Question 1

How does dynStruct compare to Ghidra for structure recovery?

Accepted Answer

dynStruct uses dynamic analysis via DynamoRIO to observe actual memory accesses during execution, making it more accurate for runtime behavior, while Ghidra relies on static analysis without running the binary, which is safer but may miss dynamic allocations.

Question 2

How to install and set up dynStruct on Linux?

Accepted Answer

Install DynamoRIO from a recommended cronbuild, set DYNAMORIO_HOME, run build.sh to compile the data gatherer, then use pip3 to install Python dependencies like Capstone and Bottle. The README details these steps but notes version compatibility issues.

Question 3

Can dynStruct analyze malware safely?

Accepted Answer

Yes, it's designed for malware analysis by monitoring memory accesses, but you must run the binary in a controlled, isolated environment due to the risks of execution, and it only supports ELF formats.

Question 4

What are the limits of dynStruct's type inference?

Accepted Answer

It infers types like pointers and integers from assembly context, but the README admits it's not 100% reliable and can misidentify types, especially with complex or optimized code.

Question 5

How to edit recovered structures in the web interface?

Accepted Answer

Start the web UI with dynStruct.py -w, navigate to the structure view, click on a member to edit its name, type, or size, and save changes to a serialized file for persistence.

Question 6

Does dynStruct work with 32-bit binaries on 64-bit systems?

Accepted Answer

Yes, the data gatherer can be compiled for 32-bit targets using build.sh 32, and it handles both architectures, but ensure DynamoRIO and dependencies are compatible.

Question 7

Why does dynStruct have high memory usage?

Accepted Answer

The Python script stores all access data from JSON in memory objects, which for large binaries (hundreds of MB) can exhaust system RAM, as noted in the 'Known issues' section; this limits analysis of very large programs.

dynStruct

What is dynStruct?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions