Static linking results in much larger binaries because
library code is merged with program code to create a single executable file that has no
external dependencies, making the binary easier to distribute. As an example, consider a
program that makes use of the openssl cryptographic libraries. If this program is built to
use shared libraries, then each computer on which the program is installed must contain
a copy of the openssl libraries. The program would fail to execute on any computer that
does not have openssl installed. Statically linking that same program eliminates the
requirement to have openssl present on computers that will be used to run the program,
making distribution of the program somewhat easier.
From a reverse-engineering point of view, dynamically linked binaries are somewhat
easier to analyze for several reasons. First, dynamically linked binaries contain little to
no library code, which means that the code that you get to see in IDA is just the code that
is specific to the application, making it both smaller and easier to focus on applicationspecific
code rather than library code. The last thing you want to do is spend your time
reversing library code that is generally accepted to be fairly secure.
Pages:
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562