When Virtual Hell Freezes Over - Reversing C++ Code
By: Gal Zaban
Scheduled on: February 2 at 11:30
The capabilities that C++ programming provides with the use of polymorphism are also obstacles when reverse engineering these programs.
Dynamic reverse engineering of C++ code is potentially extremely time-consuming and resource-intensive. So, what if we could automate parts of this process and even customize it to the behavior of each individual program?
C++ is known to be a knotty language, templates, lambdas, and smart and unique pointers. All of these features create a jungle of objects intended to make life easier for the programmer. But once the program is compiled, the target program is no longer what it once seemed.
Reversing C++ programs is tedious and demanding, and requires rebuilding inheritance, identifying templates and tainting program flow in order to combat the ties of function overloading and class utilization.
In my presentation I will show how we can use smart and automated tracing to shorten the process in reverse engineering C++ programs.
Rebuilding automatic vtables and virtual function calls are strong capabilities that could be easily achieved with IDAPython, as I’ll explain in my talk, in which I will also show examples for a framework created especially for this purpose.
In my presentation I present “Virtuailor”: a tailor-made framework that helps rebuild the relationships of C++ classes in the program and sew together all of the loose ends.