MemPick: High-level data structure detection in C/C++ binaries
نویسندگان
چکیده
Many existing techniques for reversing data structures in C/C++ binaries are limited to low-level programming constructs, such as individual variables or structs. Unfortunately, without detailed information about a program’s pointer structures, forensics and reverse engineering are exceedingly hard. To fill this gap, we propose MemPick, a tool that detects and classifies high-level data structures used in stripped binaries. By analyzing how links between memory objects evolve throughout the program execution, it distinguishes between many commonly used data structures, such as singlyor doubly-linked lists, many types of trees (e.g., AVL, red-black trees, B-trees), and graphs. We evaluate the technique on 10 real world applications and 16 popular libraries. The results show that MemPick can identify the data structures with high accuracy.
منابع مشابه
Outlier Detection Using Extreme Learning Machines Based on Quantum Fuzzy C-Means
One of the most important concerns of a data miner is always to have accurate and error-free data. Data that does not contain human errors and whose records are full and contain correct data. In this paper, a new learning model based on an extreme learning machine neural network is proposed for outlier detection. The function of neural networks depends on various parameters such as the structur...
متن کاملDSIbin: identifying dynamic data structures in C/C++ binaries
Reverse engineering binary code is notoriously difficult and, especially, understanding a binary’s dynamic data structures. Existing data structure analyzers are limited wrt. program comprehension: they do not detect complex structures such as skip lists, or lists running through nodes of different types such as in the Linux kernel’s cyclic doubly-linked list. They also do not reveal complex pa...
متن کاملDyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملForty Years of X-Ray Binaries
In 2012 it was forty years ago that the discovery of the first X-ray binary Centaurus X-3 became known. That same year it was discovered that apart from the High-Mass X-ray Binaries (HMXBs) there are also Low-Mass X-ray Binaries (LMXBs), and that Cygnus X-1 is most probably a black hole. By 1975 also the new class of Be/X-ray binaries was discovered. After this it took 28 years before ESAs INTE...
متن کاملDetermination of Vitamin C in Small Volumes of Blood by HPLC/EC
A sensitive procedure for determining total vitamin C (ascorbic acid + dehydrate ascorbic Acid) in a blood drop from a finger prick, before and after the adminis- tration of a vitamin C tablet is described. Analysis was carried out by high per- formance liquid chromatography with electrochemical detection (HPLC/EC). Measurements were taken one hour, two hours and six hours after the adm...
متن کامل