IDA annotates some items as: typeinfo for _classname_.
What is that typeinfo, is it the same as type_info? What information may be extracted from it? (e.g. I'd like to know the object size or virtual function table size).
I am particularly interested in GNU C++ (G++) from Android NDK for ARM.
These objects are indeed instances of the type_info class (or, more likely, one of its descendants). The structure of those classes is described in the Itanium C++ ABI. You can also inspect the rtti.h file from GCC.
For a trimmed-down, data-only representation of these classes, check my Recon 2012 presentation (start at slide 27 or so).
To add Igor Skochinsky's answer:
Given VFT address, you can print the mangled class name:
unsigned int* vmtaddr = *(int*)obj_addr; DLOG("class name: _Z%s",((char***)vmtaddr)[-1][1]); The class name may be decoded with c++filt.
(The _Z thing is not stored there, but required for c++filt to work.)
You can also print the inheritance chain (the trick is that typeinfo is also an object, and if it is a __cxxabiv1::__si_class_type_info, against whose mangled name we strcmp(), there has been single inheritance and a pointer to the superclass typeinfo follows the pointer to name):
char* classchain = strrealloccat(NULL, "_Z"); char**ptypeinfo = ((char***)vmtaddr[-1]); for (; ptypeinfo ; ptypeinfo = !strcmp(((char***)ptypeinfo[0])[-1][1], "N10__cxxabiv120__si_class_type_infoE") ? (char**)ptypeinfo[2] : 0) { //DLOG("tinfo: %p",ptypeinfo); //DLOG("class: _Z%s meta: _Z%s",ptypeinfo[1], ((char***)ptypeinfo[0])[-1][1]); //DLOG("meta : _Z%s",((char***)ptypeinfo[0])[-1][1]); classchain = strrealloccat(strrealloccat(classchain, ptypeinfo[1]), " _Z"); } DLOG("inheritance chain: %s",classchain); free(classchain); where strrealloccat() is defined as:
char* strrealloccat(char* buffer0, char *addition) { char* buffer = realloc(buffer0, (buffer0 ? strlen(buffer0) : 0) + strlen(addition) + sizeof(char)); if (!buffer) { return buffer; } if(!buffer0) { *buffer = 0; } return strcat(buffer, addition); } _Z4hopeN4this5helpsE
