x86 Representation of Object Oriented Programming Concepts for Reverse Engineers
By Jason Batchelor
Modern samples of malicious code often employ object oriented programming techniques in common languages like C++. Understanding the application of object oriented programming concepts, such as data structures, standard classes, polymorphic classes, and how they are represented in x86 assembly, is an essential skill for the reverse engineer to meet today’s challenges. However, the additional flexibility object oriented concepts affords developers results in increasingly complex and unfamiliar binaries that are more difficult to understand for the uninitiated. Once proper understanding is applied, however, reversing C++ programs becomes less nebulous and understanding the flow of execution becomes more simplified. This paper presents three custom developed examples that demonstrate common object oriented paradigms seen in malicious code and performs an in-depth analysis of each. The objective is to provide insight into how C++ may be reverse engineered using the Interactive Disassembler software, more commonly known as IDA.