x64 : elf64,macho64,pe32,pe64


//image_base 0x140000000


class DockArea{
	//static_metacall dispatch:0x1401d4a80
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void docksClosed(QList<DockWidget*> list);

	//virtual_address maybe:0x1402060c0
 	void dragOccurred();

private slots:
	//virtual_address maybe:0x140008aa0
 	void hideDragArrowsTimeout();

	//virtual_address maybe:0x14000ce30
 	void tabDragRequest(BaseDockWidget* widget);

}

class DockAreaDragTitle{
	//static_metacall dispatch:0x1400443a0
}

class BaseDockWidget{
	//static_metacall dispatch:0x1400443a0
}

class DockWidgetTitleButton{
	//static_metacall dispatch:0x1400443a0
}

class DockWidgetTitle{
	//static_metacall dispatch:0x1400443a0
}

class DockTabBar{
	//static_metacall dispatch:0x1400443a0
}

class DockArrow{
	//static_metacall dispatch:0x1400443a0
}

class DockArrowArea{
	//static_metacall dispatch:0x1400443a0
}

class MainMsgList{
	//static_metacall dispatch:0x1401d5450
public slots:
	//virtual_address maybe:0x1400163f0
 	void append(QString text);

	//virtual_address maybe:0x140209c78
 	void scrollToCursor();

private slots:
	//virtual_address maybe:0x140016920
 	void form_activate();

	//virtual_address maybe:0x140016930
 	void form_deactivate();

	//get virtual_address maybe:0x1401d54f0
 	//set virtual_address maybe:0x1400163f0
 	QString append;

}

class IDAToolBar{
	//static_metacall dispatch:0x1400443a0
}

class ConsoleWidget{
	//static_metacall dispatch:0x1401d58f0
private slots:
	//virtual_address maybe:0x0
 	bool form_activate();

	//virtual_address maybe:0x0
 	bool form_deactivate();

	//virtual_address maybe:0x14001ea80
 	bool form_help();

}

class IDAMainWindow{
	//static_metacall dispatch:0x1401d5930
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void srcviewChanged(QWidget* to);

	//virtual_address maybe:0x1401d5540
 	void caretBlinkIntervalChanged(int was,int now);

	//virtual_address maybe:0x1402060c0
 	void beginTraceBufChange();

	//virtual_address maybe:0x1402060c0
 	void endTraceBufChange();

public slots:
	//virtual_address maybe:0x14001f7d0
 	bool make_full_screen(DockWidget* dock);

public slots:
	//virtual_address maybe:0x14001f7d0
 	bool make_full_screen();

public slots:
	//virtual_address maybe:0x14001f720
 	bool leave_full_screen();

	//virtual_address maybe:0x0
 	bool is_full_screen();

	//virtual_address maybe:0x14001e3d0
 	void execute_action(QString command);

	//virtual_address maybe:0x140088ac0
 	void execute_current_action();

	//virtual_address maybe:0x140088ce0
 	void execute_selected_plugin();

	//virtual_address maybe:0x14001e3c0
 	void exec_requests();

	//virtual_address maybe:0x1400c03b0
 	void run_debugger();

	//virtual_address maybe:0x1400a3670
 	void attach_debugger();

	//virtual_address maybe:0x1400443a0
 	void buyIDA();

private slots:
	//virtual_address maybe:0x14001ea70
 	void focusChanged(QWidget* old,QWidget* now);

	//virtual_address maybe:0x140129d90
 	void popup_operation_clicked();

	//virtual_address maybe:0x14001b080
 	void console_widget_destroyed();

	//virtual_address maybe:0x14001db60
 	void docksClosed(QList<DockWidget*> list);

	//virtual_address maybe:0x140019ce0
 	void actionDestroyed(QObjectStar obj);

	//virtual_address maybe:0x14001e410
 	void fileMenuToShow();

	//virtual_address maybe:0x1400232a0
 	void toolBarsMenuToShow();

	//virtual_address maybe:0x140023650
 	void windowsMenuToShow();

	//virtual_address maybe:0x1400226c0
 	void returnMenuToShow();

	//virtual_address maybe:0x140023430
 	void undoReturnMenuToShow();

	//virtual_address maybe:0x140020c00
 	void openRecentFile(QString fileName);

	//virtual_address maybe:0x140020b30
 	void navMenuClick();

	//virtual_address maybe:0x140022ea0
 	void statusBarContextMenu(QPoint p);

	//virtual_address maybe:0x140022e60
 	void statusBarAnalysisInd();

