Chapter 12. Library Recognition Using FLIRT Signatures

Library Recognition Using FLIRT Signatures

At this point it is time to start moving beyond IDA’s more obvious capabilities and begin our exploration of what to do after “The initial autoanalysis has been finished.”[70] In this chapter we discuss techniques for recognizing standard code sequences such as the library code contained in statically linked binaries or standard initialization and helper functions inserted by compilers.

When you set out to reverse engineer any binary, the last thing that you want to do is waste time reverse engineering library functions whose behavior you could learn much more easily simply by reading a man ...

Get The IDA Pro Book now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.