没有合适的资源？快使用搜索试试~ 我知道了~

文库首页开发技术其它Improving Automated Analysis of Windows x64 Binaries - Uninformed v4a1 (April 2006)-计算机科学

Improving Automated Analysis of Windows x64 Binaries - Uninforme...

Papers

Specs

Decks

Manuals

0 下载量 179 浏览量 2021-04-22 18:31:30 上传评论收藏 161KB PDF 举报

温馨提示

试读

19页

Improving Automated Analysis of Windows x64 BinariesApril, 2006 skapemmiller@hick.orgContents1 Foreword 22 Introduction 33 Background 4 3.1 PE32+ Image File Format . . . . . . . . . . . . . . . . . . . . . . 4 3.2 Calling Convention . . . . . . . . . . . . . . . . . . . . . . . . . . 53.2.1 Stack Frame Layout . . . . . . . . . . . . . . . . . . . . . 5 3.3 Exception Handling on x64 . . . . . . . . . . . . . . . . . . . . . 73.3.1 Exception Directory . . . . . . . . . . . . . . . . . . . . . 8 3.

资源推荐

资源详情

资源评论

In the spirit of giving for this season, I thought with all the excitement that I would put out a pre-release of memcached 1.4.4 for Windows 64-bit. This is a release based of my first successful ...

2，压缩包中是从github下载的aws-sdk-cpp-1.11.4编译后的可安装二次开发包，windows x86版本，包含以下内容： aws-cpp-sdk-core.dll（和其余dll） aws-cpp-sdk-core.lib （和其余lib） \include\aws（sdk头文件） 3...

Improving performance of tensor-based context-aware recommenders using Bias Tensor Factorization with context feature auto-encoding

In this paper, we focus on the problem of context-aware recommendation using tensor factorization. Tra- ditional tensor-based models in context-aware recommendation scenario only consider user-item-..

基于Qt 5实现串口调试助手，程序仅供参考，修改了之前十六进制接收0xA0--0xFF有误的问题，新增了窗口自适应（ui文件设置栅格），文件详情可看博客链接https://blog.csdn.net/m0_51294753/article/details/121405661。

【SystemVerilog】路科验证V2学习笔记（全600页）.pdf

5星 · 资源好评率100%

SystemVerilog的听课学习笔记，包括讲义截取、知识点记录、注意事项等细节的标注。目录如下：第一章 SV环境构建常识 1 1.1 数据类型 1 四、二值逻辑 4 定宽数组 9 foreach 13 动态数组 16 队列 19 关联数组 21 枚举类型 23 字符串 25 1.2 过程块和方法 27 initial和always 30 func

Improving Automated Analysis of

Windows x64 Binaries

April, 2006

skape

mmiller@hick.org

Contents

1 Foreword 2

2 Introduction 3

3 Background 4

3.1 PE32+ Image File Format . . . . . . . . . . . . . . . . . . . . . . 4

3.2 Calling Convention . . . . . . . . . . . . . . . . . . . . . . . . . . 5

3.2.1 Stack Frame Layout . . . . . . . . . . . . . . . . . . . . . 5

3.3 Exception Handling on x64 . . . . . . . . . . . . . . . . . . . . . 7

3.3.1 Exception Directory . . . . . . . . . . . . . . . . . . . . . 8

3.3.2 Unwind Information . . . . . . . . . . . . . . . . . . . . . 8

4 Analysis Techniques 11

4.1 Exception Directory Enumeration . . . . . . . . . . . . . . . . . . 11

4.1.1 Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

4.1.2 Stack Frame Annotation . . . . . . . . . . . . . . . . . . . 12

4.1.3 Exception Handlers . . . . . . . . . . . . . . . . . . . . . 15

4.2 Register Parameter Area Annotation . . . . . . . . . . . . . . . . 16

5 Conclusion 17

Chapter 1

Foreword

Abstract: As Windows x64 becomes a more prominent platform, it will become

necessary to develop techniques that improve the binary analysis proce ss . In

particular, automated techniques that can be performed prior to doing code or

data ﬂow analysis can be useful in getting a better understanding for how a

binary operates. To that point, this paper gives a brief explanation of some

of the changes that have been made to support Windows x64 binaries. From

there, a few basic techniques are illustrated that can be used to improve the

process of identifying functions, annotating their stack frames, and describing

their exception handler relationships. Source code to an example IDA plugin is

also included that shows how these techniques can be implemented.

Thanks: The author would like to thank bugcheck, sh0k, jt, spoonm, and

Skywing.

Update: The article in MSDN magazine by Matt Pietrek was published af-

ter this article was written. However, it contains a lot of useful information

and touches on many of the same topics that this article covers in the back-

ground chapter. The article can be found here:

http://msdn.microsoft.com/

msdnmag/issues/06/05/x64/default.aspx.

With that, on with the show. . .

剩余18页未读，继续阅读

评论收藏

内容反馈

资源评论

资源反馈

评论星级较低，若资源使用遇到问题可联系上传者，3个工作日内问题未解决可申请退款~

weixin_38641764

粉丝: 3
资源: 921

上传资源快速赚钱

我的内容管理展开

我的资源快来上传第一个资源

我的收益

登录查看自己的收益

我的积分登录查看自己的积分

我的C币登录后查看C币余额

我的收藏

我的下载

下载帮助

前往需求广场，查看用户热搜

Improving Automated Analysis of Windows x64 Binaries - Uninforme...

Uninformed v4a1 - Improving Automated Analysis of Windows x64 Binaries (2006)-计算机科学

Improving the Performance of an IP-over-P2P

memcached Windows 64-bit pre-release available!

Refactoring: Improving the Design of Existing Code

Improving-FRT-Capability-of-DFIG-Based-WT-Using-S_dfig fault rid

aws-sdk-cpp-1.11.4（x86-windows）

ALETHEIA__Improving_the_Usability_of_Static_Security_Analysis.pdf

refactoring-improving the design of existing code.pdf

Improving the dynamics of five-axis machining

Diskeeper 2008 v12.0.759.0

Improving Nested Loop Pipelining on Coarse-Grained Reconfigurable Architectures

improving-network-performance-in-multi-core-systems-paper

Refactoring: Improving the Design of Existing Code 第二版

Refactoring Improving The Design of Existing Code

Refactoring Improving the Design of Existing Code.pdf

Improving WS-Security Performance with a Template-Based Approach

Refactoring Improving The Design Of Existing Code

Improving neural networks by preventing co-adaptation of feature detectors

Improving performance of tensor-based context-aware recommenders using Bias Tensor Factorization with context feature auto-encoding

Improving the speed of neural networks on CPUs (37631)-计算机科学

Handbook of Research on Soft Computing and Nature-Inspired Algorithms

Refactoring(Improving the Design of Existing Code)

Python-ImprovingQuestionAnsweringoverIncompleteKBswithKnowledgeAwareReader论文的PyTorch实现

Refactoring - Improving the Design of Existing Code

Qt 5实现串口调试助手 （源工程文件、0积分下载）

【SystemVerilog】路科验证V2学习笔记（全600页）.pdf

最新资源

Qt 5实现串口调试助手（源工程文件、0积分下载）