Class Dumper is a tool for quickly dumping class information from a running executable
This tool only targets MSVC compiled executables (Microsoft's compiler) which a lot of game
developers use these days.
ClassDumper Github Repo
EDIT: Noticing some improvements I can make regarding multiple inheritance, specifically when it comes to naming related vtables and repeating
instances in inheritance.txt. Will be working on this soon (TM). Hint it involves the stuff I still don't understand yet with RTTI, (PMD where struct)
You simply inject it into the target using any injector you like. It will run and collect an dump information
directly to the desktop in separate folders based on the main executable name.
Make sure to use the correct x32 or x64 build for the target.
Depending on the target it can take about half a second to 5 seconds to complete the dump
which is a lot faster than pulling up IDA and waiting for analysis to complete so you can run Class Informer
This project is a remake of my original RTTIDumper tool. Which was slow, and buggy and awful.
It uses a better method to find and read the RTTI information and Virtual Tables which is described in the GitHub readme
Example output screen
Example output files
As you can see on the left here, This ZHitman5 object is actually the player object
You can see all the interfaces used and their vtable offset
e.g. ICharacterCollision interface vtable is at offset 0x2D0 from the object's base address
And on the right is the virtual function table dump for the ZHitman5 class
The 'M' means this class has multiple inheritance
You can see each function has an index, address, rva and function name
This tool uses similar naming conventions to IDA for functions
it classifies nullsubs as well as what I call ret0 subs which are similar but have ret 0 instruction instead of just ret
I plan on adding a few more features and things in the possibly near future.
If you dislike the output format you can tune it to your liking too by editing my disgusting code which is undocumented for now
I may also incorporate as a plugin for tools like cheat engine somehow. Maybe an automatic object instance scanner/dissector? idk. we'll see
This tool only targets MSVC compiled executables (Microsoft's compiler) which a lot of game
developers use these days.
ClassDumper Github Repo
EDIT: Noticing some improvements I can make regarding multiple inheritance, specifically when it comes to naming related vtables and repeating
instances in inheritance.txt. Will be working on this soon (TM). Hint it involves the stuff I still don't understand yet with RTTI, (PMD where struct)
You simply inject it into the target using any injector you like. It will run and collect an dump information
directly to the desktop in separate folders based on the main executable name.
Make sure to use the correct x32 or x64 build for the target.
Depending on the target it can take about half a second to 5 seconds to complete the dump
which is a lot faster than pulling up IDA and waiting for analysis to complete so you can run Class Informer
This project is a remake of my original RTTIDumper tool. Which was slow, and buggy and awful.
It uses a better method to find and read the RTTI information and Virtual Tables which is described in the GitHub readme
Example output screen
Example output files
As you can see on the left here, This ZHitman5 object is actually the player object
You can see all the interfaces used and their vtable offset
e.g. ICharacterCollision interface vtable is at offset 0x2D0 from the object's base address
And on the right is the virtual function table dump for the ZHitman5 class
The 'M' means this class has multiple inheritance
You can see each function has an index, address, rva and function name
This tool uses similar naming conventions to IDA for functions
it classifies nullsubs as well as what I call ret0 subs which are similar but have ret 0 instruction instead of just ret
I plan on adding a few more features and things in the possibly near future.
If you dislike the output format you can tune it to your liking too by editing my disgusting code which is undocumented for now
I may also incorporate as a plugin for tools like cheat engine somehow. Maybe an automatic object instance scanner/dissector? idk. we'll see
Last edited by a moderator:
