Howard: A Dynamic Excavator for Reverse Engineering Data Structures
Even the most advanced reverse engineering techniques and products are weak in recovering data structures in stripped binaries - binaries without symbol tables. Unfortunately, forensics and reverse engineering without data structures is exceedingly hard. The authors present a new solution, known as Howard, to extract data structures from C binaries without any need for symbol tables. Their results are significantly more accurate than those of previous methods - sufficiently so to allow us to generate their own (partial) symbol tables without access to source code. Thus, debugging such binaries becomes feasible and reverse engineering becomes simpler.