ghidra007

There is a prototype/proof of concept script in Ghidra called RecoverClassesFromRTTIScript.java that will figure out the class information if there is RTTI in the program for Windows programs and some...

Are they the ones with the old RTTI format? If so, we have a fix in progress. Once that fix is added to the RTTI analyzer then yes this will...

Currently cannot do this. Creating an issue for prioritization.

I believe this is fixed in the latest code which will be released in the upcoming 10.2 release (or is available if you pull the latest and build your own)....

> > Are they the ones with the old RTTI format? If so, we have a fix in progress. Once that fix is added to the RTTI analyzer then yes...

@0xBEEEF Thanks for the request and links. There are a ton of things on the list for handling various forms of RTTI. Hopefully we can get to them all at...

> > We are currently working on a more generic class recovery script for classes without RTTI. It finds vftables, figures out class hierarchy where it can and basically does...

@justanotheranonymoususer Did you try the DemangleAllScript? I believe that will demangle all symbols, even the secondary ones. If you want to just demangle one at a time, you can click...

> I didn't try. I'll try, but that sounds like a hassle, equivalent to opening WinDbg and using it for that. That's what I've been doing a couple of times....

@justanotheranonymoususer It should have demangled any secondary symbols at addresses where there already is a demangled symbol. I agree it spits out a bit too much info -- it tries...