Lightweight runtime reverse engineering of binary file format variants

Author

van den Bos, Jeroen

Author_Institution

Netherlands Forensic Inst. (NFI), The Hague, Netherlands

fYear

2014

fDate

3-6 Feb. 2014

Firstpage

367

Lastpage

370

Abstract

Binary file formats are regularly extended and modified, often unintentionally in the form of bugs in the implementations of applications and libraries that create files. Applications that need to read data from binary files created by other applications face the complicated task of supporting the resulting many variants. Lightweight implementation patterns to perform runtime reverse engineering can be used to handle common extensions, modifications and bugs. This increases application usability by generating fewer errors as well as provides useful automated feedback to maintainers. This paper describes a set of patterns that are the result of experience in developing and maintaining a collection of automated digital forensics tools. The patterns are illustrated through practical examples and can be directly applied by practitioners.

Keywords

digital forensics; reverse engineering; applications; automated digital forensics tools; binary file format variants; bugs; extensions; libraries; lightweight runtime reverse engineering; modifications; Data structures; Encoding; Libraries; Maintenance engineering; Reverse engineering; Security; Transform coding;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), 2014 Software Evolution Week - IEEE Conference on

Conference_Location

Antwerp

Type

conf

DOI

10.1109/CSMR-WCRE.2014.6747196

Filename

6747196