In this video we’ll take a look at several sample programs that use C++ objects, compile them from source and then reverse engineer them with Ghidra. Our goals will be to identify when the objects are created, recognize the size/structure of the memory allocation and how it’s used by the object and explore the use of virtual functions and virtual function tables. Recognizing the use of C++ objects is helpful a variety of reverse engineering activities, to include malware analysis and software exploitation. This will be the first in a series of videos exploring the reverse engineering of object-oriented languages.
Source code can be found on my Github: https://github.com/jstrosch/learning-reverse-engineering/tree/master/C%2B%2B%20Objects
Part 2 of this series can be found: Reversing Basic C++ Objects with Ghidra: Inheritance and Polymorphism (Part 2)