Abstract

Many existing techniques for reversing data structures in C/C ++ binaries are limited to low-level programming constructs, such as individual variables or structs. Unfortunately, without detailed information about a program's pointer structures, forensics and reverse engineering are exceedingly hard. To fill this gap, we propose MemPick, a tool that detects and classifies high-level data structures used in stripped binaries. By analyzing how links between memory objects evolve throughout the program execution, it distinguishes between many commonly used data structures, such as singly- or doubly-linked lists, many types of trees (e.g., AVL, red-black trees, B-trees), and graphs. We evaluate the technique on 10 real world applications, 4 file system implementations and 16 popular libraries. The results show that MemPick can identify the data structures with high accuracy.

Highlights

  • Modern software typically revolves around its data structures

  • We describe MemPick: a set of techniques to detect and classify heap data structures used by a C/C++ binary

  • Still our results show that the overlay based classifier is resilient to unexpected data structure shapes, by correctly classifying all basic overlays contained within

Read more

Summary

Introduction

Modern software typically revolves around its data structures. Knowing the data structures significantly eases the reverse engineering efforts. Not knowing the data structures makes the already difficult task of understanding the program’s code and data even harder. A deep knowledge of the program’s data structures enables new kinds of binary optimization. An optimizer may keep the nodes of a tree on a small number of pages (to reduce page faults and TLB flushes).

Objectives
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
MemPick: High-level data structure detection in C/C++ binaries
Istvan Haller ... Herbert Bos
-
Istvan Haller, et. al.Istvan Haller ... Herbert Bos
01 Oct 2013
MemPick: A tool for data structure detection
Istvan Haller ... Asia Slowinska
-
Istvan Haller, et. al.Istvan Haller ... Asia Slowinska
01 Oct 2013
Red–Black Tree
Elshad Karimov
-
Elshad KarimovElshad Karimov
01 Jan 2020
A symbolic-arithmetic for teaching double-black node removal in red-black trees
Kennedy E Ehimwenma ... Junfeng Wang
Educational Dimension | VOL. 7
Kennedy E Ehimwenma, et. al.Kennedy E Ehimwenma ... Junfeng Wang
11 Dec 2022
View more papers

More From: Empirical Software Engineering

Paper Title
Journal
Date
Author
Can search-based testing with pareto optimization effectively cover failure-revealing test inputs?
Lev Sorokin ... Shiva Nejati
Empirical Software Engineering | VOL. 30
Lev Sorokin, et. al.Lev Sorokin ... Shiva Nejati
16 Nov 2024
Test code refactoring unveiled: where and how does it affect test code quality and effectiveness?
Luana Martins ... Ivan Machado
Empirical Software Engineering | VOL. -
Luana Martins, et. al.Luana Martins ... Ivan Machado
16 Nov 2024
The impact of the COVID-19 pandemic on women’s contribution to public code
Annalí Casanueva ... Théo Zimmermann
Empirical Software Engineering | VOL. 30
Annalí Casanueva, et. al.Annalí Casanueva ... Théo Zimmermann
13 Nov 2024
Prioritizing code review requests to improve review efficiency: a simulation study
Lanxin Yang ... Alberto Bacchelli
Empirical Software Engineering | VOL. 30
Lanxin Yang, et. al.Lanxin Yang ... Alberto Bacchelli
12 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.