shows a code cross-reference at ❶ that tells us that this function (sub_401000) is called from inside the main function at offset 0x3 into the main function. The code cross-reference for the jump at ❷ tells us which jump takes us to this location, which in this example corresponds to the location marked at ❸. We know this because at offset 0x19 into sub_401000 is the jmp at memory address 0x401019.

, which shows a list of cross-references for sub_408980, you can see that this function is called 64 times (“Line 1 of 64”).

. For example, you can see the data cross-reference to the DWORD 0x7F000001 at ❶. The corresponding cross-reference tells us that this data is used in the function located at 0x401020. The following line shows a data cross-reference for the string <Hostname> <Port>.

that the static analysis of strings can often be used as a starting point for your analysis. If you see an interesting string, use IDA Pro’s cross-reference feature to see exactly where and how that string is used within the code.

Назад: The IDA Pro Interface

Дальше: Analyzing Functions

Отправить

sss

sss

×

Войти в систему

Войти с помощью соц. сетей: