Within IDA
Pro??™s disassembly listing, the use of standard library names helps make the listing far
more readable. For example,
call strcpy
is far more readable than
call sub_8048A8C ;call the function at address 8048A8C
For statically linked C/C++ binaries, IDA uses a technique termed Fast Library Identification
and Recognition Technology (FLIRT), which attempts to recognize whether a given
machine language function is known to be a standard library function. This is accomplished
by matching disassembled code against signatures of standard library functions
used by common compilers. With FLIRT and the application of function type signatures,
IDA is able to produce a much more readable disassembly.
In addition to a straightforward disassembly listing, IDA contains a number of powerful
features that greatly enhance your ability to analyze a binary file. Some of these features
include
??? Graphing capabilities to chart function relationships
??? Flowcharting capabilities to chart function flow
??? A strings window to display sequences of ASCII or Unicode characters
contained in the binary file
??? A large database of common data structure layouts and function prototypes
??? A powerful plug-in architecture that allows extensions to IDA??™s capabilities to be
easily incorporated
??? A scripting engine for automating many analysis tasks
??? An integrated debugger
Using IDA Pro An IDA session begins when you select a binary file to analyze.
Pages:
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534