Loading Events

« All Events

C++ Agriculture::RE – Reverse Engineering C++ Programs (x86)

June 23, 2019 @ 9:00 am 5:00 pm

Abstract

This workshop is an advanced workshop for Reverse Engineers who want to expand their horizons and skills on Reversing C++ Programs.
C++ Binaries are full of mysteries, they have objects, inheritance, templates, vtables and many more.
The workshop will try to make reverse engineering of C++ programs easier by explaining advanced C++ topics.
We will start with how to identify C++ Objects and Inheritance in a binary and how to represent them in IDA, next we will study work methods and design patterns in C++.
Finally, we will practice, fight and untangle deep and modern C++ programs and finish off with a complete exercise of static and dynamic reversing.

Training Outline/Syllabus

  • Part 0: Introduction to Reversing C++
    • C++ Reverse Engineering Intro.
    • Objects + Objects Creation.
    • Inheritance.
    • Multiple Inheritance.
    • Virtual tables and virtual calls.
    • Templates.
    • Important Design Patterns.
    • IDA Pro- concepts and working methods for reverse engineering C++.
    • Representation of C++ objects in IDA.
    • Tips for creating setup and environment for C++ binaries.
    • Existing tools for C++.
  • Part 1: Mapping Relevant C++ Code
    • Exercise 1 – Static RE:
    • Mapping the Game’s building blocks.
      • Reverse engineering the Game’s logic.
      • Solutions.
  • Part 2: Identifying C++ Concepts in Assembly Code.
    • Exercise 2 – Dynamic RE:
      • Understanding virtual calls.
      • Understanding relationship between objects.
      • Inheritance, multiple inheritance, etc.
      • Deep understanding of the Binary’s Logic
      • Optional, bonus: Patch the Binary.
    • Conclusions and wrap-up.
    • Suggestions for future task and resources to keep learning and improving C++ RE skills.

Intended Audience

Experience in static and dynamic reverse engineering (preferably x86).
Understanding of C++ code.

Pre-requisites

Laptop with IDA Pro installed (Including x86 Debugger) on Windows OS.

Trainer Bio

Gal Zaban is a Reverse Engineer with a particular interest in C++ code, currently working as a Vulnerability Researcher. As part of her journey in understanding the catacombs of C++ she developed various RE tools for C++ including Virtuailor.
In her spare time when she’s not dwelling into low-level research, she designs and sews her own clothes and plays the Clarinet.
Twitter: @0xgalz
Github: https://github.com/0xgalz/

Details

Date:
June 23
Time:
9:00 am – 5:00 pm
Cost:
$850
Website:
https://tickets.bsidestlv.com/bsidestlv/bsidestlv/1/

Organizer

Gal Zaban

Naftali Building – Faculty of Social Sciences

Tel Aviv University
Tel Aviv, Israel
+ Google Map

Training Terms & Conditions

  • Training requires a minimum of 10 participants and no more than 25 per classroom.
  • Training session confirmation will be sent June 1st 2019.
  • Cancellation and refunds will not be available once session has been confirmed.
  • Questions? [email protected]
  • Full terms can be found at https://bsidestlv.com/trainingterms/