IDA Pro
IDA Pro was created by Ilfak Guilfanov of DataRescue Inc., and as mentioned earlier it is
perhaps the premier disassembly tool available today. IDA understands a large number
of machine languages and executable file formats. At its heart, IDA is actually a database
application. When a binary is loaded for analysis, IDA loads each byte of the binary into
a database and associates various flags with each byte. These flags can indicate whether a
byte represents code, data, or more specific information such as the first byte of a
multibyte instruction. Names associated with various program locations and comments
generated by IDA or entered by the user are also stored into the database. Disassemblies
are saved as .idb files separate from the original binary, and .idb files are referred to
as database files. Once a disassembly has been saved to its associated database file, IDA
has no need for the original binary, as all information is incorporated into the database
file. This is useful if youwant to analyze malicious software but don??™twant the malicious
binary to remain present on your system.
When used to analyze dynamically linked binaries, IDA Pro makes use of embedded
symbol table information to recognize references to external functions.
Pages:
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533