When Virtual Hell Freezes Over - Reversing C++ Code

The presentation will show how we can use smart and automated tracing to shorten the process of reverse engineering C++ programs using IDAPython.

The capabilities that C++ programming provides with the use of polymorphism are also obstacles when reverse engineering these programs.

Dynamic reverse engineering of C++ code is potentially extremely time-consuming and resource-intensive. So, what if we could automate parts of this process and even customize it to the behavior of each individual program?

C++ is known to be a knotty language, templates, lambdas, and smart and unique pointers. All of these features create a jungle of objects intended to make life easier for the programmer. But once the program is compiled, the target program is no longer what it once seemed.

Reversing C++ programs is tedious and demanding, and requires rebuilding inheritance, identifying templates and tainting program flow in order to combat the ties of function overloading and class utilization.

In my presentation I will show how we can use smart and automated tracing to shorten the process of reverse engineering C++ programs. Rebuilding automatic vtables and virtual function calls are strong capabilities that could be easily achieved with IDAPython, as I’ll explain in my talk, in which I will also show examples for a framework created especially for this purpose.

In my presentation I present “Virtuailor”: a tailor-made framework to help rebuild the relationships of C++ classes in the program and sew together all of the loose ends.

About the Speaker