Diffing C source codes to binaries

Often, when doing reverse engineering projects, one needs to import symbols from Open Source or «leaked» code bases into IDA databases. What everybody does is to compile to binary, diff and import the matches. However, it is often problematic due to compiler optimizations, flags used, etc… It can be even impossible because old source codes do not compile with newer compilers or, simply, because there is no full source, just partial source code. During the talk, I will discuss algorithms for importing symbols *directly* from C source codes into IDA databases and release a tool (that will run, most likely, on top of Diaphora) for doing so.

Joxean Koret

Activision

Joxean Koret has been working for the past +15 years in many different computing areas. He started working as database software developer and DBA for a number of different RDBMS. Afterwards he got interested in reverse engineering and applied this knowledge to the DBs he was working with, for which he has discovered dozens of vulnerabilities in products from the major database vendors, specially in Oracle software. He also worked in other security areas like malware analysis and anti-malware software development for an Antivirus company or developing IDA Pro at Hex-Rays. He is also a co-author of The «Antivirus Hackers Handbook» and maintains various open source projects like Diaphora. He is currently a security engineer in Activision.

Social sharing

Like!