State-of-the-art binary code analysis tools
We all know that call invokes a function and ret returns to the caller. Alas, nothing is certain in the binary world. The ret instruction is quite often used for short jumps within a function. Among many other improvements in IDA v5.1 there will be a special logic to recognize and mark such pseudo-returns. I […]
Writing boot code is useful for many reasons, whether you are: Developing your own operating system Developing disk encryption systems Experimenting and researching Or even writing a bootkit
Ero Carrera in his eye-catching blog talks about multi-chunk function related shortcomings in IDA Pro: This results in that, from the disassembler point of view, one has to allow for those chunks and also for those chunks to be assigned to an arbitrary number of “owning” or parent functions.
Sometimes I need to know if the current instruction sequence belongs to a loop or not. If it does, I’d like to know the loop boundaries. It would be nice to have the current loop highlighted. If the highlight changes as I navigate in the listing, it would be just great.
In May a contest was open on Datarescue’s forum: http://www.datarescue.com/ubb/ultimatebb.php?/topic/4/375.html There were some nice tries but nobody guessed it right. It seems Datarescue will have to repeat the contest with another question 🙂 If you are curious to learn the correct answer, please read on.
After spending several days with a naive approach to linear algebra I can tell you: it doesn’t work. Will use a third party implementation because my implementation is way too slow. My very short and elegant implementation (only 500 lines) works well for smal problems but miseralby fails with anything of substantial size. The failure […]
Apparently she was someone very pious and spiritual 🙂 http://nominis.cef.fr/contenus/saints_966.html Today is her day. IDA Pro started as a simple abbreviation but we quickly got used to the image of this nice lady (in fact the person depicted on the image is just a certain medieval lady, not a saint; not named Ida neither…).
For a typical MS Windows executable IDA does quite good job of recognizing code and creating functions and usually the result is eye-pleasing and easy to decipher. The analysis is quite good but not perfect – there are cases when it takes data for code or wrongly determines the function boundaries. The good news are that […]
The new IDA Pro introduces the graph mode. The disassembly of the current function is displayed as a graph: each basic block is represented as a node and cross references are represented as edges. It is easy to zoom, move, and modify the graph using the mouse, I’m sure you will just use the new […]
Sometimes we want to perform the coverage analysis of the input file: to find areas of the program not exercised by a set of test cases. These test cases may come from a test suit or you could be trying to to find a vulnerability in the program by ‘fuzzing’ it. A nice feedback […]