MemPick: A tool for data structure detection

Istvan Haller, Asia Slowinska, Herbert Bos

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Most current techniques for data structure reverse engineering are limited to low-level programing constructs, such as individual variables or structs. In practice, pointer networks connect some of these constructs, to form higher level entities like lists and trees. The lack of information about the pointer network limits our ability to efficiently perform forensics and reverse engineering. To fill this gap, we propose MemPick, a tool that detects and classifies high-level data structures used in stripped C/C++ binaries. By analyzing the evolution of the heap during program execution, it identifies and classifies the most commonly used data structures, such as singly-or doubly-linked lists, many types of trees (e.g., AVL, red-black trees, B-trees), and graphs. We evaluated MemPick on a wide variety of popular libraries and real world applications with great success.

Original languageEnglish
Title of host publicationProceedings - 20th Working Conference on Reverse Engineering, WCRE 2013
Pages479-480
Number of pages2
DOIs
Publication statusPublished - 1 Dec 2013
Event20th Working Conference on Reverse Engineering, WCRE 2013 - Koblenz, Germany
Duration: 14 Oct 201317 Oct 2013

Conference

Conference20th Working Conference on Reverse Engineering, WCRE 2013
CountryGermany
CityKoblenz
Period14/10/1317/10/13

Fingerprint

Dive into the research topics of 'MemPick: A tool for data structure detection'. Together they form a unique fingerprint.

Cite this