DISASSEMBLY NAVIGATION : Différence entre versions

De Wiki expérimental
(Page créée avec « In this and the following chapter we cover the heart of what pots the Interactive in DA Pro, which is, in a nutshell, ease of navigation and ease of manipulation. The focu... »)
 
Ligne 1 : Ligne 1 :
 
In this and the following chapter we cover the heart of what pots the Interactive in DA Pro, which is, in a nutshell, ease of navigation and ease of manipulation. The focus of this chapter is navigation; specifically, we show how IDA facilitates moving around a disassemhly in a logical
 
In this and the following chapter we cover the heart of what pots the Interactive in DA Pro, which is, in a nutshell, ease of navigation and ease of manipulation. The focus of this chapter is navigation; specifically, we show how IDA facilitates moving around a disassemhly in a logical
 
manner. So far, we have shown that ai a basic level IDA simply combines the features of many common reverse engineering tools into an integrated disassembly dïsplay. Navigating around the display is one of the essential skills requïred in order to master IDA. Static dïsassembly listings offer no inherent navigational capabilïty other than scrolling op and down the listing. Evert wïth the best text editors, such dead listings are very difficuit to navigate, as the best they have to offer is generaily nothing more than an integrated, grep-style search. As you shall sec, IDAs database underpïnnïngs provide for exceptional navigational features.
 
manner. So far, we have shown that ai a basic level IDA simply combines the features of many common reverse engineering tools into an integrated disassembly dïsplay. Navigating around the display is one of the essential skills requïred in order to master IDA. Static dïsassembly listings offer no inherent navigational capabilïty other than scrolling op and down the listing. Evert wïth the best text editors, such dead listings are very difficuit to navigate, as the best they have to offer is generaily nothing more than an integrated, grep-style search. As you shall sec, IDAs database underpïnnïngs provide for exceptional navigational features.
 +
 +
Basic IDA Navigation
 +
 +
In your initial experience with IDA, you may be happy to make use of nothing more than the navigational features that IDA bas to offer. In addition to offering fairly standard search features that you are accustomed to front your use of text editors or word processors, IDA develops and displays a comprehensive list of cross-references that behave in a manner similar to hyperlinks on a web page. The end result is that, in most cases, navigating to locations of interest requires nothing more than a double-click.
 +
 +
Double-Click Navigation
 +
 +
When a program is disassembled, every location in the program is assigned a virtual address. As a result, we can navigate anywhere within a program by providing the virtual address of the location we are interested in visiting. Unfortunately for us, maintaining a catalog of addresses in our head is not a trivial task. This fact rnotivated early programmers to assign symbolic names to program locations that they wished to reference, making things a whole lot casier on themselves. The assïgnment of symbolic names to program addresses was not unlike the assignment of mnemonïc instruction names to program opcodes; programs became easïer to read and write by making them casier to rernember.
 +
 +
As we dïscussed previously, IDA generates symbolic names during the analysis phase by examining a binarys symbol table or by autornatically generating a name based on how a location is referenced within the binary. In addition to its symbolic purpose, any name dïsplayed in the dïsassembly window is a potential navigation target similar to a hyperlïnk on a web page. The two differences between these names and standard hyperlïnks are (1) that the names are neyer highlighted in any way to indicate that they can be followed and (2) that IDA requires a double-click to follow rather than the single-click requïred by a hyperlink. We have already seen the use of names in various subwïndows such as the Functions, Imports, and Exports windows. RecalI that for each of these windows, double-clicking a name caused the disassembly view tojump to the referenced location. This is one example of the double-click navigation at work. In the following listing, each of the symbols labeled O represents a named navigational target. Double-clicking any of them will cause IDA to relocate the display to the selected location.

Version du 15 août 2019 à 21:32

In this and the following chapter we cover the heart of what pots the Interactive in DA Pro, which is, in a nutshell, ease of navigation and ease of manipulation. The focus of this chapter is navigation; specifically, we show how IDA facilitates moving around a disassemhly in a logical manner. So far, we have shown that ai a basic level IDA simply combines the features of many common reverse engineering tools into an integrated disassembly dïsplay. Navigating around the display is one of the essential skills requïred in order to master IDA. Static dïsassembly listings offer no inherent navigational capabilïty other than scrolling op and down the listing. Evert wïth the best text editors, such dead listings are very difficuit to navigate, as the best they have to offer is generaily nothing more than an integrated, grep-style search. As you shall sec, IDAs database underpïnnïngs provide for exceptional navigational features.

Basic IDA Navigation

In your initial experience with IDA, you may be happy to make use of nothing more than the navigational features that IDA bas to offer. In addition to offering fairly standard search features that you are accustomed to front your use of text editors or word processors, IDA develops and displays a comprehensive list of cross-references that behave in a manner similar to hyperlinks on a web page. The end result is that, in most cases, navigating to locations of interest requires nothing more than a double-click.

Double-Click Navigation

When a program is disassembled, every location in the program is assigned a virtual address. As a result, we can navigate anywhere within a program by providing the virtual address of the location we are interested in visiting. Unfortunately for us, maintaining a catalog of addresses in our head is not a trivial task. This fact rnotivated early programmers to assign symbolic names to program locations that they wished to reference, making things a whole lot casier on themselves. The assïgnment of symbolic names to program addresses was not unlike the assignment of mnemonïc instruction names to program opcodes; programs became easïer to read and write by making them casier to rernember.

As we dïscussed previously, IDA generates symbolic names during the analysis phase by examining a binarys symbol table or by autornatically generating a name based on how a location is referenced within the binary. In addition to its symbolic purpose, any name dïsplayed in the dïsassembly window is a potential navigation target similar to a hyperlïnk on a web page. The two differences between these names and standard hyperlïnks are (1) that the names are neyer highlighted in any way to indicate that they can be followed and (2) that IDA requires a double-click to follow rather than the single-click requïred by a hyperlink. We have already seen the use of names in various subwïndows such as the Functions, Imports, and Exports windows. RecalI that for each of these windows, double-clicking a name caused the disassembly view tojump to the referenced location. This is one example of the double-click navigation at work. In the following listing, each of the symbols labeled O represents a named navigational target. Double-clicking any of them will cause IDA to relocate the display to the selected location.