Data flow analysis for `intractable' system software
SIGPLAN '86 Proceedings of the 1986 SIGPLAN symposium on Compiler construction
Interprocedural slicing using dependence graphs
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic execution and program testing
Communications of the ACM
Analysis of Virtual Method Invocation for Binary Translation
WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Using Dynamic Information in the Interprocedural Static Slicing of Binary Executables
Software Quality Control
DIVINE: discovering variables in executables
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
DDE: dynamic data structure excavation
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Reconstruction of Class Hierarchies for Decompilation of C++ Programs
CSMR '10 Proceedings of the 2010 14th European Conference on Software Maintenance and Reengineering
SmartDec: Approaching C++ Decompilation
WCRE '11 Proceedings of the 2011 18th Working Conference on Reverse Engineering
Hi-index | 0.00 |
Object-oriented programming complicates the already difficult task of reverse engineering software, and is being used increasingly by malware authors. Unlike traditional procedural-style code, reverse engineers must understand the complex interactions between object-oriented methods and the shared data structures with which they operate on, a tedious manual process. In this paper, we present a static approach that uses symbolic execution and inter-procedural data flow analysis to discover object instances, data members, and methods of a common class. The key idea behind our work is to track the propagation and usage of a unique object instance reference, called a this pointer. Our goal is to help malware reverse engineers to understand how classes are laid out and to identify their methods. We have implemented our approach in a tool called ObJDIGGER, which produced encouraging results when validated on real-world malware samples.