Home

Awesome

classgen

Small Clang-based tool to dump type information (enums, records, vtables) from a C++ codebase.

Prerequisites

Building from source

  1. git clone --recursive https://github.com/leoetlino/classgen
  2. mkdir build then cd build
  3. cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo
    • This will automatically locate an existing install of LLVM.
    • If you compiled Clang from source, add -DCMAKE_PREFIX_PATH=/path/to/llvm-project/build/lib/cmake
    • If you are using a pre-built release from releases.llvm.org, add -DCMAKE_PREFIX_PATH=/path/to/extracted/archive/lib/cmake
  4. cmake --build .

Usage

Generating type dumps

Use classgen-dump to generate a JSON type dump that can be imported into other tools:

classgen-dump [source files...] [options] > output.json

If you have a compilation database for your project, you can pass -p [path to database or build dir] to tell classgen-dump to load compilation flags from the database.

Example command line for BotW:

classgen-dump -p build/ > types.json -i src/KingSystem/Physics/RigidBody/physRigidBody.cpp src/KingSystem/Physics/System/physUserTag.cpp

(Note that there is no need to pass compile flags manually because they are loaded from the compilation database thanks to the -p option.)

Useful options:

classgen-dump hello.cpp -- -target aarch64-none-elf -march=armv8-a+crc+crypto -std=c++20 [etc.]

Visualising type dumps

Type dumps can be easily visualised using a simple web-based viewer app (viewer.html). You can find an online (but possibly outdated) version of the viewer at https://botw.link/classgen-viewer

Importing a type dump into IDA

To import a type dump into an IDA database, just run the ida/classgen_load.py script (requires IDAPython).

Partial type imports are supported -- you can choose which types to import. Please note that importing a struct will recursively import all of its dependencies (member field types, pointer types, member function return types, etc.) Warning: Any type that already exists will be overwritten.

Known issues:

Speeding up imports

To avoid useless re-imports, the IDA script keeps track of type definitions that have already been imported into the IDB. The type record is stored in a JSON file next to the IDB with the .imported file extension suffix.

If you want to force a type to be imported (e.g. because you have manually edited a struct in IDA and classgen isn't detecting the change), just tick the "Force re-import" checkbox when importing.

As yet another import time optimisation, it is possible to specify a list of types that will never be imported; instead, classgen will assume that they already exist in the IDB and will never attempt to create or update them. (This is also useful for minimising potential type breakage due to IDA bugs.) Simply create a text file next to the IDB with the .skip file extension suffix, and write each type that should be skipped on its own line.