search menu icon-carat-right cmu-wordmark

Poster - Improvements to Object Oriented Construct Recovery Using OOAnalyzer

November 2020 Poster
Cory Cohen, Edward J. Schwartz

This poster describes OOAnalyzer, which is now 50x faster and can analyze large programs.

Publisher:

Software Engineering Institute

Abstract

Object-oriented programs pose many challenges for reverse engineers and malware analysts. C++ classes are complex and hard to analyze at the machine code level. We’ve long sought to simplify the process of reverse engineering object-oriented code by creating tools such as OOAnalyzer, which automatically recovers C++-style classes from executables. OOAnalyzer can export its results to other reverse engineering frameworks, and we’ve enhanced our Pharos Binary Analysis Framework to import OOAnalyzer analysis into the recently released Ghidra, software reverse engineering (SRE) tool suite. Ghidra provides the analyst many useful reverse engineering services, including disassembly, function partitioning, decompilation, and various other types of program analyses.