.I'd like to get some input from the more experienced guys around here about how to go about reversing/auditing large binaries. I'm not the most noobish, though still a noob :), but honestly I get a little intimidated by large projects, for example the patches released for Outlook 2007 last patch Tuesday modified 15 or so files. To really examine this, even with great tools like bindiff seems a monumental task just to be able to find the bug, be able to craft some countermeasures, and have a good idea of whatever else was fixed.
I'm sure that with experience comes more speed, but I'd like some advice of good techniques/strategies for looking at this large files (or groups of them). Do you focus on data flow, tracing down from input points, etc?
Thanks for any advice
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}