19th-20th November 2011 - Melbourne, Australia
Recent versions of GCC, 4.5+, now have the ability to accept user developed plugins, which can aid in both the processing and analysis of input programs to GCC. This feature provides a subset of the GCC API allowing developers to extend the capabilities of the compiler by writing their own optimization or analysis passes. Such an extension can also provide useful information to those interested in static analysis, as well as providing a great way to learn more about aspects regarding GCC.
This presentation discusses how to get started in writing plugins, and provides several plugins which can be of use to the security community. Namely, two malware obfuscation techniques, pseudo random nop insertion and encrypted read-only string data.
Matt has recently left the corporate world to focus his interests as a researcher and towards a PhD in Computer Science. His past experience as a professional software engineer was primarily focused in the modelling and simulation world, however, his interests and experience include software development, software security, kernel, and compiler development. Matt's other interests include listening to obnoxious music and drinking vast quantities of coffee.