Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction The Interactive Disassembler Professional (IDA Pro) is an extremely powerful disassembler distributed by Hex-Rays. IDA Pro also supports.

Published by野画 胡 Modified over 5 years ago

Similar presentations

Presentation on theme: "Introduction The Interactive Disassembler Professional (IDA Pro) is an extremely powerful disassembler distributed by Hex-Rays. IDA Pro also supports."— Presentation transcript:

1

2 Introduction The Interactive Disassembler Professional (IDA Pro) is an extremely powerful disassembler distributed by Hex-Rays. IDA Pro also supports several file formats, such as Portable Executable (PE), Common Object File Format (COFF), Executable and Linking Format (ELF), and a.out. IDA Pro will disassemble an entire program and perform tasks such as function discovery, stack analysis, local variable identification, extensive code signatures within its Fast Library Identification and Recognition Technology (FLIRT)

3 Load binary and start analysis
OptionsGeneral, and then select Line prefixes and set the Number of Opcode Bytes to 6. red if a conditional jump is not taken, green if the jump is taken, and blue for an unconditional jump.

4 Functions window Lists all functions in the executable and shows the
length of each. Names window Lists every address with a name, including functions, named code, named data, and strings. Strings window Shows all strings. By default, this list shows only ASCII strings longer than five characters. You can change this by right-clicking in the Strings window and selecting Setup. Imports window Lists all imports for a file. Exports window Lists all the exported functions for a file. This window is useful when you’re analyzing DLLs. Structures window Lists the layout of all active data structures. The window also provides you the ability to create your own data structures for use as memory layout templates. OptionsGeneral, and then check the Auto comments checkbox.

5 Navigate Ida PRO Loc link Cross reference Sub link

6 Navigation Band Light blue is library code as recognized by FLIRT.
Red is compiler-generated code. Dark blue is user-written code. IDA Pro’s default colors for data are pink for imports, gray for defined data, and brown for undefined data

7 Find password

8 Recall that local variables will be at
a negative offset relative to EBP and arguments will be at a positive offset. Local variables

9 Local and Global Variables

10 When performing the div or idiv instruction, you are dividing edx:eax by the operand and storing the result in eax and the remainder in edx. That is why edx is moved into var_8

11 Conditional statement

12 Nested If Statement

13 Finding Loops…

14 …Finding Loops

15 While loops

16 Switch Statement

17 Switch Statement, a little different

18 Dissassembly arrays

19 Disassembly struct

Download ppt "Introduction The Interactive Disassembler Professional (IDA Pro) is an extremely powerful disassembler distributed by Hex-Rays. IDA Pro also supports."

Similar presentations

O PERATING I N R EAL M ODE Prof.P.C.Patil Department of Computer Engg Matoshri College of Engg.Nasik M ICROPROCESSOR A RCHITECTURE.

O PERATING I N R EAL M ODE Prof.P.C.Patil Department of Computer Engg Matoshri College of Engg.Nasik M ICROPROCESSOR A RCHITECTURE.
Module 6: Introduction to C Language ITEI102 Introduction to Programming Structure of C++ Program - Programming Terminologies - Microsoft Visual Studio.

Module 6: Introduction to C Language ITEI102 Introduction to Programming Structure of C++ Program - Programming Terminologies - Microsoft Visual Studio.
Goal: Write Programs in Assembly

Goal: Write Programs in Assembly
Professional Toolkit V2.0 C:\Presentations - SmartCafe_Prof_V2.0 - bsc - 22.02.01 - page 1 Professional Toolkit 2.0.

Professional Toolkit V2.0 C:\Presentations - SmartCafe_Prof_V2.0 - bsc page 1 Professional Toolkit 2.0.
Fall 2006 1 EE 333 Lillevik 333f06-l4 University of Portland School of Engineering Computer Organization Lecture 4 Assembly language programming ALU and.

Fall EE 333 Lillevik 333f06-l4 University of Portland School of Engineering Computer Organization Lecture 4 Assembly language programming ALU and.
C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.

C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.
Binghamton University CS-220 Spring 2015 Binghamton University CS-220 Spring 2015 Object Code.

Binghamton University CS-220 Spring 2015 Binghamton University CS-220 Spring 2015 Object Code.
Lab6 – Debug Assembly Language Lab

Lab6 – Debug Assembly Language Lab
1 Lecture 5: Procedures Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.

1 Lecture 5: Procedures Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.
Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.

Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.
Introduction to C Programming Overview of C Hello World program Unix environment C programming basics.

Introduction to C Programming Overview of C Hello World program Unix environment C programming basics.
OllyDbg Debuger.

OllyDbg Debuger.
Joseph L. Lindo Assembly Programming Sir Joseph Lindo University of the Cordilleras.

Joseph L. Lindo Assembly Programming Sir Joseph Lindo University of the Cordilleras.
OBJECT MODULE FORMATS. The object module format we have employed as an educational device is called OMF (relocatable object format). It’s one of the earliest.

OBJECT MODULE FORMATS. The object module format we have employed as an educational device is called OMF (relocatable object format). It’s one of the earliest.
Introduction to Subroutines. All the combinations in which a subroutine can be written 1. The subroutine may be: a. Internal or b. External 2. The type.

Introduction to Subroutines. All the combinations in which a subroutine can be written 1. The subroutine may be: a. Internal or b. External 2. The type.
Chapter 3 Elements of Assembly Language. 3.1 Assembly Language Statements.

Chapter 3 Elements of Assembly Language. 3.1 Assembly Language Statements.
Practical Session 4. Labels Definition - advanced label: (pseudo) instruction operands ; comment valid characters in labels are: letters, numbers, _,

Practical Session 4. Labels Definition - advanced label: (pseudo) instruction operands ; comment valid characters in labels are: letters, numbers, _,
Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad

Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad
Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 3 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 3 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
C/C++ Programming Environment

C/C++ Programming Environment

Similar presentations

Ads by Google