Analysis of Software black box and white box
If you cannot obtain the source code file of the program, you can use the black box analysis and white box analysis methods.
Analyzes an executable program. Black box analysis cannot penetrate into the internal structure of executable programs.
Inbound and Outbound... To infer its internal working principle and process. While the white box analysis is through the software reverse analysis, can execute
Program inversion} l encoding, through the compilation code of the Study Program to determine its working principle and process.
The traditional black box analysis technology is easier to implement than m, and can quickly understand the general workflow of software.
.
Based on the traditional black box
The analysis method is difficult to accurately understand the software's working process and the secret information used.
Using white box analysis technology, by carefully reading the assembly code of the program
Analyze every operation of the software to obtain the overall workflow of the software and various confidential information used. However
It is also a weakness of white box analysis, that is, it is easy to get into details, it is difficult to establish a clear Software Workflow
And intuitive impressions. Then, we adopt a combination of black box analysis and white box analysis.
Complete, efficient and accurate analysis software.
In the white box analysis of the software, it mainly analyzes the binary code of the software.
It also includes two different analysis technologies,
Static Analysis Technology
Dynamic Analysis Technology
. Static analysis means no
Run the software, but only observe the analysis of the software's, _ hexadecimal code. This analysis does not involve the software running
Data that may be obtained from the outside is only a logical judgment.
The biggest advantage of static analysis is
Do not scan the running software's-hexadecimal code to obtain the function call relationship and divide the function.
Module, and analyze part of the data structure through some means, combined with manual analysis, so as to obtain
Overall architecture diagram. However, because the software is not a static entity, its behavior logical process depends on
Program input and output and external control, therefore, in the static analysis, we can
It is difficult in most cases to accurately judge the behavior of parts. In addition
It is impossible to implement all functions in the program code by calling and calling external library files. We also need to observe its calling
However, it is difficult to obtain the results of external function execution by using static analysis.
Dynamic analysis technology is the debugging technology generated to make up for the shortcomings of static analysis.
Run the program to be analyzed with the debugger, track and set breakpoints in one step, and observe the memory during the program running
And register and other data changes, study the specific behavior of the program. The dynamic analysis technology has the following advantages:
(L) The accuracy of instructions executed by the CPU ensures that the process of running the program is not manually analyzed.
The function logic of the program is incorrectly judged.
(2) abstract analysis can be performed at a higher level, that is, for a callback function call, without the need to analyze its specific implementation,
Instead, you only need to make it run and observe the changes in the result of the number of workers before and after the execution.
(3) Ask during the execution period to change program data or even instructions as needed to achieve more efficient analysis.
However, pure dynamic analysis also has some drawbacks: The program runs in the debugger, and the result may be unstable,
It may even cause a computer system crash. At the same time, dynamic analysis cannot analyze the overall picture of the entire program.
Program structure analysis cannot produce satisfactory results.
Therefore, we adopt a combination of dynamic analysis and static analysis to perform static analysis before running the program.
Module functions, and then perform dynamic debugging. In this way, we can keep watching
The structure of the software can be viewed dynamically by the hacker, which greatly improves the efficiency of Software Reverse Analysis.
Powered by zoundry