Bridging the Gap Between Static and Dynamic Reversing

Presented at DEF CON 14 (2006), Aug. 5, 2006, 1 p.m. (50 minutes)

Reverse engineering continues to evolve, or rather REvolve. The reverse engineering toolset primarily consists of disconnected disassemblers and debuggers.  Without symbol information or data acquired from disassembly, the use of a debugger can be blind and tedious. Reverse engineering has fueled the need to enable these tools to work together. When disassemblers and debuggers are used in conjunction, the resulting union is greater than sum of the disparate parts.  To bridge the gap between disassemblers and debuggers, I will be releasing two IDA Pro plugins. pdbgen-Generates custom pdb files from the IDA Pro database. The pdb file can then be loaded into a debugger, transferring symbolic information. Redress-Reinserts debug information from the IDA Pro database into stripped ELF executables. The inserted debug information will be available in GDB. During this talk, I will review the other tools and plugins that perform similar bridging functions. I will then present a live demonstration of pdbgen and REdress, streamlining the reversing process.  ¡Viva la REvolución!

Presenters:

  • Luis Miras - Vulnerability Researcher
    Luis Miras is the head vulnerability researcher at Intrusion Inc. He has done work for HBGary LLC. and Network Associates. He released the first public polymorphic shellcode at Defcon 8 and has also spoken at Toorcon 7 as well as the CCC Congress (17c3) in Berlin. In the past he has worked in digital design, and embedded programming.

Links:

Similar Presentations: