On the x86 Representation of Object Oriented Programming Concepts for Reverse Engineers

Modern samples of malicious code often employ object oriented programming techniques incommon languages like C++. Understanding the application of object oriented programmingconcepts, such as data structures, standard classes, polymorphic classes, and how they arerepresented in x86 assembly, is an essential skill for the reverse engineer to meet today'schallenges. However, the additional flexibility object oriented concepts affords developersresults in increasingly complex and unfamiliar binaries that are more difficult to understand forthe uninitiated. Once proper understanding is applied, however, reversing C++ programsbecomes less nebulous and understanding the flow of execution becomes more simplified. Thispaper presents three custom developed examples that demonstrate common object orientedparadigms seen in malicious code and performs an in-depth analysis of each. The objective is toprovide insight into how C++ may be reverse engineered using the Interactive Disassemblersoftware, more commonly known as IDA.