Chapter 1
Foreword
Abstract: As Windows x64 becomes a more prominent platform, it will become
necessary to develop techniques that improve the binary analysis proce ss . In
particular, automated techniques that can be performed prior to doing code or
data flow analysis can be useful in getting a better understanding for how a
binary operates. To that point, this paper gives a brief explanation of some
of the changes that have been made to support Windows x64 binaries. From
there, a few basic techniques are illustrated that can be used to improve the
process of identifying functions, annotating their stack frames, and describing
their exception handler relationships. Source code to an example IDA plugin is
also included that shows how these techniques can be implemented.
Thanks: The author would like to thank bugcheck, sh0k, jt, spoonm, and
Skywing.
Update: The article in MSDN magazine by Matt Pietrek was published af-
ter this article was written. However, it contains a lot of useful information
and touches on many of the same topics that this article covers in the back-
ground chapter. The article can be found here:
http://msdn.microsoft.com/
msdnmag/issues/06/05/x64/default.aspx.
With that, on with the show. . .
2
