The local globals:
A method in C++ can change a variable that belongs to the object. As it is not a parameter, and not a local variable, then it is kind of global.
But it doesn't have a set location in memory, just an offset from 'this'. so you can't track it unlike a true global.
Calculated calls:
Every virtual call is calculated call. so it is difficult to know in static analysis where this calls goes to.
Virtual call table:
The VTable is saved to the executable as just a list of function pointers.
Listing xref to this list, it will point to the object constructor. And from it all the location that this object was constructed. (but not sub classes, as they have their own VTable)
Highly coupled:
Well, making a change in an object that is inside an inheritance tree is challenging.
Making a change to a method that is shared to other classes is most likely not a good idea.
You can change the class VTable itself, redirecting calls. but unless you want redirect it to null_sub, there is not much that you can do.
I need to think of a way to find which functions are used exclusively by the attacked class.
