I just went through a defcon presentation where the mechanics of using a dangling pointer could be used for exploitation. In order to study the issue at a more basic level, I compiled the following code and looked at its disassembly.

class Shape
{
public:
Shape()
{
cout << "Shape constructor called" << endl;
}
// This destructor should be virtual!
~Shape()
{
cout << "~Shape destructor called" << endl;
}
};

class Triangle : public Shape
{
public:
Triangle()
{
cout << "Triangle constructor called" << endl;
}
~Triangle()
{
cout << "Triangle destructor called" << endl;
}

}

int main(int argc, char* argv[])
{
Shape* pShape = new Triangle();
cout << "About to call delete" << endl;
delete pShape;
}

I looked at the disassembly and traced through the execution using a debugger. As of now I can see the functions that are being called and make out that there is a chance of memory leakage; however how does one go about doing the same in the case of stripped executables?

Is there any pattern I should be looking out for? Can the process be automated?