	//virtual_address maybe:0x140020ef0
 	void procSpecAnalysisOptions();

	//virtual_address maybe:0x14001d9f0
 	void displayHelp();

	//virtual_address maybe:0x1400a0dc0
 	void ComboBoxDebuggersChanged();

	//virtual_address maybe:0x140019ca0
 	void FlowChartLabelsClicked();

	//virtual_address maybe:0x140023520
 	void viewSwitcherDisplayTimeout();

}

class ActionsInspector{
	//static_metacall dispatch:0x1401d5e40
public slots:
	//virtual_address maybe:0x140092010
 	bool shortcut_edited();

	//virtual_address maybe:0x140091ae0
 	bool restore_clicked();

	//virtual_address maybe:0x140091f00
 	bool set_clicked();

	//virtual_address maybe:0x140091160
 	bool help_clicked();

	//virtual_address maybe:0x140091900
 	bool reset_clicked();

	//virtual_address maybe:0x140091c70
 	bool save_clicked();

	//virtual_address maybe:0x1400922f0
 	void toggle_disabled_state_changed(int );

	//virtual_address maybe:0x1400922d0
 	void toggle_conflicts_state_changed(int );

private slots:
	//virtual_address maybe:0x0
 	void form_activate();

	//virtual_address maybe:0x0
 	void form_deactivate();

}

class AbstractRenderer{
	//static_metacall dispatch:0x1401d6140
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	bool modelLoaded();

}

class qobject_lifecycle_monitor_t{
	//static_metacall dispatch:0x1401d6870
private slots:
	//virtual_address maybe:0x0
 	bool onObjectDestroyed();

}

class caret_status_t{
	//static_metacall dispatch:0x1401d6810
private slots:
	//virtual_address maybe:0x14003d750
 	void onCaretBlinkIntervalChanged(int was,int new_interval);

}

class highlight_t{
	//static_metacall dispatch:0x1401d6830
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	bool changed();

}

class CustomIDAMemo{
	//static_metacall dispatch:0x1401d6620
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void placeChanged(const place_t* );

	//virtual_address maybe:0x1402060c0
 	void cursorChanged();

	//virtual_address maybe:0x1402060c0
 	void rendererChanged(tcc_renderer_type_t );

	//virtual_address maybe:0x1402060c0
 	void resized();

private slots:
	//virtual_address maybe:0x140042d70
 	void vertActionTriggered(int action);

	//virtual_address maybe:0x14003ad70
 	void horizActionTriggered(int action);

	//virtual_address maybe:0x14003d7c0
 	void traceBufChangeCompleted();

	//virtual_address maybe:0x14003d7c0
 	void onHighlightChanged();

	//virtual_address maybe:0x14003d7f0
 	void onSyncRequested();

public slots:
	//virtual_address maybe:0x0
 	void on_layout_performed();

protected slots:
	//virtual_address maybe:0x0
 	void form_activate();

	//virtual_address maybe:0x0
 	void form_deactivate();

	//virtual_address maybe:0x0
 	void form_help();

}

class IDAViewHost{
	//static_metacall dispatch:0x1401d6c00
private slots:
	//virtual_address maybe:0x14004aa10
 	void onSplitterMoved(int pos,int index);

	//virtual_address maybe:0x14004aa20
 	void onViewFocusAcquired();

	//virtual_address maybe:0x14004aa40
 	void onViewPlaceChanged(const place_t* p);

	//virtual_address maybe:0x14004a9f0
 	void onRendererChanged(tcc_renderer_type_t rt);

	//virtual_address maybe:0x0
 	void on_layout_performed();

}

class blinking_t{
	//static_metacall dispatch:0x1401d72a0
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void blinkingChanged(bool state);

}

class graph_mouse_pos_t{
	//static_metacall dispatch:0x1401d7310
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void mouseOverChanged(const selection_item_t* item);

}

class highlit_t{
	//static_metacall dispatch:0x1401d7380
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	bool nodesChanged();

	//virtual_address maybe:0x1402060c0
 	bool edgesChanged();

}

class CIMBridge{
	//static_metacall dispatch:0x1401d7800
public slots:
	//virtual_address maybe:0x14007d930
 	void customidamemo_renderer_changed(tcc_renderer_type_t );

	//virtual_address maybe:0x14007d9a0
 	void graphrenderer_graph_layout_changed();

	//virtual_address maybe:0x14007d990
 	void graphrenderer_gli_changed();

}

class GraphMiniView{
	//static_metacall dispatch:0x1401d7830
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void availabilityUpdated(bool avail);

public slots:
	//virtual_address maybe:0x14007e4e0
 	void traceBufChangeCompleted();

