Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Analyzing Functions
Дальше: Enhancing Disassembly
. Four of these graphing options utilize cross-references...). To dig deeper, use WinGraph32’s zoom feature. You will find that graphs of large statically linked executables can become so cluttered that the graph is unusable. displays this type of graph for a single function. Notice how sub_4011f0 calls sub_401110, which then calls gethostbyname. This view can quickly tell you what a function does and what the functions do underneath it. This is the easiest way to get a quick overview of the function. 
Graphs a user-specified cross-reference graph
Use this option to build a custom graph. You can specify the graph’s recursive depth, the symbols used, the to or from symbol, and the types of nodes to exclude from the graph. This is the only way to modify graphs generated by IDA Pro for display in WinGraph32.
.). To dig deeper, use WinGraph32’s zoom feature. You will find that graphs of large statically linked executables can become so cluttered that the graph is unusable. displays this type of graph for a single function. Notice how
sub_4011f0 calls sub_401110, which then calls gethostbyname. This view can quickly tell you what a function does and what the functions do underneath it. This is the easiest way to get a quick overview of the function.Graphs a user-specified cross-reference graph
Use this option to build a custom graph. You can specify the graph’s recursive depth, the symbols used, the to or from symbol, and the types of nodes to exclude from the graph. This is the only way to modify graphs generated by IDA Pro for display in WinGraph32.
Назад: Analyzing Functions
Дальше: Enhancing Disassembly
Войти в систему
Войти с помощью соц. сетей:
