Traditional reverse engineering (RE) research relies on manual data collection and subjective analysis, suffering from low efficiency, poor scalability, and insufficient objectivity. To address these limitations, this paper proposes reAnalyst—a tool-agnostic, multimodal RE behavior acquisition and semi-automatic annotation framework. reAnalyst synchronously captures heterogeneous data—including screen screenshots, keyboard inputs, and process information—and leverages computer vision–driven activity recognition, heuristic behavioral modeling, and semi-supervised learning to accurately identify and semantically annotate RE operations. Experimental results demonstrate high recognition accuracy across diverse and complex screenshots. Empirical evaluation confirms the framework’s effectiveness and practical utility, with broad endorsement from professional reverse engineers. This work significantly advances the automation, reproducibility, and large-scale analytical capability of RE research.

This paper introduces reAnalyst, a framework designed to facilitate the study of reverse engineering (RE) practices through the semi-automated annotation of RE activities across various RE tools. By integrating tool-agnostic data collection of screenshots, keystrokes, active processes, and other types of data during RE experiments with semi-automated data analysis and generation of annotations, reAnalyst aims to overcome the limitations of traditional RE studies that rely heavily on manual data collection and subjective analysis. The framework enables more efficient data analysis, which will in turn allow researchers to explore the effectiveness of protection techniques and strategies used by reverse engineers more comprehensively and efficiently. Experimental evaluations validate the framework's capability to identify RE activities from a diverse range of screenshots with varied complexities. Observations on past experiments with our framework as well as a survey among reverse engineers provide further evidence of the acceptability and practicality of our approach.