Uninformed: Informative Information for the Uninformed

Vol 4» 2006.Jun


This paper has presented a few basic approaches that can be used to extract useful information from an x64 binary for the purpose of analysis. By analyzing the unwind information associated with functions, it is possible to get a better understanding for how a function's stack frame is laid out. Furthermore, the unwind information makes it possible to describe the relationship between a function and its exception handler(s). Looking toward the future, x64 is likely to become the standard architecture given Microsoft's adoption of it as their primary architecture. With this in mind, coming up with techniques to better automate the binary analysis process will become more necessary.