sản lượng sau đây được cải thiện tháo gỡ mà chúng ta ít có khả năng để lãng phí thời gian phân tích bất kỳ của ba chức năng được gọi tôi đã không được làm thế nào để xác định chính xác tập tin thư viện tĩnh để sử dụng khi tạo ra các tập tin của bạn IDA sig. | Gray Hat Hacking The Ethical Hacker s Handbook 318 .text 0804874B mov .text 0804874E push .text 08048750 call .text 08048755 add eax ebp arg_0 dword ptr eax sub_8057850 esp 10h yields the following improved disassembly in which we are far less likely to waste time analyzing any of the three functions that are called. text 0804872C push text 0804872D mov text 0804872F sub text 08048732 call text 08048737 mov text 0804873A call text 0804873F mov text 08048742 sub text 08048745 mov text 08048748 push text 0804874B mov text 0804874E push text 08048750 Call text 08048755 add ebp ebp esp esp 18h sys_getuid ebp var_4 eax sys_getgid ebp var_8 eax esp 8 eax ebp arg_0 dword ptr eax 0Ch eax ebp arg_0 dword ptr eax _initgroups esp 10h We have not covered how to identify exactly which static library files to use when generating your IDA sig files. It is safe to assume that statically linked C programs are linked against the static C library. To generate accurate signatures it is important to track down a version of the library that closely matches the one with which the binary was linked. Here some file and strings analysis can assist in narrowing the field of operating systems that the binary may have been compiled on. The file utility can distinguish among various platforms such as Linux FreeBSD or OS X and the strings utility can be used to search for version strings that may point to the compiler or libc version that was used. Armed with that information you can attempt to locate the appropriate libraries from a matching system. If the binary was linked with more than one static library additional strings analysis may be required to identify each additional library. Useful things to look for in strings output include copyright notices version strings usage instructions or other unique messages that could be thrown into a search engine in an attempt to identify each additional library. By identifying as many libraries as possible and applying their signatures you .