Chapter 7. Walkthrough Four

Solutions in this chapter:

  • Tracing Execution Flow from a Read Event

  • Determining the Structure of a Protocol

  • Determining if the Protocol has any Undocumented Messages

  • Use IDA to Determine the Functions that Process a Particular Message

The Protocol Problem

It’s not uncommon to be presented with an executable where the protocol is either partially unknown or completely unknown. As a reverse engineer, it’s your job to either figure out the protocol for compatibility or to check a program for any hidden features that may cause security problems. In this chapter we’ll cover tracking a protocol through a binary and recovering its message structure.

Protocol Structure

Most protocols are streams of discrete messages meant to be interpreted ...

Get Reverse Engineering Code with IDA Pro now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial