Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

OO RE with HexraysCodeXplorer

NorthSec via YouTube

Overview

Explore object-oriented reverse engineering techniques for analyzing modern malware in this NorthSec 2015 conference talk by Eugene Rodionov and Aleksandr Matrosov. Delve into the challenges of reversing object-oriented code, focusing on virtual methods, virtual function tables, and C++ templates. Learn about code reconstruction problems and examine real-world examples, including the Flamer Framework and XAgent Framework. Discover approaches for reconstructing object attributes and identifying data types such as smart pointers and vectors. Gain insights into the Hex-Rays Decompiler Plugin SDK and witness a demonstration of HexRaysCodexplorer v1.7 [NSEC Edition]. Understand the rationale behind using Python and get a glimpse of future plans for HexRaysCodeXplorer in this comprehensive 46-minute presentation on advanced reverse engineering techniques.

Syllabus

Intro
Modern C++ Malware for Targeted Attacks
Virtual Methods
Virtual Function Tables
C++ Templates
C++ Code Reconstruction Problems
REconstructing Flamer Framework
Data Types Beins Used: Smart pointers
Data Types Being Used: Vectors
Approaching Flamer
REconstructing Object's Attributes
XAgent Framework
Object Interconnection: IAgent Module
XAgent: LocalDataStorage
XAgent: Cryptor
XAgent: IReservedApi
XAgent: Identifying Used Types
Hex-Rays Decompiler Plugin SDK
DEMO time :
HexRaysCodexplorer: v1.7 [NSEC Edition]
Why python?
HexRaysCodeXplorer: Next plans
Thank you for your attention!

Taught by

NorthSec

Reviews

Start your review of OO RE with HexraysCodeXplorer

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.