Lightweight runtime reverse engineering of binary file format variants

摘要

Binary file formats are regularly extended and modified, often unintentionally in the form of bugs in the implementations of applications and libraries that create files. Applications that need to read data from binary files created by other applications face the complicated task of supporting the resulting many variants. Lightweight implementation patterns to perform runtime reverse engineering can be used to handle common extensions, modifications and bugs. This increases application usability by generating fewer errors as well as provides useful automated feedback to maintainers. This paper describes a set of patterns that are the result of experience in developing and maintaining a collection of automated digital forensics tools. The patterns are illustrated through practical examples and can be directly applied by practitioners.