In the IDA Colors window you can configure different colors for instruction mnemonics, registers, addresses, constants and variables. However, it’s possible to brighten things up a bit if you go to “Options -> Colors…”. The default IDA Pro theme just looks plain. Let’s take a quick look at syntax highlight capabilities provided by IDA Pro and other tools for reverse engineering.Īs you can see, Immunity Debugger, 圆4dbg and radare2 all highlight control-flow transfer instructions, but not IDA Pro. However, syntax highlighting can also greatly assist in software reversing. It’s quite different when a function executes other functions you might want to understand what these functions do first to get the bigger picture.Īll development environments for writing code support syntax highlighting because it greatly assists in software coding. If a function just performs calculations, stores some values in memory, and you don’t really care about such details, then you can skip this function and continue reverse-engineering. When it comes to understanding what a function does, the first thing you’re most likely to do is check how many CALL instructions it has and what other functions they execute. If you’re an experienced reverse engineer, you can usually get a general idea of what a function does just by taking a quick look at the function assembly (especially true when the function is relatively small). For x86/64 architectures this is done by the CALL instruction. When you are reverse-engineering a binary it’s very important to follow control-flow transfer instructions and especially those instructions that are used to transfer the control flow to other procedures. Highlighting control-flow transfer instructions This article is a sneak peek into what I’ll be discussing. In the second edition that takes place on July 22, 2020, I’ll be talking about awesome IDA Pro plugins that I regularly use. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a series of talks called ‘GReAT Ideas. The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |