Visible to the public TC: EAGER: Binary-based Data Structure Revelation for Memory ForensicsConflict Detection Enabled

Project Details

Lead PI

Performance Period

Sep 01, 2010 - Aug 31, 2013


Purdue University

Award Number

Outcomes Report URL

Today's computer users often run programs for which they do not have the source code. In some cases, those programs are viruses or other malware, and it is desirable to understand how they work in order to prevent them from causing further damage or to track down the author. Part of the process of understanding the program (sometimes called "reverse engineering")is to understand how it stores data. This research develops a new technique for revealing the data structures in programs for which only the binary code is available called REWARDS -- Reverse Engeineering Work for Automatic Revelation of Data Structures. The tools developed by the research are evaluated against both benign and malicious programs.