At this point, we should have a lab set up, a good grasp of IA32 and IA64, and a methodology we can use, and we should be familiar with some of the tools we can use for analysis. It's time we put all of that introductory knowledge to good use and analyze our first binary. We'll keep this one simply because I really want us to focus on recognizing and reading the disassembled binary. Without giving too much away, we will see right away where some of our tools will fall short in their output and how to recognize their shortcomings. From this point on, we will use our methodology and associated tools to accomplish each phase of analysis. If there is something that isn't clear in the writing or your output, use that as an opportunity to really learn by doing extra research on your own until you understand whatever was unclear.

I realize that I already gave away the functionality of the binary we're going to analyze. Because of that, we can eliminate some of the phases in our methodology and will adjust it accordingly. For example, the iteration phase isn't really necessary since there is only one binary we're going to analyze, and, as you will see, this is a straightforward analysis example. The following list explains the breakout of recipes for this chapter, which closely aligns with the binary analysis methodology we discussed in Chapter 4, Creating a Binary Analysis Methodology.

We will cover the following recipes in this chapter:

• Performing discovery
• Gathering information
• Performing static analysis
• Using ltrace and strace
• Using GDB for dynamic analysis
• Finishing dynamic analysis