From c5e73fdae3db322b12f9c45d7a4d371012be5c0f Mon Sep 17 00:00:00 2001
From: Andreas Ziegler <andreas.ziegler@fau.de>
Date: Fri, 11 Mar 2022 11:08:28 +0100
Subject: [PATCH] library: register additional offset for vtable objects

As C++ vtables generated by g++ start with a qword 0 (on x86_64)
and a qword for the RTTI for the object, the compiler knows that
it can also access <vtable_offset>+16 as the base address for
virtual function pointers. In order to detect such references
from the disassembly, note these offsets as local objects as
well and have them point at the surrounding vtable symbol table
object through Library.object_to_objects.
---
 librarytrader/library.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/librarytrader/library.py b/librarytrader/library.py
index 56acab7..1c2a902 100644
--- a/librarytrader/library.py
+++ b/librarytrader/library.py
@@ -1008,6 +1008,14 @@ class Library:
                         self.exported_obj_names[name] = addr
                         self.object_ranges[addr] = max(self.object_ranges.get(addr, 0), size)
                 elif symbol_bind == 'STB_LOCAL':
+                    if symbol.name.startswith('_ZTV'):
+                        vtable_fn_offset = 8 if self.is_i386() else 16
+                        if vtable_fn_offset < symbol['st_size']:
+                            logging.debug('%s:%x is a vtable, adding additional'\
+                                          ' pointer with offset %d',
+                                          self.fullname, addr, vtable_fn_offset)
+                            vtable_start = addr + vtable_fn_offset
+                            self.object_to_objects[vtable_start].add(addr)
                     self.local_objs[addr].append(symbol.name)
                     # Names are not unique for local objects!
                     self.object_ranges[addr] = max(self.object_ranges.get(addr, 0), symbol['st_size'])
-- 
GitLab