}

class uicontext_t{
	//static_metacall dispatch:0x1400443a0
}

class TChooser{
	//static_metacall dispatch:0x1401d7db0
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	bool focusNextSibling();

private slots:
	//virtual_address maybe:0x1400e3e60
 	bool on_ok_clicked();

	//virtual_address maybe:0x1400e3e80
 	bool on_search_clicked();

	//virtual_address maybe:0x1400e54b0
 	void selectionChanged(QItemSelection selected);

	//virtual_address maybe:0x1400e3480
 	void itemDoubleClicked(QModelIndex index);

	//virtual_address maybe:0x1400e23a0
 	void form_activate();

	//virtual_address maybe:0x1400e24c0
 	void form_deactivate();

	//virtual_address maybe:0x1400e2500
 	void form_help();

	//virtual_address maybe:0x1400e4840
 	void quick_filter_changed();

	//virtual_address maybe:0x1400e4940
 	void quick_filter_reserved_key_press(QKeyEvent ke);

}

class TChooserItemDelegate{
	//static_metacall dispatch:0x1400443a0
}

class TMyDialog{
	//static_metacall dispatch:0x1401d81e0
private slots:
	//virtual_address maybe:0x1400ee7c0
 	bool on_button_yes();

	//virtual_address maybe:0x1400e98a0
 	void button_box_clicked(QAbstractButton* button);

	//virtual_address maybe:0x1400eca80
 	void focus_previous_child();

	//virtual_address maybe:0x1400eca70
 	void focus_next_child();

	//virtual_address maybe:0x0
 	void form_activate();

	//virtual_address maybe:0x0
 	void form_deactivate();

	//virtual_address maybe:0x1400f11d0
 	void qtInputFieldChanged();

	//virtual_address maybe:0x1400f0d30
 	void qtButtonClicked(int idx);

	//virtual_address maybe:0x1400f0f50
 	void qtFileBtnClicked(int idx);

	//virtual_address maybe:0x1400f0e80
 	void qtColorButtonClicked(int idx);

	//virtual_address maybe:0x1400f0dc0
 	void qtChooserSelectionChanged();

	//virtual_address maybe:0x1400f0ed0
 	void qtEditFieldChanged();

}

class EditContainer{
	//static_metacall dispatch:0x1401d81d0
private slots:
	//virtual_address maybe:0x0
 	bool cursor_changed();

}

class text_event_filter_t{
	//static_metacall dispatch:0x1400443a0
}

class TextArrows{
	//static_metacall dispatch:0x1401d8a00
private slots:
	//virtual_address maybe:0x140155d60
 	bool onFlatModelLoaded();

}

class HintProvider{
	//static_metacall dispatch:0x1400443a0
}

class ColorButtonView{
	//static_metacall dispatch:0x1401d8dc0
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void colorChanged(QColor color);

}

class ColorButton{
	//static_metacall dispatch:0x1401d8d20
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void colorChanged(QColor color);

private slots:
	//virtual_address maybe:0x140160e10
 	void on_mainButton_clicked();

	//virtual_address maybe:0x140160f10
 	void on_mainButton_colorChanged(QColor color);

	//virtual_address maybe:0x140160fc0
 	void on_resetButton_clicked();

}

class FocusLabel{
	//static_metacall dispatch:0x1401d9030
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	bool clicked();

	//virtual_address maybe:0x1402060c0
 	bool hover();

public slots:
	//virtual_address maybe:0x140161830
 	bool focusLabel();

	//get virtual_address maybe:0x1401d8e50
 	QString associatedWidgetName;

}

class MVCComboBox{
	//static_metacall dispatch:0x1400443a0
}

class MVCListView{
	//static_metacall dispatch:0x1400443a0
}

class TNavBand{
	//static_metacall dispatch:0x1401d9280
public slots:
	//virtual_address maybe:0x140167300
 	bool refresh_all();

	//virtual_address maybe:0x140168490
 	bool zoom_in();

	//virtual_address maybe:0x1401684a0
 	bool zoom_out();

	//virtual_address maybe:0x1401684b0
 	void zoom_scale(asize_t scale);

	//virtual_address maybe:0x140167cc0
 	void scroll();

	//virtual_address maybe:0x140165e30
 	void SbMouseDown();

	//virtual_address maybe:0x140165e80
 	void SbMouseUp();

}

class FramedLabel{
	//static_metacall dispatch:0x1400443a0
}

class BarDockWidget{
	//static_metacall dispatch:0x1401d9940
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void dockStatusChanged(int );

private slots:
	//virtual_address maybe:0x140183440
 	void dockAreaChanged(Qt::DockWidgetArea area);

	//virtual_address maybe:0x1401834e0
 	void dockFloatingChanged();

}

class NoDockTitleBar{
	//static_metacall dispatch:0x1400443a0
}

class TNavBox{
	//static_metacall dispatch:0x1401d9ac0
protected slots:
	//virtual_address maybe:0x0
 	bool form_activate();

	//virtual_address maybe:0x0
 	bool form_deactivate();

private slots:
	//virtual_address maybe:0x140184950
 	void dockChanged(int status);

	//virtual_address maybe:0x140184790
 	void displayChanged(int index);

public slots:
	//virtual_address maybe:0x140184530
 	void bandHint();

}

class SOStructsAndUnions{
	//static_metacall dispatch:0x1401da420
private slots:
	//virtual_address maybe:0x0
 	bool form_activate();

	//virtual_address maybe:0x0
 	bool form_deactivate();

}

class SOTypeOffsets{
	//static_metacall dispatch:0x1401da450
private slots:
	//virtual_address maybe:0x0
 	bool form_activate();

	//virtual_address maybe:0x0
 	bool form_deactivate();

}

class HexSpinBox{
	//static_metacall dispatch:0x1400443a0
}

class IdaTableWidget{
	//static_metacall dispatch:0x1401da640
public slots:
	//virtual_address maybe:0x1401a1610
 	void show_popup(QPoint );

}

class TCallBox{
	//static_metacall dispatch:0x1401da660
public slots:
	//virtual_address maybe:0x1401a1340
 	bool callersHint();

	//virtual_address maybe:0x1401a12f0
 	bool calleesHint();

	//virtual_address maybe:0x1401a13c0
 	void itemActivated(QTableWidgetItem* item);

	//virtual_address maybe:0x1400443a0
 	void form_activate();

	//virtual_address maybe:0x1400443a0
 	void form_deactivate();

}

class TCustomIDAText{
	//static_metacall dispatch:0x1401daa20
public slots:
	//virtual_address maybe:0x1401a4070
 	bool hint();

}

class RegJumpButton{
	//static_metacall dispatch:0x1400443a0
}

class RegValue{
	//static_metacall dispatch:0x1400443a0
}

class TCpuRegs{
	//static_metacall dispatch:0x1401da9f0
private slots:
	//virtual_address maybe:0x0
 	bool form_activate();

	//virtual_address maybe:0x0
 	bool form_deactivate();

	//virtual_address maybe:0x1401a5bd0
 	void valueContextMenu(QPoint p);

public slots:
	//virtual_address maybe:0x1401a4200
 	void jump_button_click();

}

class TNoteBox{
	//static_metacall dispatch:0x1401dabd0
private slots:
	//virtual_address maybe:0x1401a6e10
 	bool form_activate();

	//virtual_address maybe:0x1401a6e60
 	bool form_deactivate();

	//virtual_address maybe:0x1401a6e70
 	bool form_help();

	//virtual_address maybe:0x1401a6b50
 	void custom_context_menu_requested(QPoint pos);

}

class CLIWidget{
	//static_metacall dispatch:0x1401dad10
private slots:
	//virtual_address maybe:0x1401a8eb0
 	bool switch_cli_clicked();

	//virtual_address maybe:0x1401a7bc0
 	bool button_click();

	//virtual_address maybe:0x1401a8030
 	void custom_context_menu_requested(QPoint pos);

	//virtual_address maybe:0x0
 	void form_activate();

	//virtual_address maybe:0x0
 	void form_deactivate();

public slots:
	//virtual_address maybe:0x1401a7da0
 	void complete_click_fwd();

	//virtual_address maybe:0x1401a7d80
 	void complete_click_back();

	//virtual_address maybe:0x1401a8a60
 	void next_cli();

	//virtual_address maybe:0x1401a8b80
 	void prev_cli();

	//virtual_address maybe:0x1401a8c80
 	void set_current_as_default();

	//virtual_address maybe:0x1401a8f00
 	void switch_to_default_cli();

	//virtual_address maybe:0x1401a8530
 	void execute_click();

}

class IDADialog{
	//static_metacall dispatch:0x1400443a0
}

class IDAFileDialog{
	//static_metacall dispatch:0x1400443a0
}

class IDAColorDialog{
	//static_metacall dispatch:0x1400443a0
}

class FixedFontDialog{
	//static_metacall dispatch:0x1401db500
private slots:
	//virtual_address maybe:0x1401b0750
 	void onFontSelected(QFont font);

