smda icon indicating copy to clipboard operation
smda copied to clipboard
verified publisher icon danielplohmann

Does it handle indirect jumps?

Open MJChku opened this issue 4 years ago • 2 comments

I am building a Value Set Analysis on top of this, but first question is does it handle indirect jumps, if so, how? Thanks!

MJChku avatar Nov 12 '21 00:11 MJChku

Another question is does it handle shared library like libc.so ? If I want to include shared library, how can I do that?

MJChku avatar Nov 12 '21 06:11 MJChku

Hi!

Yes, SMDA has (limited) support for recovery of indirect call targets. This is based on heuristical backtracking and implemented here in IndirectCallAnalyzer. Since it does not do proper dataflow analysis, there's a chance it will miss some more elaborate constructs of indirect jumps/calls.

For the second question: As long as the binary under analysis has dynamic linking to a target like libc, those references should be resolved as and show up within the functions using them. It's not possible as of now to load multiple buffers into a single, more intricate compound memory layout like e.g. IDA Pro allows.

Generally, if you intend to do primarily analysis of ELF files, I can recommend going with Ghidra, which appears to excel at those. SMDA is primarily targeting memory dumps of Windows PE files. Hope that helps!

danielplohmann avatar Nov 15 '21 17:11 danielplohmann