In Situ Reuse of Logically Extracted Functional Components (ISROLEFC)

Status: Completed

The goal of the ISROLEFC project is to enable automated reuse of functional components
present within compiled Windows executables. For example, say you have an .exe that
performs some complex algorithm that you’d like to make use of in your own program. You
could either A) reverse engineer the whole algorithm with a disassembler or a debugger
to understand and reimplement the algorithm yourself, or B) use our ISROLEFC tools to
automatically turn the interesting code in the executable into a library function directly callable from your own program. The latter certainly sounds easier, right? Well, it is!

The traditional approach to reusing pre-existing functionality contained within a binary
executable is that of physical extraction; that is, the recreation of the desired functionality in
some executable module separate from the program in which it was originally found. This
may be achieved by either re-implementing the code from scratch, or by using complicated program analysis techniques such as program slicing to extract the pertinent instructions from the executable. However, both of these approaches are unnecessarily complicated for the task at hand because you already have a working implementation of the desired functionality, i.e., the one in the binary itself! What’s needed, then, isn’t a way to separate the desired code from its executable, but rather a way to interface with the code in its present location. Such a technique is what we refer to as logical extraction of a functional component. Logical extraction consists of identifying and retaining information about the locations of the elements comprising the functional component within its original program, and in situ reuse is the process of driving the original program to execute the logically extracted functional component in whatever manner the new programmer sees fit.

Reusing a functional component with the aid of our ISROLEFC tools requires only a minimal amount of reverse engineering. Namely, you must identify the virtual address of the first instruction of the component, the VA of the last instruction(s), the parameters and their type. For well-behaved executables, IDA Pro can do most of this for you! Once those details are in hand, you just write an ISROLEFC configuration file containing those details, pass it to the ISROLEFC compiler, which generates a programmatic interface to the component embedded in the executable.