Guus Bosman

software engineering manager


You are here

internet

The IDA Pro Book

cover_picture: 
/images/books/idaprobook.png
ISBN: 
978-1593272890
0

Inspired by the course I took on malicious software, I spent some more time learning about disassembling and analysis executables.

I used IDA Pro as editor and the IDA Pro Book was a great manual.

I was using a trial version of IDA Pro which does not allow you to save your work. But it does allow you to run macro's, so I created scripts like these that allowed me to persist my comments and observations:

#include 

static main() {	
	rename_safely(0x0804896E, "main");
	rename_safely(0x0804892E, "disable_ptrace");
	rename_safely(0x8048AD6, "exit_program");

	SetFunctionCmt(0x0804890F, "There seems to be no direct callers to this function", 1);
	SetFunctionCmt(0x080485C0, "Called from proc_term", 1);

MakeComm(0x08048661, "a jmp to loc_8048664 (since eax contains loc_8048664)");
}
			
static rename_safely(ref, newName) {
	auto oldName;
	oldName = Name(ref);
	 
	Message("[0x%08X] %s => %s\n", ref, oldName, newName);
	if (!MakeNameEx(ref, newName, SN_CHECK | SN_NON_AUTO)) 
		Message("[!!!!] Couldn't rename.");
}
language: 
English for work
Author: 
Chris Eagle

Add new comment

Recent comments

Recently read

Books I've recently read: