Most current techniques for data structure reverse engineering are limited to low-level programing constructs, such as individual variables or structs. In practice, pointer networks connect some of these constructs, to form higher level entities like lists and trees. The lack of information about the pointer network limits our ability to efficiently perform forensics and reverse engineering. To fill this gap, we propose MemPick, a tool that detects and classifies high-level data structures used in stripped C/C++ binaries. By analyzing the evolution of the heap during program execution, it identifies and classifies the most commonly used data structures, such as singly-or doubly-linked lists, many types of trees (e.g., AVL, red-black trees, B-trees), and graphs. We evaluated MemPick on a wide variety of popular libraries and real world applications with great success.
|Title of host publication||Proceedings - 20th Working Conference on Reverse Engineering, WCRE 2013|
|Number of pages||2|
|Publication status||Published - 1 Dec 2013|
|Event||20th Working Conference on Reverse Engineering, WCRE 2013 - Koblenz, Germany|
Duration: 14 Oct 2013 → 17 Oct 2013
|Conference||20th Working Conference on Reverse Engineering, WCRE 2013|
|Period||14/10/13 → 17/10/13|