Howard: A Dynamic Excavator for Reverse Engineering Data Structures

Download Now Free registration required

Executive Summary

Even the most advanced reverse engineering techniques and products are weak in recovering data structures in stripped binaries - binaries without symbol tables. Unfortunately, forensics and reverse engineering without data structures is exceedingly hard. The authors present a new solution, known as Howard, to extract data structures from C binaries without any need for symbol tables. Their results are significantly more accurate than those of previous methods - sufficiently so to allow us to generate their own (partial) symbol tables without access to source code. Thus, debugging such binaries becomes feasible and reverse engineering becomes simpler.

  • Format: PDF
  • Size: 561.04 KB