ReOxide

Modern compiled languages such as Rust and Go are notorious for producing binaries that are difficult to reverse engineer by default. As these languages grow in popularity, they are increasingly being used in proprietary products and are also attracting malware developers. In order to audit binary software and analyze malware, it is therefore necessary to improve reverse engineering tools with special support for specific languages. To fill this gap, we are developing the ReOxide framework, which targets the reverse engineering of Rust programs. In the presence of extensive compile-time code generation and strong memory optimizations, existing decompilers reach their limits when trying to recreate C-like languages. The design goal of ReOxide is therefore to build on top of the Ghidra decompiler and make it extensible for custom analysis passes. This will allow us to gather information that is readily available during decompilation itself, but not through Ghidra's public plugin API. We will use this information to address Rust specific language features, but also try to keep the extensions general enough for other languages.