Interactive function identification decreasing the effort of reverse engineering

Today’s software is growing in size and complexity. Consequently analysing closed-source binaries becomes time-consuming and labour-intensive. In the common use case, the analyst is only interested in specific functions of the given application. Identifying the relevant functions is difficult since no related meta information is given. In this paper we present a framework which speeds up the reverse-engineering process using interactive function identification. We use the benefits of Dynamic Binary Instrumentation as base to collect the executed function calls. We support the analyst in filtering the relevant functions for specific functionality. Our approach is divided into three process steps. Real-time data gathering, user defined information processing/filtering and graphical representation. We show a significant speed up in the reverse engineering process using our framework. We reduce the number of executed functions to be viewed by the analyst more than 90 % and due to visual components we help the analyst pre-selecting the functions on an abstract level