Title :
MemPick: A tool for data structure detection
Author :
Haller, Istvan ; Slowinska, Asia ; Bos, Herbert
Author_Institution :
Vrije Univ. Amsterdam, Amsterdam, Netherlands
Abstract :
Most current techniques for data structure reverse engineering are limited to low-level programming constructs, such as individual variables or structs. In practice, pointer networks connect some of these constructs, to form higher level entities like lists and trees. The lack of information about the pointer network limits our ability to efficiently perform forensics and reverse engineering. To fill this gap, we propose MemPick, a tool that detects and classifies high-level data structures used in stripped C/C++ binaries. By analyzing the evolution of the heap during program execution, it identifies and classifies the most commonly used data structures, such as singly-or doubly-linked lists, many types of trees (e.g., AVL, red-black trees, B-trees), and graphs. We evaluated MemPick on a wide variety of popular libraries and real world applications with great success.
Keywords :
C++ language; data structures; pattern classification; reverse engineering; MemPick; data structure detection; data structure reverse engineering; high-level data structure classification; libraries; low-level programming constructs; pointer networks; stripped C-C++ binaries; Accuracy; Data structures; Libraries; Optimization; Reverse engineering; Semantics; Shape;
Conference_Titel :
Reverse Engineering (WCRE), 2013 20th Working Conference on
Conference_Location :
Koblenz
DOI :
10.1109/WCRE.2013.6671327
