The low-hanging fruit in understanding the behavior of binary programs lies in cataloging the library functions that the program calls. A C program that calls the
connect function is creating a network connection. A Windows program that calls
RegOpenKey is accessing the Windows registry. Additional analysis is required, however, to gain an understanding of how and why these functions are called.
Discovering how a function is called requires learning what parameters are passed to the function. In the case of a
connect call, beyond the simple fact that the function is being called, it is important to know exactly ...