The IDA Pro Book
0
Inspired by the course I took on malicious software, I spent some more time learning about disassembling and analysis executables.
I used IDA Pro as editor and the IDA Pro Book was a great manual.
I was using a trial version of IDA Pro which does not allow you to save your work. But it does allow you to run macro's, so I created scripts like these that allowed me to persist my comments and observations:
#includestatic main() { rename_safely(0x0804896E, "main"); rename_safely(0x0804892E, "disable_ptrace"); rename_safely(0x8048AD6, "exit_program"); SetFunctionCmt(0x0804890F, "There seems to be no direct callers to this function", 1); SetFunctionCmt(0x080485C0, "Called from proc_term", 1); MakeComm(0x08048661, "a jmp to loc_8048664 (since eax contains loc_8048664)"); } static rename_safely(ref, newName) { auto oldName; oldName = Name(ref); Message("[0x%08X] %s => %s\n", ref, oldName, newName); if (!MakeNameEx(ref, newName, SN_CHECK | SN_NON_AUTO)) Message("[!!!!] Couldn't rename."); }
ISBN:
978-1593272890
language:
English for work
/images/books/idaprobook.png