search menu icon-carat-right cmu-wordmark

Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools

February 2020 Podcast
Jeff Gennari, Cory Cohen

Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's recently released Ghidra software reverse engineering tool suite.

“Pharos is not just a self-contained, reverse-engineering platform. We’re always looking for new ways to bring in formal computer science program-analysis strategies to bear on this problem. So the inclusion of SMT solvers, getting into symbolic-execution type problems, and model checkers really allows us to explore these problems in ways that other entities do not.”

Listen

Watch

Abstract

Object-oriented programs continue to pose many challenges for reverse engineers and malware analysts. C++ classes tend to result in complex arrangements of assembly instructions and sophisticated data structures that are hard to analyze at the machine code level. At the SEI, we have long sought to simplify the process of reverse engineering object-oriented code by creating tools, such as OOAnalyzer, which automatically recover C++-style classes from executables.

 

OOAnalyzer includes utilities to import OOAnalyzer results into other reverse engineering frameworks, such as the IDA Pro Disassembler. In this podcast, Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's  the recently released Ghidra software reverse engineering tool suite.

 

About the Speaker

Jeff Gennari

Jeff Gennari

Jeff Gennari is a Senior Member of the Technical Staff in the CERT program at Carnegie Mellon University’s Software Engineering Institute (SEI). While at the SEI Mr. Gennari ...

Jeff Gennari is a Senior Member of the Technical Staff in the CERT program at Carnegie Mellon University’s Software Engineering Institute (SEI). While at the SEI Mr. Gennari has worked as a malicious code analyst where he analyzed hundreds of malware samples, served as an expert witness in U.S. federal court in the area of malware analysis, and delivered computer security and malware analysis training to information technology professionals in the U.S. government. Prior to that Mr. Gennari worked as a vulnerability analyst at CERT where he researched software vulnerabilities and was an active participant in CERT’s secure coding efforts. Current research interests include automated program analysis and reverse engineering as well as architecture-based self-adaptive systems. Mr. Gennari is a mentor in the Masters of Software Engineering program and instructor for the Analysis of Software Artifacts course. Mr. Gennari has a Masters of Software Engineering from Carnegie Mellon University and a BS and MS in Information Science from the University of Pittsburgh.

Read more