The hopper disassembler can be found here http://hopperapp.com/download.html
Hopper is a tool that will assist developer in static analysis of the binary file.
The demo version is quite good for some initial investigation of the binary.
the idea of hopper is that it accepts a set of bytes and coverts into something readable by humans
There are various types that can be used in hopper. they are below
data : an area is set to data type when Hopper thinks that it is an area that represents a constant, like an array of int for instance
ASCII : a NULL terminated C string
code : an instruction
procedure: a byte receive this type once it has been determined that it is part of a method that has been successfully reconstructed by Hopper.
undefined : this is an area that have not been explored by Hopper.
As soon as an executable is loaded, one can manually change the type, by using either they keyboard, or the toolbar on the top of the window.
D | A | C | P | U
Navigating through the file
An executable is split up into smaller piece of data called segments and sections.
When OS loads an executable, some part of it get loaded to system memory. Each continuous piece of the file mapped into memory is called segments. These segments are splitted into smaller parts called sections which will receive various access properties.
The hopper allows user to name an address so that the piece of code can be identified using the label within the binary file.
The tool provides a Navigation bar which shows up the colour scheme. blue for code, yellow for procedure, green for ASCII strings, purple for data, grey for undefined.
There is an inspector component which shows below main components
1. Instruction Encoding -> This component display the bytes of the current instruction. If the current processor is having multiple CPU types, user will see popup menu which lets the user to change the CPU modes at the current address. Different cpu types are ARM And Thumb.
Format: This component is used to change the display format of the operand of an instruction
Comment : This component allows user to add comment at a given address.
Colors and Tags: This component allows user to associate tags to addresses, block of procedure, or procedure itself.
References: This is very important component. This shows all the references one instruction can have to other instructions or a piece of data. User can even add own reference too if hopper analysis did not add a reference.
Procedure: This component contains information on the current procedure.
References:
No comments:
Post a Comment