Automation Techniques in C++ Reverse Engineering

The presentation discusses automated dynamic analysis techniques based on DLL injection for type analysis while reverse engineering C++ code. The focus is on discovering the locations where structures are used within a C++ program throughout execution, as well as determining the types of function arguments. The data collected can also provide insight on inheritance and composition relationships, as well as subtype inference.

• Automated dynamic analysis techniques based on DLL injection for type analysis while reverse engineering C++ code
• Discovering the locations where structures are used within a C++ program throughout execution
• Determining the types of function arguments
• Insight on inheritance and composition relationships, as well as subtype inference

The speaker was spending 85 to 95 percent of their time creating type information while reverse engineering C++ code. They decided to try to automate these techniques and found that they were applying more type information to their database in a matter of days than they had in six weeks of manual reverse engineering. The techniques helped them to recover about 200 structures and set about the types for about 6,000 variables in a semi-automated fashion.

This presentation will discuss several generic, automated dynamic analysis techniques based on DLL injection for type analysis while reverse engineering C++ code. We focus on discovering the locations where structures are used within a C++ program throughout execution, as well as determining the types of function arguments. The data that we collect can also provide insight on inheritance and composition relationships, as well as subtype inference. Source code will be made available, including the injected DLLs and data visualization plugins for IDA and Hex-Rays.