Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools

February 6, 2020 • Podcast

By

Jeff Gennari and Cory Cohen

Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's recently released Ghidra software reverse engineering tool suite.

Publisher

Software Engineering Institute

Subjects

Listen

Watch

Abstract

Object-oriented programs continue to pose many challenges for reverse engineers and malware analysts. C++ classes tend to result in complex arrangements of assembly instructions and sophisticated data structures that are hard to analyze at the machine code level. At the SEI, we have long sought to simplify the process of reverse engineering object-oriented code by creating tools, such as OOAnalyzer, which automatically recover C++-style classes from executables.

OOAnalyzer includes utilities to import OOAnalyzer results into other reverse engineering frameworks, such as the IDA Pro Disassembler. In this podcast, Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's the recently released Ghidra software reverse engineering tool suite.

About the Speaker

Jeff Gennari

Jeff Gennari is a Senior Member of the Technical Staff in the CERT program at Carnegie Mellon University’s Software Engineering Institute (SEI). While at the SEI Mr. Gennari has worked as a malicious code analyst where he analyzed hundreds of malware samples, served as an expert witness in U.S. federal …

Software Engineering Institute