Static analysis is the analysis code without actually executing it. This is in contrast to dynamic analysis which executes the code.
Static analysis is the analysis code without actually executing it. This is in contrast to dynamic-analysis which executes the code.
Static analysis comes in various forms. The most widely used form in the field of reverse code engineering (RCE) would be disassembling or decompiling binary executable code. The executable code can be byte code or native opcodes for a particular processor on which the code is supposed to run.
Decompilation
The closer the code is to the underlying hardware, the harder it usually gets to decompile it. Decompilation being the process of transforming the binary executable code into human-readable form, be it the original programming language used to create the binary code or another one or pseudo-code. This process has its limitations due to optimizers used in the compilers that create the binary code in the first place.
Disassembling
This approach transforms the binary code into its exact mnemonic representation, which makes the machine code more or less comprehensible to humans. One of the big issues is to distinguish data from code. Existing disassemblers use a number of heuristics and cues given by the reverse engineer (thus the "interactive" in IDA) or the underlying file format.
Formal static program analysis
This approach is mostly used in forward engineering in order to prove the correctness of a program or check some of its properties without actually running it. It can also overlap in large parts with what is used to reverse engineer and subsequently document legacy code bases.
The main trait of this approach is that the code isn't run but that the tool used to perform that analysis knows about the semantics of the source code. In RCE the source code is not available most of the time.
Some of the implementation techniques of formal static program analysis include:
- Model checking
- Data-flow analysis
- Abstract interpretation models
