Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools (Podcast Series)
Abstract
Cory Cohen: Hello, my name is Cory Cohen. I am a researcher at the Software Engineering Institute, working on binary program analysis. I am here today with my colleague Jeff Gennari to talk about some of our work in the Pharos Binary Static Analysis Project. So, Jeff, in the years that we have worked together, I have done vulnerability analysis, program analysis, incident response, some malware analysis. Tell the audience a little bit about what kinds of work you have done here. Jeff Gennari: I am a senior researcher also in the program-analysis/binary-analysis space. I too did vulnerability work before that, malware analysis, reverse engineering. I teach a few classes at CMU [Carnegie Mellon University] in software reverse engineering and software verification, and I am a developer in Pharos. Cory: We are here today primarily to talk about our recent updates to Pharos on the Pharos website, in particular our updates to the object analyzer [OO Analyzer] program. But I wanted to start by asking a little bit about, why is object-oriented reverse engineering a serious challenge problem for the Department of Defense? Jeff: Object-oriented [OO] code includes many high-level abstractions that are difficult to reverse engineer. The binary representations of objects include a lot of state that is not captured well by existing tools. The Pharos work, and the object analyzer in particular, has been focused on recovering those abstractions and applying them in a format that reverse engineers can easily reason about, so they can apply those to their tools.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2021
- Accession Number
- AD1146938
Entities
People
- Jeff Gennari
Organizations
- Carnegie Mellon University