利用异常机制的C++类型恢复方法

Type Recovery Based on Exception Handling in C++ Code

二进制代码的逆向工程是一个底层的技术,被应用于计算机安全、系统验证、加密解密等相关领域。在逆向工程中,C++的反编译技术是一个难点,尤其是其类型信息的恢复。该文提出了一种利用异常处理机制的类型恢复方法,该方法可以用来分析出每个函数的所有局部类变量,还能分析出这个类的构造函数和析构函数的地址。该方法在特定的环境下可以准确高效地解决C++反编译中的一个难点。

Reverse engineering of binary programs is a fundamental task for specialists in the fields of computer security, system verification, cryptography, and other related fields. The decompilation of C＋＋ is a very difficult problem in reverse engineering, especially the type recovering. This paper presents a technique to recover data type based on C＋＋ exception handling. It can find out all the local objects in a function and analyze the addresses of the object＇s constructor and destructor. In specific environment, this approach is a good solution of recovering data type information in C＋＋ decompilation.