-1

Both IDA Pro and OllyDBG automatically analyze the binary on load to identify whats code and data. I assume its a complicated process and I would like to learn more about this process.

How is this process refered to and are you guys aware of any resources about this subject?

I also composed a list of interesting information that can be read from the executable (taken from IDA Pro). Anything to add?

  • Names
  • Functions
    • Imports
    • Exports
  • Strings
  • Structures
  • Enums
  • Segments
  • Signatures (To identify the compiler)
Pim Reijersen
  • 101
  • 5

1 Answers1

2

This is answered at length in The IDA PRO Book by Chris Eagle.

In particular, the entire first chapter is dedicated to this topic.

I would highly recommend purchasing a copy: https://www.nostarch.com/idapro2.htm

The electronic version is excellent for searching things like this.

Outside of the book, I would recommend consulting this StackExchange question, which discusses Recurisve Descent dissassembly: What is the algorithm used in Recursive Traversal disassembly?

Zach Riggle
  • 2,337
  • 1
  • 16
  • 28