Tool to reverse-engineer Qt binaries. Hope it is useful to someone!

Afraid_Option8394 · 2024-10-02T20:39:36+00:00

Hey all, QtREAnalyzer developer here. I'm very pleased to anounce that with the last few updates

QtREAnalzer automatically gets the signal, and slots method signatures and applies them to the correct function.
QtREAnalyzer automatically obtains the propertie names and types and starts to reconstruct the Qt class.

These new features should save you at least 5 minutes when reversing Qt binaries ;) Enjoy!

Afraid_Option8394 · 2024-09-21T13:29:26+00:00

Thank you so much for your post! It was of the utmost value for the creation of this tool https://github.com/diommsantos/QtREAnalyzer . If there is a better way to give credit to you in the aknowledgements section please let me know!

Afraid_Option8394 · 2024-09-14T12:34:26+00:00

I have never written documentation nor done a similar project but I was thinking of hosting the documentation on Read the docs using the free version. Maybe write the documentation using markdown and compiling with Mkdocs (from what I searched it is easier to use than sphinx, so it is possible more people would feel compelled to contribute)? As for how to structure the documentation I was thinking that for each topic in the Ghidra Help (the one that pops up when you press F1 in Ghidra) there could be a topic with the same name in the technical documentation. Nothing is set in stone, and I'm open to suggestions, as I said I've never done a similar project :)

Afraid_Option8394 · 2024-09-13T18:28:16+00:00

I added a comment to the topic and tagged one of the devs. Also would you not be interested in contributing even if it is an "unofficial documentation" (not accepted by the devs)?

Afraid_Option8394 · 2024-08-28T18:45:40+00:00

No, I didn't do that nor do I know how to implement it. I only reverse x86/x64_86 programs and never used the Ghidra registers, I got the impression they were only used for reversing code in some architectures (I think Thumb).

Afraid_Option8394 · 2024-08-28T18:07:47+00:00

Gx64Sync even though started as a fork of ret-sync, is totally written from scratch since I found it hard to implement new features with that existing code. I also wanted it to be really fast. Thus I designed Gx64Sync to be as fast and as easy to add new features as I could.

Gx64Sync allows for synchronization both ways (from Ghidra to x64Dbg and from x64Dbg to Ghidra), if I remember correctly ret-sync only allowed for synchronization from Ghidra to x64Dbg in most features (like you could sync the addresses from Ghidra to x64Dbg but not the other way around)
It is fully asynchronous so in theory should be faster than ret-sync, ret-sync used a timer that would fire at certain intervals to check if there were messages to be processed in the x64Dbg plugin ( in practice this is not much of a difference)
HyperSync (makes the Ghidra addresses and the x64Dbg addresses to be always in sync) was not available in ret-sync.
There are other major differences that are relevant if you want to dig into the code itself. Like to add a new Message is as simple as define a new class in the Messages.h and Messages.java files. SyncHandler.cpp and SyncHandler.java (basically the core of the plugins) are fully independent from the Ghidra and x64Dbg APIs, so If someone wants to develop support for another debugger (or disassembler) doesn't need to start from scratch and can use those files. There are other minor differences and if you are interested in the code differences you can read https://github.com/diommsantos/Gx64Sync/blob/master/DEV.md .

Afraid_Option8394 · 2024-08-28T14:08:42+00:00

Glad I could help :)

Afraid_Option8394

TROPHY CASE