SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsModern samples of malicious code often employ object oriented programming techniques incommon languages like C++. Understanding the application of object oriented programmingconcepts, such as data structures, standard classes, polymorphic classes, and how they arerepresented in x86 assembly, is an essential skill for the reverse engineer to meet today'schallenges. However, the additional flexibility object oriented concepts affords developersresults in increasingly complex and unfamiliar binaries that are more difficult to understand forthe uninitiated. Once proper understanding is applied, however, reversing C++ programsbecomes less nebulous and understanding the flow of execution becomes more simplified. Thispaper presents three custom developed examples that demonstrate common object orientedparadigms seen in malicious code and performs an in-depth analysis of each. The objective is toprovide insight into how C++ may be reverse engineered using the Interactive Disassemblersoftware, more commonly known as IDA.