SOAdvancedDissector/README.md

SOAdvancedDissector
-------------------

SOAdvancedDissector is a Python(3) script that rely on _GNU readelf_, _c++filt_ and _vtable-dumper_ to extract symbols from Linux shared libraries (.so file).

Thanks to these symbols, the full class hierarchy is built allowing to link your code with the target library.

Nevertheless, extracted information is only the start of work. It needs to be reworked to find function type returns, attributes types, filter public/private functions/attributes/methods, add some class attributes and clean some unneeded symbols.

**Important** vtable-dumper has been forked, the original tool must not be used because it doesn't (for now) implements all needed features. Please use the one from https://github.com/soutade/vtable-dumper


Details
=======

A first pass is done thanks to _readelf_ + binary analysis to extract static information, it's mandatory. It scans _typeinfo_ and _vtable_ entries.

A second optional pass use _vtable-dumper_ which load the shared library allowing to read runtime vtable (which can be cleared in static file compiled with -fPIC) and find class hierarchy. This can be done apart, especially if shared library has been compiled for another platform (ARM).


Improvments
===========

This tool has been designed to do reverse engineering of a specific library (_librmsdk.so_ from Adobe) and even if I tried to do my best, it may doesn't cover all your cases. I won't do a long term support on it but feel free to send patches.


Usage
-----

    SOAdvancedDissector.py [-h] -f TARGET -s SECTION_FILE -S SYMBOL_FILE [-V VTABLE_FILE] [-o OUTPUT_DIR] [-c] [-r]

  -h, --help            show this help message and exit
  -f TARGET, --file TARGET
                        Target file
  -s SECTION_FILE, --section-file SECTION_FILE
                        Section file (result from 'readelf --sections|c++filt')
  -S SYMBOL_FILE, --symbol-file SYMBOL_FILE
                        Symbol file (result from 'readelf -sW|c++filt')
  -V VTABLE_FILE, --vtable-file VTABLE_FILE
                        Dynamic vtable file (result from 'vtable-dumper --demangle|c++filt')
  -o OUTPUT_DIR, --output-dir OUTPUT_DIR
                        output directory (default ./output)
  -c, --clean-output-dir
                        Clean output directory before computing (instead update it)
  -r, --print-raw-virtual-table
                        Print raw virtual table (debug purpose)


It's recommended to use _SOAdvancedDissector.sh_ script that do all tools extraction stuff.


Sources
-------

Sources can be found @ http://indefero.soutade.fr/p/soadvanceddissector


Copyright
---------

Grégory Soutadé


Licence
-------

GNU GPLv3
Initial commit 2021-05-08 18:57:54 +02:00			`SOAdvancedDissector`
			`-------------------`

			`SOAdvancedDissector is a Python(3) script that rely on _GNU readelf_, _c++filt_ and _vtable-dumper_ to extract symbols from Linux shared libraries (.so file).`

			`Thanks to these symbols, the full class hierarchy is built allowing to link your code with the target library.`

			`Nevertheless, extracted information is only the start of work. It needs to be reworked to find function type returns, attributes types, filter public/private functions/attributes/methods, add some class attributes and clean some unneeded symbols.`

			`Important vtable-dumper has been forked, the original tool must not be used because it doesn't (for now) implements all needed features. Please use the one from https://github.com/soutade/vtable-dumper`


			`Details`
			`=======`

			`A first pass is done thanks to _readelf_ + binary analysis to extract static information, it's mandatory. It scans _typeinfo_ and _vtable_ entries.`

			`A second optional pass use _vtable-dumper_ which load the shared library allowing to read runtime vtable (which can be cleared in static file compiled with -fPIC) and find class hierarchy. This can be done apart, especially if shared library has been compiled for another platform (ARM).`


			`Improvments`
			`===========`

			`This tool has been designed to do reverse engineering of a specific library (_librmsdk.so_ from Adobe) and even if I tried to do my best, it may doesn't cover all your cases. I won't do a long term support on it but feel free to send patches.`


			`Usage`
			`-----`

			`SOAdvancedDissector.py [-h] -f TARGET -s SECTION_FILE -S SYMBOL_FILE [-V VTABLE_FILE] [-o OUTPUT_DIR] [-c] [-r]`

			`-h, --help show this help message and exit`
			`-f TARGET, --file TARGET`
			`Target file`
			`-s SECTION_FILE, --section-file SECTION_FILE`
			`Section file (result from 'readelf --sections\|c++filt')`
			`-S SYMBOL_FILE, --symbol-file SYMBOL_FILE`
			`Symbol file (result from 'readelf -sW\|c++filt')`
			`-V VTABLE_FILE, --vtable-file VTABLE_FILE`
			`Dynamic vtable file (result from 'vtable-dumper --demangle\|c++filt')`
			`-o OUTPUT_DIR, --output-dir OUTPUT_DIR`
			`output directory (default ./output)`
			`-c, --clean-output-dir`
			`Clean output directory before computing (instead update it)`
			`-r, --print-raw-virtual-table`
			`Print raw virtual table (debug purpose)`


			`It's recommended to use _SOAdvancedDissector.sh_ script that do all tools extraction stuff.`


			`Sources`
			`-------`

			`Sources can be found @ http://indefero.soutade.fr/p/soadvanceddissector`


			`Copyright`
			`---------`

			`Grégory Soutadé`


			`Licence`
			`-------`

			`GNU GPLv3`