文档介绍:pilersandbeyondHex-epossibleFuture“...isbrightandsunny”YourfeedbackOnlinecopyofthispresentationisavailableat/idapro/ppt/(c)2008Hex-RaysSA2DisassemblersWeneeddisassemblerstoanalyzebinarycodeSimpledisassemblersproducealistingwithinstructionsBetterdisassemblersassistinanalysisbyannotatingthecode,:theoutputisanassemblerlistingThemainoutputofadisassemblerisstillone-to-onemappingofopcodestoinstructionmnemonicsNoleverage,noabstractions,askafterawhile(c)2008Hex-RaysSA3DisassemblerlimitationsTheoutputisBoringInhumanRepetitiveErrorproneRequiresspecialskillsDidIsayrepetitive?Yetsomegeekslikeit?...(c)2008Hex-pilersTheneed:pilationisthenextlogicalstep,yetatoughone(c)2008Hex-pilerTheanswerisclearandeasytogive:pilers:parisoniscorrectbutsuperficial(c)2008Hex-pilersareprivilegedStrictlydefinedinputlanguageAnythingnonconforming–spitoutanerrormessageReasonableamountofinformationonallfunctions,variables,types,?:)(c)2008Hex-pilersareimpossibleInformalandsometimeshostileinputManyproblemsareunsolvedorprovedtobeunsolvableingeneralTheoutputisexaminedindetailbyahumanbeing,anysuboptimalityisnoticedbecauseitannoystheanalystConclusion:pilersareimpossiblemoncases?Forexample,ifwecover90%,willtherestbehandledmanually?(c)2008Hex-RaysSA8Easyforhumans,putersInfact,many(all?)pilationarehardForeveryproblem,thereisanaïvesolution,which,unfortunately,doesnotworkJustafewexamples...(c)2008Hex-RaysSA9FunctioncallsareaproblemFunctioncallsrequireansweringthefollowingquestions:Wheredoesthefunctionexpectitsinputregisters?Wheredoesitreturntheresult?Whatregistersormemorycellsdoesitspoil?Howdoesitchangethestackpointer?Doesitreturntothecallerorsomewhereelse?(c)2008Hex-RaysSA10