Automation Techniques in C++ Reverse Engineering

Presented at Black Hat USA 2019, Aug. 8, 2019, 2:30 p.m. (50 minutes).

<p class="p1"><span class="s1">This presentation will discuss several generic, automated dynamic analysis techniques based on DLL injection for type analysis while reverse engineering C++ code. We focus on discovering the locations where structures are used within a C++ program throughout execution, as well as determining the types of function arguments. The data that we collect can also provide insight on inheritance and composition relationships, as well as subtype inference. Source code will be made available, including the injected DLLs and data visualization plugins for IDA and Hex-Rays. </span></p>

Presenters:

  • Rolf Rolles - Founder, Möbius Strip Reverse Engineering
    Rolf Rolles is the founder of Mobius Strip Reverse Engineering, which provides training classes about reverse engineering and automated binary program analysis. He has 22 years of experience in reverse engineering, and has worked in malware analysis, IDS, vulnerability analysis, exploit development, reverse engineering tool development, copy protections, and education. His research interests lie in reverse engineering automation, particularly of the mathematical variety, and often involves machine code deobfuscation. He is the creator and moderator of the reverse engineering reddit, and has published over 50 blog entries, journal articles, conference presentations, and book contributions in the area of reverse engineering.

Links:

Similar Presentations: