English

DeClassifier: Class-Inheritance Inference Engine for Optimized C++ Binaries

Cryptography and Security 2019-02-19 v2

Abstract

Recovering class inheritance from C++ binaries has several security benefits including problems such as decompilation and program hardening. Thanks to the optimization guidelines prescribed by the C++ standard, commercial C++ binaries tend to be optimized. While state-of-the-art class inheritance inference solutions are effective in dealing with unoptimized code, their efficacy is impeded by optimization. Particularly, constructor inlining--or worse exclusion--due to optimization render class inheritance recovery challenging. Further, while modern solutions such as MARX can successfully group classes within an inheritance sub-tree, they fail to establish directionality of inheritance, which is crucial for security-related applications (e.g. decompilation). We implemented a prototype of DeClassifier using Binary Analysis Platform (BAP) and evaluated DeClassifier against 16 binaries compiled using gcc under multiple optimization settings. We show that (1) DeClassifier can recover 94.5% and 71.4% true positive directed edges in the class hierarchy tree under O0 and O2 optimizations respectively, (2) a combination of ctor+dtor analysis provides much better inference than ctor only analysis.

Keywords

Cite

@article{arxiv.1901.10073,
  title  = {DeClassifier: Class-Inheritance Inference Engine for Optimized C++ Binaries},
  author = {Rukayat Ayomide Erinfolami and Aravind Prakash},
  journal= {arXiv preprint arXiv:1901.10073},
  year   = {2019}
}

Comments

13 pages of main paper including references, 1 page of appendix, 2 figures and 10 tables

R2 v1 2026-06-23T07:24:59.588Z