[docs]classClassIdentifier(Analysis):""" This is a class identifier for non stripped or partially stripped binaries, it identifies classes based on the demangled function names, and also assigns functions to their respective classes based on their names. It also uses the results from the VtableFinder analysis to assign the corresponding vtable to the classes. self.classes contains a mapping between class names and SimCppClass objects e.g. A::tool() and A::qux() belong to the class A """
def_analyze(self):# Assigning function to classesforfuncinself.project.kb.functions.values():iffunc.is_plt:continuecol_ind=func.demangled_name.rfind("::")class_name=func.demangled_name[:col_ind]ifclass_name.startswith("non-virtual thunk for "):class_name=class_name[len("non-virtual thunk for "):]ifcol_ind!=-1:ifclass_namenotinself.classes:ctor=Falseiffunc.demangled_name.find("{ctor}"):ctor=Truefunction_members={func.addr:SimTypeCppFunction([],None,label=func.demangled_name,ctor=ctor)}new_class=SimCppClass(name=class_name,function_members=function_members)self.classes[class_name]=new_classelse:ctor=Falseiffunc.demangled_name.find("{ctor}"):ctor=Truecur_class=self.classes[class_name]cur_class.function_members[func.addr]=SimTypeCppFunction([],None,label=func.demangled_name,ctor=ctor)# Assigning a vtable to a classforvtableinself.vtables_list:forrefinself.project.kb.xrefs.xrefs_by_dst[vtable.vaddr]:vtable_calling_func=self.project.kb.functions.floor_func(ref.ins_addr)tmp_col_ind=vtable_calling_func.demangled_name.rfind("::")possible_constructor_class_name=vtable_calling_func.demangled_name[:tmp_col_ind]if"ctor"invtable_calling_func.demangled_nameandpossible_constructor_class_nameinself.classes:self.classes[possible_constructor_class_name].vtable_ptrs.append(vtable.vaddr)