Today's computer users often run programs for which they do not have the source code. In some cases, those programs are viruses or other malware, and it is desirable to understand how they work in order to prevent them from causing further damage or to track down the author. Part of the process of understanding the program (sometimes called "reverse engineering")is to understand how it stores data. This research develops a new technique for revealing the data structures in programs for which only the binary code is available called REWARDS -- Reverse Engeineering Work for Automatic Revelation of Data Structures. The tools developed by the research are evaluated against both benign and malicious programs.
TC: EAGER: Binary-based Data Structure Revelation for Memory Forensics