Version 0.7.1

Lecture: Beyond the hex dump: source-synced data visualization for reverse-engineers

Event Thumbnail

Abstract

Reverse engineering and mapping out the data structures of a complex piece of software is a tedious task. What if you could visualize the data (as it lives in memory) as you define the structures in your source code, without leaving the comfort of your editor?

In this talk, I will both present a novel code-based memory viewer & hex-editor as well as outline the basics of reverse engineering unknown data structures - especially for people who haven’t yet explored this area.

We will be walking through several real-world examples:

  1. Reconstructing C++ structs from a proprietary file format.
  2. Demonstrating the workflow of mapping out a data-structure in real-time
    • .1 Demonstrating how to deal with changes in the data structure, e.g. when the program is updated.

Description

The Primary goal of this talk is to make reverse engineering more accessible to a broader audience - especially for interested people who haven’t yet explored this area. There will be an approachable introduction into analyzing data structures: how to make educated guesses, identify patterns, how to deal with changes, and outline how it plugs into the workflow of rebuilding program code.

The talk will be kept broad enough to be useful for a wide audience, but also deep enough to be interesting for more experienced reverse-engineers. Basic knowledge of C and reverse-engineering is beneficial, but not strictly required.

Existing tools in this space (Like ReClass and ImHex) let you inspect memory and create structures, but they are completely separated from your own source code and require their own workflow. If you want to make use of the memory layout you reverse engineered, you then have to manually re-implement them in your own code, or rely on mostly dissatisfactory automatic code generation. This talk asks the question: Why even have a separate memory layout definition at all, when you could just use your own code?

Info

Day: 3
Start time: 18:00
Duration: 00:45
End time: 18:45
Room: Lecture Room
Track: Software
Language: en

Concurrent Events