Joined: 30 September 2005
Posted: 06 December 2005 at 9:22pm
I'm sure many of you have all used IDA Pro before, it's an exceptional program and a masterpiece. It can detect signatures of binary files for miles on end and so on and so on.
The thing is, IDA can detect certain signatures within an analyzed binary file to conduct it's heuristics analysis and narrow down on some possible file types it should decompile them into. Seeing how that wasn't really writing with words, I'll state it another way: given a binary, IDA analyzes it and finds possible file formats, and once you select one, it decompiles it appropriately.
Basically I was wondering if anybody here knew a reliable way to replicate something like that. I was thinking of doing a regexp type match and having things that identify the file hardcoded and then have anything that can be variable (such as the machine type in the PE header of a EXE) marked as such, however, I realized that I would have to do further heuristics analysis over the binary, because for example, ELF files always have the "ELF\177" signature in their binary, if I load an ELF file and it doesn't have that it could simply be a slightly-altered ELF. Therefore if it was say, if that signature was "ELF\143" I could note the 'ELF' part and mark it as 'possibly ELF' in an internal array or somesuch (or mark a flag etc. etc.) and then after I got analyzing my possibles I could do more heuristics on it, for example if it could be for some weird-ass reason a possible EXE and a possible ELF then I could do more PE-related checks and then do more ELF-related checks and see which comes out with more a higher probability level.
Does anybody know of a possibly simpler way to do this? Regexp-based matching and narrowing down is the only thing I could really think up truth be told. This might be the simplest solution, but my concious always tells me that "The most elegent solution is found only after the problem is solved."
|Forum Jump||Forum Permissions
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum