Modules
The largest building block for a program is the module. Modules are simply
binary files that contain isolated areas of a program’s executable (essentially
the component boxes from our previous discussion). There are two basic types
of modules that can be combined together to make a program: static libraries
and dynamic libraries.
■■ Static libraries: Static libraries make up a group of source-code files
that are built together and represent a certain component of a program.
Logically, static libraries usually represent a feature or an area of func-
tionality in the program. Frequently, a static library is not an integral
part of the product that’s being developed but rather an external, third-
party library that adds certain functionality to it. Static libraries are
added to a program while it is being built, and they become an integral
part of the program’s binaries. They are difficult to make out and iso-
late when we look at the program from a low-level perspective while
reversing.
■■ Dynamic libraries: Dynamic libraries (called Dynamic Link Libraries, or
DLLs in Windows) are similar to static libraries, except that they are not
embedded into the program, and they remain in a separate file, even
when the program is shipped to the end user. A dynamic library allows
for upgrading individual components in a program without updating
the entire program. As long as the interface it exports remains constant,
a library can (at least in theory) be replaced seamlessly—without
upgrading any other components in the program. An upgraded library
would usually contain improved code, or even entirely different func-
tionality through the same interface. Dynamic libraries are very easy to
detect while reversing, and the interfaces between them often simplify
the reversing process because they provide helpful hints regarding the
program’s architecture.Common Code Constructs
There are two basic code-level constructs that are considered the most funda-
mental building blocks for a program. These are procedures and objects.
In terms of code structure, the procedure is the most fundamental unit in soft-
ware. A procedure is a piece of code, usually with a well-defined purpose, that
can be invoked by other areas in the program. Procedures can optionally
receive input data from the caller and return data to the caller. Procedures
are the most commonly used form of encapsulation in any programming
language.28 Chapter 2