This paper presents a method for automatic reconstruction of polymorphic class hierarchies from the assembly code obtained by compiling a C++ program. If the program is compiled with run-time type information (RTTI), class hierarchy is reconstructed via analysis of RTTI structures. In case RTTI structures are missing in the assembly, a technique based on the analysis of virtual function tables, constructors and destructors is used. A tool for automatic reconstruction of polymorphic class hierarchies that implements the described technique is presented. This tool is implemented as a plug in for IDA Pro Interactive Disassembler. Experimental study of the tool is provided.
Mendeley saves you time finding and organizing research
Choose a citation style from the tabs below