OO RE with HexraysCodeXplorer
Offered By: NorthSec via YouTube
Course Description
Overview
Explore object-oriented reverse engineering techniques for analyzing modern malware in this NorthSec 2015 conference talk by Eugene Rodionov and Aleksandr Matrosov. Delve into the challenges of reversing object-oriented code, focusing on virtual methods, virtual function tables, and C++ templates. Learn about code reconstruction problems and examine real-world examples, including the Flamer Framework and XAgent Framework. Discover approaches for reconstructing object attributes and identifying data types such as smart pointers and vectors. Gain insights into the Hex-Rays Decompiler Plugin SDK and witness a demonstration of HexRaysCodexplorer v1.7 [NSEC Edition]. Understand the rationale behind using Python and get a glimpse of future plans for HexRaysCodeXplorer in this comprehensive 46-minute presentation on advanced reverse engineering techniques.
Syllabus
Intro
Modern C++ Malware for Targeted Attacks
Virtual Methods
Virtual Function Tables
C++ Templates
C++ Code Reconstruction Problems
REconstructing Flamer Framework
Data Types Beins Used: Smart pointers
Data Types Being Used: Vectors
Approaching Flamer
REconstructing Object's Attributes
XAgent Framework
Object Interconnection: IAgent Module
XAgent: LocalDataStorage
XAgent: Cryptor
XAgent: IReservedApi
XAgent: Identifying Used Types
Hex-Rays Decompiler Plugin SDK
DEMO time :
HexRaysCodexplorer: v1.7 [NSEC Edition]
Why python?
HexRaysCodeXplorer: Next plans
Thank you for your attention!
Taught by
NorthSec
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy