Description
In recent years, binary analysis of object oriented structures in compiled
C++ programs gained interest. C++ got more popular for the back end of
software projects and the language itself advanced. Binary analysis can
be useful to extract information from proprietary systems and is also very
important for malware analysis. Furthermore, it is be useful for debugging
and to harden control flow integrity in programs. In C++, the results of an
optimized program have to be the same as required by the source code, but
the behavior in between can be different. Several bugs can arise with the
compilation, be it because of optimization exploiting undefined behavior or
actual bugs in the program or even the compiler. These are several reasons
to look into the actual behavior and structure of a programs binary.
This thesis specifically targets approaches for the recovery of object ori-
ented structures from x64 compiled C++ binaries. It includes a detailed
description and explanation of destructors, constructors, and especially
virtual tables constructed by modern GNU C++ compilers. With respect to
real world binaries, the thesis also discusses the feasibility of
analysis ap-
proaches in the presence of compiler optimization. Furthermore, we looked
into several tools which target the reconstruction of class
relationships. The
approaches of the different tools are summarized, explained and discussed.
We also tried to test the tools LEGO, ROCK, MARX, OOAnalyzer, and
DeClassifier but were unable to generate any results for the various
reasons.
The tools were either unavailable, not feasible or gave us no or empty
results. Because of this negative evaluation, this thesis also aims to
give a
peak into basics, ideas, and arising problems in the binary analysis of C++
object oriented structures for people who want to engage in this field.
|
