As Windows x64 becomes a more prominent platform, it will become necessary to develop techniques that improve the binary analysis process. In particular, automated techniques that can be performed prior to doing code or data flow analysis can be useful in getting a better understanding for how a binary operates.
To that point, this paper gives a brief explanation of some of the changes that have been made to support Windows x64 binaries. From there, a few basic techniques are illustrated that can be used to improve the process of identifying functions, annotating their stack frames, and describing their exception handler relationships. Source code to an example IDA plugin is also included that shows how these techniques can be implemented.
The demand for techniques that can be used to improve the analysis process of Windows x64 binaries will only increase as the Windows x64 platform becomes more accepted and used in the market place. There is a deluge of useful information surrounding techniques that can be used to perform code and data flow analysis that is also applicable to the x64 architecture.Read Full Story