Basic blocks provide a convenient
means for grouping instructions together in graph-based viewers, as each block
can be represented by a single node within a function??™s flowgraph. Figure 12-10 shows a
selected basic block and its immediate neighbors.
The selected node has a single parent and two children. The proximity settings for this
view are one node up and one node down. The proximity distance is configurable
within BinNavi, allowing users to see more or less of a binary at any given time. Each
time a new node is selected, the BinNavi display is updated to show only the neighbors
that meet the proximity criteria. The goal of the BinNavi display is to decompose complex
functions sufficiently enough to allow analysts to quickly comprehend the flow of
those functions.
References
JRevPro http://sourceforge.net/projects/jrevpro/
Jad www.kpdus.com/jad.html
decompyle www.crazy-compilers.com/decompyle/
Chapter 12: Passive Analysis
303
PART IV
IDA Pro www.datarescue.com/idabase/
Hex-Rays www.hexblog.com/
BinNavi http://sabre-security.com/
Pentium References www.intel.com/design/Pentium4/documentation.htm#man
Automated Binary Analysis Tools
To automatically audit a binary for potential vulnerabilities, any tool must first understand
the executable file format used by the binary, be able to parse the machine language
instructions contained within the binary, and finally determine whether the
binary performs any actions that might be exploitable.
Pages:
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548