Explore object-oriented reverse engineering techniques for analyzing modern malware in this NorthSec 2015 conference talk by Eugene Rodionov and Aleksandr Matrosov. Delve into the challenges of reversing object-oriented code, focusing on virtual methods, virtual function tables, and C++ templates. Learn about code reconstruction problems and examine real-world examples, including the Flamer Framework and XAgent Framework. Discover approaches for reconstructing object attributes and identifying data types such as smart pointers and vectors. Gain insights into the Hex-Rays Decompiler Plugin SDK and witness a demonstration of HexRaysCodexplorer v1.7 [NSEC Edition]. Understand the rationale behind using Python and get a glimpse of future plans for HexRaysCodeXplorer in this comprehensive 46-minute presentation on advanced reverse engineering techniques.
Overview
Syllabus
Intro
Modern C++ Malware for Targeted Attacks
Virtual Methods
Virtual Function Tables
C++ Templates
C++ Code Reconstruction Problems
REconstructing Flamer Framework
Data Types Beins Used: Smart pointers
Data Types Being Used: Vectors
Approaching Flamer
REconstructing Object's Attributes
XAgent Framework
Object Interconnection: IAgent Module
XAgent: LocalDataStorage
XAgent: Cryptor
XAgent: IReservedApi
XAgent: Identifying Used Types
Hex-Rays Decompiler Plugin SDK
DEMO time :
HexRaysCodexplorer: v1.7 [NSEC Edition]
Why python?
HexRaysCodeXplorer: Next plans
Thank you for your attention!
Taught by
NorthSec
