| In recent years, software reverse engineering are increasingly concerned due to its unique role in the field of software engineering. As is well known, Windows operating system has a huge software group and user group. On the one hand, Windows system security has attracted more and more attention, on the other hand, the fact should be considered that the level of programming is getting farther and farther from the low-level programming and under this circumstance, how to improve a program in efficiency is an important problem that should be resolved timely. In this thesis, C/C++ software reverse engineering for Windows operating system are studied, and the results we obtained are as follows:1. Based on the recovery method we proposed for sytax of C/C++ progamming language, a relatively systemic, universal and practicable analysis model is put forward for Winows operating system. Every aspect and step in this model has been described in both the principle and the practice. Finally, a practical example is given to prove the usability of this model. This model can simplify the routines in Software Reverse Engineering(RE) in some extent, especially for the most time-consuming part in analysis, and thus software reverse engineer may spare some of the time to focus on parts more important and central, that is – design pattern, data structures, algorithms and functions, and in this way to improve working efficiency in RE.2. The syntax of the C programming language is described detailedly and analyzed deeply in this paper, containing common data types, expressions, statements, and function structures, as well as their syntax and realizations; The structure of the prolog and epilog in function is analyzed; A method for recognizing the life cycle of variables is put forward based on the memory usage; A practicable method for detection of the boundary of a function based on stack frame principle is presented, which can help to locate the scope for function in the sea of binary code.3. The syntax elements of C++ programming language different from the C programming language are introduced in this thesis, and a practicable recovery method is put forward; The principle and realization of the new operator and the delete operator are analyzed; The principle of object layout for object in memory is summarized and the recovery for class structure is presented, which can be used to reconstruct the class; The SEH mechanism and C++ exception handling mechanism are analyzed for 32/64 bit case, based on which a method to recover exception in program is put forward.4. Finally, with the help of binary code analysis tools, an example has been given to show how this model works: That is, given a binary executable code, by analyzing file type, finding the entrance, analyzing C/C++ syntax elements, and analyzing algorithm, the final output is the whole design flow, algorithm and documents. In this process, it’s important to decide which part is for tool and which for human. The example proves that our software reverse engineering model is correct and feasible. |
PDF Full Text Request