Second, when a
dynamically linked binary is stripped, it is not possible to strip the names of library
Gray Hat Hacking: The Ethical Hacker??™s Handbook
312
Chapter 13: Advanced Static Analysis with IDA Pro
313
PART IV
functions called by the binary, which means the disassembly will continue to contain
useful function names in many cases. Statically linked binaries present more of a challenge
because they contain far more code to disassemble, most of which belongs to
libraries. However, as long as the statically linked program has not been stripped, you
will continue to see all of the same names that you would see in a dynamically linked
version of the same program. A stripped, statically linked binary presents the largest
challenge for reverse engineering. When the strip utility removes symbol information
from a statically linked program, it removes not only the function and global variable
names associated with the program, but it also removes the function and global variable
names associated with any libraries that were linked in as well. As a result it is extremely
difficult to distinguish program code from library code in such a binary. Further it is difficult
to determine exactly how many libraries may have been linked into the program.
Pages:
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563