Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries
Real-time, memory-level interoperability with a closed-source binary may be desired for a number of reasons. In order to read from and write to specific data structures within a target process’ memory, external software must have knowledge of how to access these structures at any given time. Since many objects are allocated randomly on the heap, efficiently locating a given piece of data requires the traversal of data structures via a sequence of pointers and offsets that lead from a predictable address to the data of interest (i.e. in the same manner the target application accesses its own data structures).
This paper discusses a general approach for finding these kinds of pointer sequences and introduces a new tool implementing this approach.
See an overview of the tool, here: https://www.nccgroup.trust/us/our-research/pointer-sequence-reverser-psr/?research=Public+tools