dynStruct: An automatic reverse engineering tool for structure recovery and memory use analysis

Daniel Mercier, Aziem Chawdhary, Richard Jones
2017 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER)  
Mercier, Daniel (2017) dynStruct: An automatic reverse engineering tool for structure recovery and memory use analysis. Master of Science (MSc) thesis, University of Kent. DOI Link to record in KAR Abstract In computer security, reverse engineering is understanding how a program work. It can be used for multiple purposes, like malware analysis or security audit of a program. Reverse engineering is possible even without the source of the program. In this case, knowing what data structures are
more » ... d by the program is a considerable help. But recovering these structures is difficult and time consuming. Also, at the time of writing, no tool doing this recovery has been publicly released. This paper introduces dynStruct, an open source structure recovery tool. dynStruct recovers structures in two steps. First a data gatherer executes the program and monitors it. The list of all memory accesses made by the program is written to a Json file. Afterwards a script analyzes this Json file to recover the structures. dynStruct also provides a powerful web interface. This interface, in addition to displaying efficiently the structures and raw data from the data gatherer, links the raw data and the recovered structures to allow a quick and powerful exploitation of all this information. The tests shows that dynStruct can analyze complex program like emacs or xterm. The tests also show that the recovered structures are similar to the original ones. This ensures dynStruct can provide quick and useful information to help reverse engineers in their task.
doi:10.1109/saner.2017.7884661 dblp:conf/wcre/MercierCJ17 fatcat:dwwqj2phrfaizfae5h3s76hcom