Behind Enemy Lines - Reverse Engineering C++ in Modern Ages - Gal Zaban - CppCon 2019

preview_player
Показать описание



What do C++ programs really look like? When developers think about hierarchy and virtual calls they see it as design patterns and code but reverse engineers look at it from a different angle, they think about Assembly puzzles.

C++ is known as a tangled language, templates, lambdas and pointers. All of these features create a jungle of objects intended to make life easier for the programmer. But once the program is compiled, the target program is no longer what it once seemed.

Reversing C++ programs is tedious, demanding, and requires rebuilding inheritance, identifying templates and tainting program flow in order to combat the ties of function overloading and class utilization.

C++ Binaries are a world of mysteries. In my presentation I am going to show how C++ binaries looks like after compilation and how reverse engineers see C++ binaries and understand their logic.


Gal Zaban
Gal Zaban is a Reverse Engineer with a particular interest in C++ code, currently working as a Vulnerability Researcher. As part of her journey in understanding the catacombs of C++, she developed various RE tools for C++ including Virtuailor.
In her spare time when she's not dwelling into low-level research, she designs and sews her own clothes and plays the Clarinet.
Twitter: @0xgalz


*-----*
*-----*
  1. CppCon
  2. Gal Zaban
  3. CppCon 2019
  4. Computer Science (Field)
  5. C
Рекомендации по теме
Commandos: Behind Enemy 0:01:48

Commandos: Behind Enemy Lines 📝 Briefing ⚡ Mission 3: Reverse Engineering

Commandos: Behind Enemy 0:34:55

Commandos: Behind Enemy Lines. Mission 3 'Reverse Engineering' [HD 1080p 30fps]

Commandos: Behind Enemy 0:10:45

Commandos: Behind Enemy Lines - Mission 3: Reverse Engineering - Maximum Merit (Score)

Commandos: Behind Enemy 0:03:23

Commandos: Behind Enemy Lines 👟 SPEEDRUN 👟 Mission 3: Reverse Engineering ⚡ (3m12.400s) 🏆 [WR]...

Commandos 2 Plus 0:03:16

Commandos 2 Plus Behind Enemy Lines Reverse Engineering speedrun @03:28 (very hard/any%)

Commandos: Behind Enemy 0:16:45

Commandos: Behind Enemy Lines - Mission 3: Reverse Engineering

Commandos: Behind Enemy 0:40:05

Commandos: Behind Enemy Lines végigjátszás | 3. pálya | Reverse Engineering

Commandos Behind Enemy 0:23:23

Commandos Behind Enemy Lines - Reverse Engineering

Commandos: Behind Enemy 0:44:25

Commandos: Behind Enemy Lines. Mission 3 - Reverse Engineering

Behind Enemy Lines 0:36:47

Behind Enemy Lines - Reverse Engineering C++ in Modern Ages - Gal Zaban - CppCon 2019

Commandos: Behind Enemy 0:53:02

Commandos: Behind Enemy Lines - Mission #3: Reverse Engineering / Backward Throttling

Commandos: Behind Enemy 0:02:20

Commandos: Behind Enemy Lines -- Mission 3: Reverse Engineering

Commandos Behind Enemy 0:26:25

Commandos Behind Enemy Lines HD Mission 3 Reverse Engineering

Commandos Behind Enemy 0:13:19

Commandos Behind Enemy Lines Mission 3 Reverse Engineering

Commandos: Behind Enemy 0:00:32

Commandos: Behind Enemy Lines Speedrun #1

Commandos: Behind Enemy 0:23:45

Commandos: Behind Enemy Lines Mission 3 - Reverse Engineering

Commandos 1: Behind 0:17:06

Commandos 1: Behind Enemy Lines - Mission 3: Reverse Engineering walkthrough

Core C++ 2019 0:43:16

Core C++ 2019 Gal Zaban Behind Enemy Lines Reverse Engineering C++ in Modern Ages

✪ Commandos Behind 0:20:17

✪ Commandos Behind Enemy Lines - [Reverse Engineering] ✪

Commandos (Behind enemy 0:24:50

Commandos (Behind enemy lines) a pc classic (mission 3) Reverse engineering

MISSION 3 REVERSE 0:22:33

MISSION 3 REVERSE ENGINEERING / BACKWARD THROTTLING Commandos: Behind Enemy Lines SILENT STRATEGY

Commandos: Behind Enemy 0:40:09

Commandos: Behind Enemy Lines - Mission 03: Reverse Engineering

Commandos 1- Behind 0:15:01

Commandos 1- Behind Enemy Lines - Mission 3 : Reverse Engineering -- Destroy dam

Commandos: Behind Enemy 0:00:48

Commandos: Behind Enemy Lines 👟 SPEEDRUN 👟 Mission 1: Baptism of Fire 🛢️ (0m37.933s) 🏆 [WR]...

Комментарии
Автор

6:00 This is not a __fastcall calling convention. Fastcall is applicable only to 32 bit systems and only two values are passed through the registers ecx and edx there. What's on the slide is a 64 bit System V calling convention used in Unix world (Linux, etc): rdi, rsi, rdx, rcx, r8, r9. On a 64 bit Windows just initial 4 values are passed through the registers rcx, rdx, r8, r9, everything else will be on the stack.

bobbyaremyshoes
Автор

Hey Gal, us C++ fans are supporting you from Israel

ronensuperexplainer
Автор

The code in the slides was compiled with debug symbols, but what was the optimization level? I assume the reversing is enormously more difficult in release mode.

araeos
Автор

31:00 This code won't work regardless of small string optimization. The only case I can think of where this might work is if the compiler inlines f() and the temporary std::string created by the + operator is small and therefore allocated on stack. In that case the compiler _might_ let it live until the end of main() as an optimization. But in all other cases it will be either free'd before the call to f_create_print_scoreboard() resulting in a segfault or the stack will be overwritten just like she showed.

reinterpret_cast
Автор

am i the only skid right here watching this to learn how to reverse a game and make cheats ? 🤡

tivengofuori