In other cases, you may find
that IDA does a large percentage of what you wish to do, and you would like to pick up
from there with additional automated processing. In this chapter, we examine some of
the challenges faced in binary analysis and how IDA may be used to overcome them.
Static Analysis Challenges
For any nontrivial binary, generally several challenges must be overcome to make analysis
of that binary less difficult. Examples of challenges you might encounter include
??? Binaries that have been stripped of some or all of their symbol information
??? Binaries that have been linked with static libraries
??? Binaries that make use of complex, user-defined data structures
??? Compiled C++ programs that make use of polymorphism
309
Gray Hat Hacking: The Ethical Hacker??™s Handbook
310
??? Binaries that have been obfuscated in some manner to hinder analysis
??? Binaries that use instruction sets with which IDA is not familiar
??? Binaries that use file formats with which IDA is not familiar
IDA is equipped to deal with all of these challenges to varying degrees, though its documentation
may not indicate that. One of the first things you need to learn to accept as an
IDA user is that there is no user??™s manual and the help files are pretty terse.
Pages:
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556