	//virtual_address maybe:0x1401b0660
 	void onDialogButtonClicked(QAbstractButton* button);

}

class HelpViewer{
	//static_metacall dispatch:0x1401db650
private slots:
	//virtual_address maybe:0x1401b09d0
 	void i_display_help(int id);

}

class PluginForm{
	//static_metacall dispatch:0x1400443a0
public slots:
	//virtual_address maybe:0x0
 	bool form_activate();

	//virtual_address maybe:0x0
 	bool form_deactivate();

}

class SearchLineEdit{
	//static_metacall dispatch:0x1401dbbd0
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void reserved_key_press(QKeyEvent ke);

	//virtual_address maybe:0x1402060c0
 	void search_text_changed(QString txt);

	//virtual_address maybe:0x1402060c0
 	void search_history_changed(QString txt);

private slots:
	//virtual_address maybe:0x1401bf110
 	void text_changed(QString txt);

}

class SearchLineEditEx{
	//static_metacall dispatch:0x1401dbd10
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	void reserved_key_press(QKeyEvent ke);

	//virtual_address maybe:0x1402060c0
 	void filter_changed();

private slots:
	//virtual_address maybe:0x1401be4f0
 	void on_reserved_key_press(QKeyEvent ke);

	//virtual_address maybe:0x1401be690
 	void on_search_text_changed(QString txt);

	//virtual_address maybe:0x1401be530
 	void on_search_history_changed(QString txt);

public slots:
	//virtual_address maybe:0x1401becf0
 	void show_quick_filter();

	//virtual_address maybe:0x1401be470
 	void hide_quick_filter();

}

class LineInfoWidget{
	//static_metacall dispatch:0x1401dc060
private slots:
	//virtual_address maybe:0x1401bf450
 	bool check_line_info_ranges();

	//virtual_address maybe:0x1401bfd70
 	void on_cim_place_changed(const place_t* );

}

class CustomCodeViewer{
	//static_metacall dispatch:0x1400443a0
}

class TextEdit{
	//static_metacall dispatch:0x1401dc240
Q_SIGNALS:
	//virtual_address maybe:0x1402060c0
 	bool acceptDialog();

	//virtual_address maybe:0x1402060c0
 	bool focusNextSibling();

	//virtual_address maybe:0x1402060c0
 	bool focusPreviousSibling();

	//virtual_address maybe:0x1402060c0
 	bool textModified();

private slots:
	//virtual_address maybe:0x1401c08d0
 	bool changedText();

	//virtual_address maybe:0x1401c08e0
 	void contentsChanged(int pos,int removed,int added);

}

class TAddressDetailsContainer{
	//static_metacall dispatch:0x1401dc550
public slots:
	//virtual_address maybe:0x0
 	bool refresh();

}

class CollapsibleFrame{
	//static_metacall dispatch:0x1401dc540
private slots:
	//virtual_address maybe:0x0
 	bool changeState();

}

class TAddressDetails{
	//static_metacall dispatch:0x1401dca30
private slots:
	//virtual_address maybe:0x0
 	bool form_activate();

public slots:
	//virtual_address maybe:0x1401c5ca0
 	void update(uint32 mask);

public slots:
	//virtual_address maybe:0x1401c5ca0
 	void update();

}

class items_tree_model_t{
	//static_metacall dispatch:0x1401dcdc0
public slots:
	//virtual_address maybe:0x1401cbcf0
 	void onItemExpanded(QModelIndex parent);

}

class watch_view_t{
	//static_metacall dispatch:0x1401dcde0
protected slots:
	//virtual_address maybe:0x0
 	bool form_activate();

	//virtual_address maybe:0x0
 	bool form_deactivate();

	//virtual_address maybe:0x1401ca900
 	bool force_update_actions();

	//virtual_address maybe:0x0
 	void currentChanged(QModelIndex current,QModelIndex previous);

private slots:
	//virtual_address maybe:0x1401cbb30
 	void item_activated(QModelIndex index);

	//virtual_address maybe:0x1401ce500
 	void srcview_changed(QWidget* to);

}

class IdaMenu{
	//static_metacall dispatch:0x1400443a0
}

class QtSyntaxHighlighter{
	//static_metacall dispatch:0x1400443a0
}


附件是mac的命令行程序, windows的待编译

mac端下载

posted @ 2019-08-27 14:34  tieyan  阅读(2618)  评论(2编辑  收藏  举报