We know the stack frame layout based
on the Hex-Rays-generated comment that indicates that v59 resides at memory location
[bp-608h]. Hex-Rays integrates seamlessly with IDA Pro and offers interactive manipulation
of the generated source code in much the same way that the IDA-generated disassembly
can be manipulated.
BinNavi
Disassembly listings for complex programs can become very difficult to follow because
program listings are inherently linear, while programs are very nonlinear as a result of all
of the branching operations that they perform. BinNavi from SABRE Security is a tool that
provides for graph-based analysis and debugging of binaries. BinNavi operates on IDAgenerated
databases by importing them into a SQL database (mysql is currently supported),
and then offering sophisticated graph-based views of the binary. BinNavi utilizes
the concept of proximity browsing to prevent the display from becoming too cluttered.
BinNavi graphs rely heavily on the concept of the basic block. A basic block is a sequence of
instructions that, once entered, is guaranteed to execute in its entirety. The first instruction
in any basic block is generally the target of a jump or call instruction, while the last
instruction in a basic block is typically either a jump or return.
Pages:
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547