Armed with that information, you can attempt to locate the appropriate libraries from a
matching system. If the binary was linked with more than one static library, additional
strings analysis may be required to identify each additional library. Useful things to
look for in strings output include copyright notices, version strings, usage instructions,
or other unique messages that could be thrown into a search engine in an attempt to
identify each additional library. By identifying as many libraries as possible and applying
their signatures, you greatly reduce the amount of code that you need to spend time
analyzing and get to focus more attention on application-specific code.
Data Structure Analysis
One consequence of compilation being a lossy operation is that we lose access to data
declarations and structure definitions, which makes it far more difficult to understand
the memory layout in disassembled code. As mentioned in Chapter 12, IDA provides
the capability to define the layout of data structures and then to apply those structure
definitions to regions of memory. Once a structure template has been applied to a
region of memory, IDA can utilize structure field names in place of integer offsets within
the disassembly, making the disassembly far more readable.
Pages:
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573