PARTS:
Part 23
Part 24
Part 25
Part 26
Part 27
Part 28
Part 29
Part 30
Part 31
Part 32
Part 33
Part 34
Part 35
Part 36
Part 37
Part 38
Part 39
Part 40
Part 41
Part 42
SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Prev | Current Page 528 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"


Vulnerability Discovery with IDA Pro The process of manually searching
for vulnerabilities using IDA Pro is similar in many respects to searching for vulnerabilities
in source code. A good start is to locate the places in which the program accepts userprovided
input, and then attempt to understand how that input is used. It is helpful if
IDA Pro has been able to identify calls to standard library functions. Because you are
reading through an assembly language listing, it is likely that your analysis will take far
longer than a corresponding read through source code. Use references for this activity,
Figure 12-6 IDA structure definition window
including appropriate assembly language reference manuals and a good guide to the
APIs for all recognized library calls. It will be important for you to understand the effect
of each assembly language instruction, as well as the requirements and results for calls
to library functions. An understanding of basic assembly language code sequences as
generated by common compilers is also essential. At a minimum, you should understand
the following:
??? Function prologue code The first few statements of most functions used to
set up the function??™s stack frame and allocate any local variables
??? Function epilogue code The last few statements of most functions used to
clear the function??™s local variables from the stack and restore the caller??™s stack
frame
??? Function calling conventions Dictate the manner in which parameters are
passed to functions and how those parameters are cleaned from the stack once
the function has completed
??? Assembly language looping and branching primitives The instructions used
to transfer control to various locations within a function, often according to the
outcome of a conditional test
??? High-level data structures Laid out in memory; various assembly language
addressing modes are used to access this data
Chapter 12: Passive Analysis
299
PART IV
Figure 12-7 Applying IDA structure templates
Finishing Up with find.


Pages:
516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540
The Art of Agile Development (page 19) Absalom's Hair (page 112) Absolute Surrender and Other Addresses (page 1)