Results 1 to 3 of 3

Thread: reversing Qt programs

  1. #1
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430

    reversing Qt programs

    Hi all,
    I am finding more and more targets using the Qt libraries, then I started to get interested in this framework, also from the reversing point of view.
    What I found is that these programs are really difficult to follow because the library adds a lot of code to the programs and becomes hard to distinguish code of the application or of the library.

    I was then wondering if there are some tutorials on Qt reversing or signatures for IDA or whatever someone did in the past.

    10x in advance.
    Shub
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  2. #2
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    The MetaData compiler creates metadata for every Qt widget, this is necessary becuase Qt uses the signal / slot mechanism they invented. Meaning you can connect the signal of a child widget to the slot of the parent. This is great for GUI coding, but it should simplify the life of a reverser. Let's look at the c++ file generated by the moc for a qwidget:

    Code:
    QT_BEGIN_MOC_NAMESPACE
    static const uint qt_meta_data_MainWindow[] = {
    
     // content:
           1,       // revision
           0,       // classname
           0,    0, // classinfo
          10,   10, // methods
           0,    0, // properties
           0,    0, // enums/sets
    
     // slots: signature, parameters, type, tag, flags
          12,   11,   11,   11, 0x0a,
          31,   22,   11,   11, 0x0a,
          49,   11,   11,   11, 0x08,
          56,   11,   11,   11, 0x08,
          63,   11,   11,   11, 0x08,
          72,   11,   11,   11, 0x08,
          78,   11,   11,   11, 0x08,
          85,   11,   11,   11, 0x08,
          93,   11,   11,   11, 0x08,
         101,   11,   11,   11, 0x08,
    
           0        // eod
    };
    
    static const char qt_meta_stringdata_MainWindow[] = {
        "MainWindow\0\0newFile()\0fileName\0"
        "openFile(QString)\0open()\0save()\0"
        "saveAs()\0cut()\0copy()\0paste()\0about()\0"
        "updateMenus()\0"
    };
    
    const QMetaObject MainWindow::staticMetaObject = {
        { &QMainWindow::staticMetaObject, qt_meta_stringdata_MainWindow,
          qt_meta_data_MainWindow, 0 }
    };
    
    const QMetaObject *MainWindow::metaObject() const
    {
        return &staticMetaObject;
    }
    
    void *MainWindow::qt_metacast(const char *_clname)
    {
        if (!_clname) return 0;
        if (!strcmp(_clname, qt_meta_stringdata_MainWindow))
    	return static_cast<void*>(const_cast< MainWindow*>(this));
        return QMainWindow::qt_metacast(_clname);
    }
    
    int MainWindow::qt_metacall(QMetaObject::Call _c, int _id, void **_a)
    {
        _id = QMainWindow::qt_metacall(_c, _id, _a);
        if (_id < 0)
            return _id;
        if (_c == QMetaObject::InvokeMetaMethod) {
            switch (_id) {
            case 0: newFile(); break;
            case 1: openFile((*reinterpret_cast< const QString(*)>(_a[1]))); break;
            case 2: open(); break;
            case 3: save(); break;
            case 4: saveAs(); break;
            case 5: cut(); break;
            case 6: copy(); break;
            case 7: paste(); break;
            case 8: about(); break;
            case 9: updateMenus(); break;
            }
            _id -= 10;
        }
        return _id;
    }
    QT_END_MOC_NAMESPACE@
    qt_metacall seems to respect the order of qt_meta_stringdata_MainWindow (counting only the methods marked with ()). So, it is possible in Qt to associate a name to a slot (of course). I wouldn't know how easy it is reversing Qt, but in theory it shouldn't be that difficult, even if the code added is in fact very much, we might just lack the necessary tools. An IDC script could solve the names for the methods of a QWidget, given the qt_metacall method and the qt_meta_stringdata_X.

  3. #3
    I'm not sure but maybe this would help...?

    http://www.reversing.org/taxonomy_menu/1/3
    Externalist

Similar Threads

  1. How trace multithreaded programs?
    By Adrian in forum OllyDbg Support Forums
    Replies: 5
    Last Post: April 25th, 2005, 13:47
  2. Debug .Net and Powerbuilder programs?
    By wincor in forum OllyDbg Support Forums
    Replies: 2
    Last Post: September 16th, 2004, 00:49
  3. Winsock spy programs
    By dELTA in forum Tools of Our Trade (TOT) Messageboard
    Replies: 7
    Last Post: January 18th, 2003, 12:15
  4. Java programs cracking
    By PoVVe(R) in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: December 12th, 2001, 17:49
  5. Realbasic programs any experience here ???
    By YuGung in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: January 6th, 2001, 05:04

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •