The BlackPage

June 15, 2007

The BlackPage highlights breaking security research submitted by leading corporate professionals, government experts, and members of the underground hacking community.

On The BlackPage: C++
by Dominique Brezinski

A lot of work has been done in the areas of reverse-engineering, exploitation and code review of applications written in C. However, a majority of application development is done in C++ and has been for many years. Over the past five years a few researchers have looked at C++ specific issues, like Halvar Flake, but there has not been a lot of focus on security-related aspects of C++ in the public arena.

This year is different. Several presentations bring C++ issues and techniques to the foreground: "Breaking C++ Applications" by Mark Dowd, John McDonald and Neel Mehta and "Reversing C++" by Paul Vincent Sabanal. I like it when an unintentional plan comes together.

upcoming events

USA Briefings & Training 2007
July 28-August 2
Las Vegas

Japan Briefings & Training 2007
October 23-26
Tokyo

DC Briefings & Training 2008
February
Washington DC Area

Europe Briefings & Training 2008
March 25-28
Amsterdam

USA Briefings & Training 2008
August 2-7
Las Vegas

the BlackPage Archives
See past BlackPage articles.

Breaking C++ Applications

by Mark Dowd, John McDonald & Neel Mehta

Have you ever noticed that nearly all discussions regarding finding vulnerabilities or secure programming for C/C++ focus almost exclusively on C? The reasoning for this is most likely that the authors want to capture behavior that affects both of the languages, thus providing knowledge applicable to more developers/auditors and can be applied to more projects. This has resulted in an in-depth knowledge base of C-based issues that most security professionals know and an ever-increasing number of developers are aware of. But what about those issues specific to C++? Many applications are built largely in C++, and as such there is a need to understand the security implications of the extra language features. Despite this necessity, C++-specific issues have been largely ignored in public security forums up to this point, leaving the potential for applications to contain vulnerabilities that are different in nature to those issues that are commonly referred to as C++ issues (dangerous string APIs, integer related vulnerabilities, etc).

Our presentation will examine the security impact of many C++-specific language constructs, and delve into specific examples of vulnerabilities that can result form them. We will present exampes to help demonstrate the validity of the problems we are discussing. These will include both vulnerabilities from real applications and concocted examples, with the goal of highlighting the security impact of C++-specific language constructs.

Reversing C++

by Paul Vincent Sabanal

We have been doing reverse engineering work professionally for several years now, and during the course of our career, we've seen an increasing number of malware using C++ year after year.

Now, we were also guilty of this, but reversers tend to analyze C++ code in the assembly level without understanding OOP concepts, doing it instead the way they analyze straight forward C code. We soon realized that obviously,

this is not an efficient approach. Thanks to the work of Halvar and the guys at openrce.org, some light has been shed into the subject of C++ reversing. This talk is our contribution to this subject.

In this talk, we will try to explain the steps in reversing a C++ binary, starting from the high level abstraction point view, down to the low level implementation details. We will then present ways to automate these steps, and we will also demonstrate the tools we developed.


the BlackPage archives
Black Hat Logo
(c) 1996-2007 Black Hat