From c5e73fdae3db322b12f9c45d7a4d371012be5c0f Mon Sep 17 00:00:00 2001 From: Andreas Ziegler <andreas.ziegler@fau.de> Date: Fri, 11 Mar 2022 11:08:28 +0100 Subject: [PATCH] library: register additional offset for vtable objects As C++ vtables generated by g++ start with a qword 0 (on x86_64) and a qword for the RTTI for the object, the compiler knows that it can also access <vtable_offset>+16 as the base address for virtual function pointers. In order to detect such references from the disassembly, note these offsets as local objects as well and have them point at the surrounding vtable symbol table object through Library.object_to_objects. --- librarytrader/library.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/librarytrader/library.py b/librarytrader/library.py index 56acab7..1c2a902 100644 --- a/librarytrader/library.py +++ b/librarytrader/library.py @@ -1008,6 +1008,14 @@ class Library: self.exported_obj_names[name] = addr self.object_ranges[addr] = max(self.object_ranges.get(addr, 0), size) elif symbol_bind == 'STB_LOCAL': + if symbol.name.startswith('_ZTV'): + vtable_fn_offset = 8 if self.is_i386() else 16 + if vtable_fn_offset < symbol['st_size']: + logging.debug('%s:%x is a vtable, adding additional'\ + ' pointer with offset %d', + self.fullname, addr, vtable_fn_offset) + vtable_start = addr + vtable_fn_offset + self.object_to_objects[vtable_start].add(addr) self.local_objs[addr].append(symbol.name) # Names are not unique for local objects! self.object_ranges[addr] = max(self.object_ranges.get(addr, 0), symbol['st_size']) -- GitLab