angr.analyses.find_objects_static

class angr.analyses.find_objects_static.PossibleObject

Bases: object

This holds the address and class name of possible class instances. The address that it holds in mapped outside the binary so it is only valid in this analysis. TO DO: map the address to its uses in the registers/memory locations in the instructions

__init__(size, addr, class_name=None)

class angr.analyses.find_objects_static.NewFunctionHandler

Bases: FunctionHandler

This handles calls to the function new(), by recording the size parameter passed to it and also assigns a new

address outside the mapped binary to the newly created space(possible object).

It also tracks if the function called right after new() is passed the same ‘this’ pointer and is a constructor, if so we mark it as an instance of the class the constructor belongs to.(only for non stripped binaries)

handle_local_function(state, data)

Parameters:

• state (ReachingDefinitionsState)

• data (FunctionCallData)

class angr.analyses.find_objects_static.StaticObjectFinder

Bases: Analysis

This analysis tries to find objects on the heap based on calls to new(), and subsequent calls to constructors with

the ‘this’ pointer

__init__()