Having done so, we would be disappointed
to learn that we have done nothing more than reverse a piece of the C standard
library. Clearly, this is not a desirable situation for us. Fortunately, IDA possesses the
ability to help out in these circumstances.
Fast Library Identification and Recognition Technology (FLIRT) is the name that IDA gives
to its ability to automatically recognize functions based on pattern/signature matching.
IDA uses FLIRT to match code sequences against many signatures for widely used libraries.
IDA??™s initial use of FLIRT against any binary is to attempt to determine the compiler
that was used to generate the binary. This is accomplished by matching entry point
sequences (such as those we saw in Listings 13-1 through 13-3) against stored signatures
for various compilers. Once the compiler has been identified, IDA attempts to match
against additional signatures more relevant to the identified compiler. In cases where
IDA does not pick up on the exact compiler that was used to create the binary, you can
force IDA to apply any additional signatures from IDA??™s list of available signature files.
Signature application takes place via the File | Load File | FLIRT Signature File menu
option, which brings up the dialog box shown in Figure 13-1.
Pages:
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566